CINXE.COM

<!doctype html><html lang="en"><head><title data-rh="true">V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals | by Amy L. Robertson | MITRE ATT&CK® | Oct, 2024 | Medium</title><meta data-rh="true" charset="utf-8"/><meta data-rh="true" name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1,maximum-scale=1"/><meta data-rh="true" name="theme-color" content="#000000"/><meta data-rh="true" name="twitter:app:name:iphone" content="Medium"/><meta data-rh="true" name="twitter:app:id:iphone" content="828256236"/><meta data-rh="true" property="al:ios:app_name" content="Medium"/><meta data-rh="true" property="al:ios:app_store_id" content="828256236"/><meta data-rh="true" property="al:android:package" content="com.medium.reader"/><meta data-rh="true" property="fb:app_id" content="542599432471018"/><meta data-rh="true" property="og:site_name" content="Medium"/><meta data-rh="true" property="og:type" content="article"/><meta data-rh="true" property="article:published_time" content="2024-10-31T19:50:19.250Z"/><meta data-rh="true" name="title" content="V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals | by Amy L. Robertson | MITRE ATT&CK® | Oct, 2024 | Medium"/><meta data-rh="true" property="og:title" content="v16 Cloud Rebalancing, Analytics,"/><meta data-rh="true" property="al:android:url" content="medium://p/561c76af94cf"/><meta data-rh="true" property="al:ios:url" content="medium://p/561c76af94cf"/><meta data-rh="true" property="al:android:app_name" content="Medium"/><meta data-rh="true" name="description" content="Fine-tuned cloud coverage, optimized defense with added analytics, expanded existing techniques/groups, and introduced new behaviors & groups."/><meta data-rh="true" property="og:description" content="Fine-tuned cloud coverage, optimized defense with more analytics, expanded existing techniques/groups, and introduced new behaviors &…"/><meta data-rh="true" property="og:url" content="https://medium.com/mitre-attack/attack-v16-561c76af94cf"/><meta data-rh="true" property="al:web:url" content="https://medium.com/mitre-attack/attack-v16-561c76af94cf"/><meta data-rh="true" property="og:image" content="https://miro.medium.com/v2/resize:fit:1200/1*YEpt4gwe_KcB6O3mGJAzLA.png"/><meta data-rh="true" property="article:author" content="https://medium.com/@arobertson_79988"/><meta data-rh="true" name="author" content="Amy L. Robertson"/><meta data-rh="true" name="robots" content="index,noarchive,follow,max-image-preview:large"/><meta data-rh="true" name="referrer" content="unsafe-url"/><meta data-rh="true" property="twitter:title" content="v16 Cloud Rebalancing, Analytics,"/><meta data-rh="true" name="twitter:site" content="@mitreattack"/><meta data-rh="true" name="twitter:app:url:iphone" content="medium://p/561c76af94cf"/><meta data-rh="true" property="twitter:description" content="Fine-tuned cloud coverage, optimized defense with more analytics, expanded existing techniques/groups, and introduced new behaviors &…"/><meta data-rh="true" name="twitter:image:src" content="https://miro.medium.com/v2/resize:fit:1200/1*YEpt4gwe_KcB6O3mGJAzLA.png"/><meta data-rh="true" name="twitter:card" content="summary_large_image"/><meta data-rh="true" name="twitter:label1" content="Reading time"/><meta data-rh="true" name="twitter:data1" content="6 min read"/><link data-rh="true" rel="icon" href="https://miro.medium.com/v2/5d8de952517e8160e40ef9841c781cdc14a5db313057fa3c3de41c6f5b494b19"/><link data-rh="true" rel="search" type="application/opensearchdescription+xml" title="Medium" href="/osd.xml"/><link data-rh="true" rel="apple-touch-icon" sizes="152x152" href="https://miro.medium.com/v2/resize:fill:304:304/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="apple-touch-icon" sizes="120x120" href="https://miro.medium.com/v2/resize:fill:240:240/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="apple-touch-icon" sizes="76x76" href="https://miro.medium.com/v2/resize:fill:152:152/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="apple-touch-icon" sizes="60x60" href="https://miro.medium.com/v2/resize:fill:120:120/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="mask-icon" href="https://miro.medium.com/v2/resize:fill:1000:1000/7*GAOKVe--MXbEJmV9230oOQ.png" color="#171717"/><link data-rh="true" rel="preconnect" href="https://glyph.medium.com" crossOrigin=""/><link data-rh="true" id="glyph_preload_link" rel="preload" as="style" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" id="glyph_link" rel="stylesheet" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" rel="author" href="https://medium.com/@arobertson_79988"/><link data-rh="true" rel="canonical" href="https://medium.com/mitre-attack/attack-v16-561c76af94cf"/><link data-rh="true" rel="alternate" href="android-app://com.medium.reader/https/medium.com/p/561c76af94cf"/><script data-rh="true" type="application/ld+json">{"@context":"http:\u002F\u002Fschema.org","@type":"NewsArticle","image":["https:\u002F\u002Fmiro.medium.com\u002Fv2\u002Fresize:fit:1200\u002F1*YEpt4gwe_KcB6O3mGJAzLA.png"],"url":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v16-561c76af94cf","dateCreated":"2024-10-31T15:43:23.724Z","datePublished":"2024-10-31T15:43:23.724Z","dateModified":"2024-11-14T06:43:34.564Z","headline":"V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals","name":"V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals","description":"Fine-tuned cloud coverage, optimized defense with added analytics, expanded existing techniques\u002Fgroups, and introduced new behaviors & groups.","identifier":"561c76af94cf","author":{"@type":"Person","name":"Amy L. Robertson","url":"https:\u002F\u002Fmedium.com\u002F@arobertson_79988"},"creator":["Amy L. Robertson"],"publisher":{"@type":"Organization","name":"MITRE ATT&CK®","url":"https:\u002F\u002Fmedium.com\u002Fmitre-attack","logo":{"@type":"ImageObject","width":291,"height":60,"url":"https:\u002F\u002Fmiro.medium.com\u002Fv2\u002Fresize:fit:582\u002F1*8epIYX1PfgfnVfDYfZ5loQ.png"}},"mainEntityOfPage":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v16-561c76af94cf"}</script><style type="text/css" data-fela-rehydration="545" data-fela-type="STATIC">html{box-sizing:border-box;-webkit-text-size-adjust:100%}*, *:before, *:after{box-sizing:inherit}body{margin:0;padding:0;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;color:rgba(0,0,0,0.8);position:relative;min-height:100vh}h1, h2, h3, h4, h5, h6, dl, dd, ol, ul, menu, figure, blockquote, p, pre, form{margin:0}menu, ol, ul{padding:0;list-style:none;list-style-image:none}main{display:block}a{color:inherit;text-decoration:none}a, button, input{-webkit-tap-highlight-color:transparent}img, svg{vertical-align:middle}button{background:transparent;overflow:visible}button, input, optgroup, select, textarea{margin:0}:root{--reach-tabs:1;--reach-menu-button:1}#speechify-root{font-family:Sohne, sans-serif}div[data-popper-reference-hidden="true"]{visibility:hidden;pointer-events:none}.grecaptcha-badge{visibility:hidden} /*XCode style (c) Angel Garcia <angelgarcia.mail@gmail.com>*/.hljs {background: #fff;color: black; }/* Gray DOCTYPE selectors like WebKit */ .xml .hljs-meta {color: #c0c0c0; }.hljs-comment, .hljs-quote {color: #007400; }.hljs-tag, .hljs-attribute, .hljs-keyword, .hljs-selector-tag, .hljs-literal, .hljs-name {color: #aa0d91; }.hljs-variable, .hljs-template-variable {color: #3F6E74; }.hljs-code, .hljs-string, .hljs-meta .hljs-string {color: #c41a16; }.hljs-regexp, .hljs-link {color: #0E0EFF; }.hljs-title, .hljs-symbol, .hljs-bullet, .hljs-number {color: #1c00cf; }.hljs-section, .hljs-meta {color: #643820; }.hljs-title.class_, .hljs-class .hljs-title, .hljs-type, .hljs-built_in, .hljs-params {color: #5c2699; }.hljs-attr {color: #836C28; }.hljs-subst {color: #000; }.hljs-formula {background-color: #eee;font-style: italic; }.hljs-addition {background-color: #baeeba; }.hljs-deletion {background-color: #ffc8bd; }.hljs-selector-id, .hljs-selector-class {color: #9b703f; }.hljs-doctag, .hljs-strong {font-weight: bold; }.hljs-emphasis {font-style: italic; } </style><style type="text/css" data-fela-rehydration="545" data-fela-type="KEYFRAME">@-webkit-keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}@-moz-keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}@keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE">.a{font-family:medium-content-sans-serif-font, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif}.b{font-weight:400}.c{background-color:rgba(255, 255, 255, 1)}.l{display:block}.m{position:sticky}.n{top:0}.o{z-index:500}.p{padding:0 24px}.q{align-items:center}.r{border-bottom:solid 1px #F2F2F2}.y{height:41px}.z{line-height:20px}.ab{display:flex}.ac{height:57px}.ae{flex:1 0 auto}.af{color:inherit}.ag{fill:inherit}.ah{font-size:inherit}.ai{border:inherit}.aj{font-family:inherit}.ak{letter-spacing:inherit}.al{font-weight:inherit}.am{padding:0}.an{margin:0}.ao{cursor:pointer}.ap:disabled{cursor:not-allowed}.aq:disabled{color:#6B6B6B}.ar:disabled{fill:#6B6B6B}.au{width:auto}.av path{fill:#242424}.aw{height:25px}.ax{margin-left:16px}.ay{border:none}.az{border-radius:20px}.ba{width:240px}.bb{background:#F9F9F9}.bc path{fill:#6B6B6B}.be{outline:none}.bf{font-family:sohne, "Helvetica Neue", Helvetica, Arial, sans-serif}.bg{font-size:14px}.bh{width:100%}.bi{padding:10px 20px 10px 0}.bj{background-color:transparent}.bk{color:#242424}.bl::placeholder{color:#6B6B6B}.bm{display:inline-block}.bn{margin-left:12px}.bo{margin-right:12px}.bp{border-radius:4px}.bq{margin-left:24px}.br{height:24px}.bx{background-color:#F9F9F9}.by{border-radius:50%}.bz{height:32px}.ca{width:32px}.cb{justify-content:center}.ch{max-width:680px}.ci{min-width:0}.cj{animation:k1 1.2s ease-in-out infinite}.ck{height:100vh}.cl{margin-bottom:16px}.cm{margin-top:48px}.cn{align-items:flex-start}.co{flex-direction:column}.cp{justify-content:space-between}.cq{margin-bottom:24px}.cw{width:80%}.cx{background-color:#F2F2F2}.dd{height:44px}.de{width:44px}.df{margin:auto 0}.dg{margin-bottom:4px}.dh{height:16px}.di{width:120px}.dj{width:80px}.dp{margin-bottom:8px}.dq{width:96%}.dr{width:98%}.ds{width:81%}.dt{margin-left:8px}.du{color:#6B6B6B}.dv{font-size:13px}.dw{height:100%}.ep{color:#FFFFFF}.eq{fill:#FFFFFF}.er{background:rgba(218, 78, 42, 1)}.es{border-color:rgba(218, 78, 42, 1)}.ew:disabled{cursor:inherit !important}.ex:disabled{opacity:0.3}.ey:disabled:hover{background:rgba(218, 78, 42, 1)}.ez:disabled:hover{border-color:rgba(218, 78, 42, 1)}.fa{border-radius:99em}.fb{border-width:1px}.fc{border-style:solid}.fd{box-sizing:border-box}.fe{text-decoration:none}.ff{text-align:center}.fi{margin-right:32px}.fj{position:relative}.fk{fill:#6B6B6B}.fn{background:transparent}.fo svg{margin-left:4px}.fp svg{fill:#6B6B6B}.fr{box-shadow:inset 0 0 0 1px rgba(0, 0, 0, 0.05)}.fs{position:absolute}.fz{margin:0 24px}.gd{background:rgba(255, 255, 255, 1)}.ge{border:1px solid #F2F2F2}.gf{box-shadow:0 1px 4px #F2F2F2}.gg{max-height:100vh}.gh{overflow-y:auto}.gi{left:0}.gj{top:calc(100vh + 100px)}.gk{bottom:calc(100vh + 100px)}.gl{width:10px}.gm{pointer-events:none}.gn{word-break:break-word}.go{word-wrap:break-word}.gp:after{display:block}.gq:after{content:""}.gr:after{clear:both}.gs{margin-left:auto}.gt{margin-right:auto}.gu{max-width:1242px}.ha{clear:both}.hc{cursor:zoom-in}.hd{z-index:auto}.hf{max-width:100%}.hg{height:auto}.hh{line-height:1.23}.hi{letter-spacing:0}.hj{font-style:normal}.hk{font-weight:700}.ip{align-items:baseline}.iq{width:48px}.ir{height:48px}.is{border:2px solid rgba(255, 255, 255, 1)}.it{z-index:0}.iu{box-shadow:none}.iv{border:1px solid rgba(0, 0, 0, 0.05)}.iw{margin-left:-12px}.ix{width:28px}.iy{height:28px}.iz{z-index:1}.ja{width:24px}.jb{margin-bottom:2px}.jc{flex-wrap:nowrap}.jd{font-size:16px}.je{line-height:24px}.jg{margin:0 8px}.jh{display:inline}.ji{color:rgba(218, 78, 42, 1)}.jj{fill:rgba(218, 78, 42, 1)}.jm{flex:0 0 auto}.jp{flex-wrap:wrap}.js{white-space:pre-wrap}.jt{margin-right:4px}.ju{overflow:hidden}.jv{max-height:20px}.jw{text-overflow:ellipsis}.jx{display:-webkit-box}.jy{-webkit-line-clamp:1}.jz{-webkit-box-orient:vertical}.ka{word-break:break-all}.kc{padding-left:8px}.kd{padding-right:8px}.le> *{flex-shrink:0}.lf{overflow-x:scroll}.lg::-webkit-scrollbar{display:none}.lh{scrollbar-width:none}.li{-ms-overflow-style:none}.lj{width:74px}.lk{flex-direction:row}.ll{z-index:2}.lo{-webkit-user-select:none}.lp{border:0}.lq{fill:rgba(117, 117, 117, 1)}.lt{outline:0}.lu{user-select:none}.lv> svg{pointer-events:none}.me{cursor:progress}.mf{opacity:1}.mg{padding:4px 0}.mj{margin-top:0px}.mk{width:16px}.mm{display:inline-flex}.ms{padding:8px 2px}.mt svg{color:#6B6B6B}.nk{line-height:1.58}.nl{letter-spacing:-0.004em}.nm{font-family:source-serif-pro, Georgia, Cambria, "Times New Roman", Times, serif}.oh{margin-bottom:-0.46em}.oi{font-style:italic}.oj{text-decoration:underline}.ok{line-height:1.12}.ol{letter-spacing:-0.022em}.om{font-weight:600}.ph{margin-bottom:-0.28em}.pi{line-height:1.18}.pw{margin-bottom:-0.31em}.qc{list-style-type:disc}.qd{margin-left:30px}.qe{padding-left:0px}.qk{margin-top:32px}.ql{margin-bottom:14px}.qm{padding-top:24px}.qn{padding-bottom:10px}.qo{background-color:#000000}.qp{height:3px}.qq{width:3px}.qr{margin-right:20px}.qx{margin-bottom:26px}.qy{margin-top:6px}.qz{margin-top:8px}.ra{margin-right:8px}.rb{padding:8px 16px}.rc{border-radius:100px}.rd{transition:background 300ms ease}.rf{white-space:nowrap}.rg{border-top:none}.rm{height:52px}.rn{max-height:52px}.ro{box-sizing:content-box}.rp{position:static}.rr{max-width:155px}.sc{margin-bottom:48px}.sq{border-radius:2px}.ss{height:64px}.st{width:64px}.su{align-self:flex-end}.sv{flex:1 1 auto}.tb{padding-right:4px}.tc{font-weight:500}.tj{margin-top:16px}.tk{color:rgba(255, 255, 255, 1)}.tl{fill:rgba(255, 255, 255, 1)}.tm{background:rgba(25, 25, 25, 1)}.tn{border-color:rgba(25, 25, 25, 1)}.tq:disabled{opacity:0.1}.tr:disabled:hover{background:rgba(25, 25, 25, 1)}.ts:disabled:hover{border-color:rgba(25, 25, 25, 1)}.tt{height:0px}.tu{border-bottom:solid 1px #E5E5E5}.tv{margin-top:56px}.tw{margin-top:72px}.tx{padding:24px 0}.ty{margin-bottom:0px}.tz{margin-right:16px}.as:hover:not(:disabled){color:rgba(25, 25, 25, 1)}.at:hover:not(:disabled){fill:rgba(25, 25, 25, 1)}.et:hover{background:rgba(185, 70, 40, 1)}.eu:hover{border-color:rgba(185, 70, 40, 1)}.ev:hover{cursor:pointer}.fl:hover{color:#242424}.fm:hover{fill:#242424}.fq:hover svg{fill:#242424}.ft:hover{background-color:rgba(0, 0, 0, 0.1)}.jf:hover{text-decoration:underline}.jk:hover:not(:disabled){color:rgba(185, 70, 40, 1)}.jl:hover:not(:disabled){fill:rgba(185, 70, 40, 1)}.ls:hover{fill:rgba(8, 8, 8, 1)}.mh:hover{fill:#000000}.mi:hover p{color:#000000}.ml:hover{color:#000000}.mu:hover svg{color:#000000}.re:hover{background-color:#F2F2F2}.sr:hover{background-color:none}.to:hover{background:#000000}.tp:hover{border-color:#242424}.bd:focus-within path{fill:#242424}.he:focus{transform:scale(1.01)}.lr:focus{fill:rgba(8, 8, 8, 1)}.mv:focus svg{color:#000000}.lw:active{border-style:none}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (min-width: 1080px)">.d{display:none}.bw{width:64px}.cg{margin:0 64px}.cv{height:48px}.dc{margin-bottom:52px}.do{margin-bottom:48px}.ef{font-size:14px}.eg{line-height:20px}.em{font-size:13px}.eo{padding:5px 12px}.fh{display:flex}.fy{margin-bottom:68px}.gc{max-width:680px}.gz{margin-top:40px}.if{font-size:42px}.ig{margin-top:1em}.ih{margin-bottom:32px}.ii{line-height:52px}.ij{letter-spacing:-0.011em}.io{align-items:center}.kq{border-top:solid 1px #F2F2F2}.kr{border-bottom:solid 1px #F2F2F2}.ks{margin:32px 0 0}.kt{padding:3px 8px}.lc> *{margin-right:24px}.ld> :last-child{margin-right:0}.md{margin-top:0px}.mr{margin:0}.od{font-size:20px}.oe{margin-top:2.14em}.of{line-height:32px}.og{letter-spacing:-0.003em}.pd{font-size:24px}.pe{margin-top:1.95em}.pf{line-height:30px}.pg{letter-spacing:-0.016em}.pt{margin-top:1.72em}.pu{line-height:24px}.pv{letter-spacing:0}.qb{margin-top:0.94em}.qj{margin-top:1.14em}.qw{margin-top:1.25em}.rl{margin-bottom:88px}.rw{display:inline-block}.sb{padding-top:72px}.sd{flex-direction:row}.sg{margin-bottom:0}.sh{margin-right:20px}.sw{max-width:500px}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (max-width: 1079.98px)">.e{display:none}.mc{margin-top:0px}.rv{display:inline-block}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (max-width: 903.98px)">.f{display:none}.mb{margin-top:0px}.ru{display:inline-block}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (max-width: 727.98px)">.g{display:none}.lz{margin-top:0px}.ma{margin-right:0px}.rt{display:inline-block}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (max-width: 551.98px)">.h{display:none}.s{display:flex}.t{justify-content:space-between}.bs{width:24px}.cc{margin:0 24px}.cr{height:40px}.cy{margin-bottom:44px}.dk{margin-bottom:32px}.dx{font-size:13px}.dy{line-height:20px}.eh{padding:0px 8px 1px}.fu{margin-bottom:4px}.gv{margin-top:32px}.hl{font-size:32px}.hm{margin-top:1.01em}.hn{margin-bottom:24px}.ho{line-height:38px}.hp{letter-spacing:-0.014em}.ik{align-items:flex-start}.jn{flex-direction:column}.jq{margin-bottom:2px}.ke{margin:24px -24px 0}.kf{padding:0}.ku> *{margin-right:8px}.kv> :last-child{margin-right:24px}.lm{margin-left:0px}.lx{margin-top:0px}.ly{margin-right:0px}.mn{margin:0}.mw{border:1px solid #F2F2F2}.mx{border-radius:99em}.my{padding:0px 16px 0px 12px}.mz{height:38px}.na{align-items:center}.nc svg{margin-right:8px}.nn{font-size:18px}.no{margin-top:1.56em}.np{line-height:28px}.nq{letter-spacing:-0.003em}.on{font-size:20px}.oo{margin-top:1.2em}.op{line-height:24px}.oq{letter-spacing:0}.pj{font-size:16px}.pk{margin-top:1.23em}.px{margin-top:0.67em}.qf{margin-top:1.34em}.qs{margin-top:0.93em}.rh{margin-bottom:80px}.rs{display:inline-block}.rx{padding-top:48px}.so{margin-bottom:20px}.sp{margin-right:0}.ta{max-width:100%}.td{font-size:24px}.te{line-height:30px}.tf{letter-spacing:-0.016em}.nb:hover{border-color:#E5E5E5}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (min-width: 904px) and (max-width: 1079.98px)">.i{display:none}.bv{width:64px}.cf{margin:0 64px}.cu{height:48px}.db{margin-bottom:52px}.dn{margin-bottom:48px}.ed{font-size:14px}.ee{line-height:20px}.ek{font-size:13px}.el{padding:5px 12px}.fg{display:flex}.fx{margin-bottom:68px}.gb{max-width:680px}.gy{margin-top:40px}.ia{font-size:42px}.ib{margin-top:1em}.ic{margin-bottom:32px}.id{line-height:52px}.ie{letter-spacing:-0.011em}.in{align-items:center}.km{border-top:solid 1px #F2F2F2}.kn{border-bottom:solid 1px #F2F2F2}.ko{margin:32px 0 0}.kp{padding:3px 8px}.la> *{margin-right:24px}.lb> :last-child{margin-right:0}.mq{margin:0}.nz{font-size:20px}.oa{margin-top:2.14em}.ob{line-height:32px}.oc{letter-spacing:-0.003em}.oz{font-size:24px}.pa{margin-top:1.95em}.pb{line-height:30px}.pc{letter-spacing:-0.016em}.pq{margin-top:1.72em}.pr{line-height:24px}.ps{letter-spacing:0}.qa{margin-top:0.94em}.qi{margin-top:1.14em}.qv{margin-top:1.25em}.rk{margin-bottom:88px}.sa{padding-top:72px}.se{flex-direction:row}.si{margin-bottom:0}.sj{margin-right:20px}.sx{max-width:500px}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (min-width: 728px) and (max-width: 903.98px)">.j{display:none}.w{display:flex}.x{justify-content:space-between}.bu{width:64px}.ce{margin:0 48px}.ct{height:48px}.da{margin-bottom:52px}.dm{margin-bottom:48px}.eb{font-size:13px}.ec{line-height:20px}.ej{padding:0px 8px 1px}.fw{margin-bottom:68px}.ga{max-width:680px}.gx{margin-top:40px}.hv{font-size:42px}.hw{margin-top:1em}.hx{margin-bottom:32px}.hy{line-height:52px}.hz{letter-spacing:-0.011em}.im{align-items:center}.ki{border-top:solid 1px #F2F2F2}.kj{border-bottom:solid 1px #F2F2F2}.kk{margin:32px 0 0}.kl{padding:3px 8px}.ky> *{margin-right:24px}.kz> :last-child{margin-right:0}.mp{margin:0}.nv{font-size:20px}.nw{margin-top:2.14em}.nx{line-height:32px}.ny{letter-spacing:-0.003em}.ov{font-size:24px}.ow{margin-top:1.95em}.ox{line-height:30px}.oy{letter-spacing:-0.016em}.pn{margin-top:1.72em}.po{line-height:24px}.pp{letter-spacing:0}.pz{margin-top:0.94em}.qh{margin-top:1.14em}.qu{margin-top:1.25em}.rj{margin-bottom:88px}.rz{padding-top:72px}.sf{flex-direction:row}.sk{margin-bottom:0}.sl{margin-right:20px}.sy{max-width:500px}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="all and (min-width: 552px) and (max-width: 727.98px)">.k{display:none}.u{display:flex}.v{justify-content:space-between}.bt{width:24px}.cd{margin:0 24px}.cs{height:40px}.cz{margin-bottom:44px}.dl{margin-bottom:32px}.dz{font-size:13px}.ea{line-height:20px}.ei{padding:0px 8px 1px}.fv{margin-bottom:4px}.gw{margin-top:32px}.hq{font-size:32px}.hr{margin-top:1.01em}.hs{margin-bottom:24px}.ht{line-height:38px}.hu{letter-spacing:-0.014em}.il{align-items:flex-start}.jo{flex-direction:column}.jr{margin-bottom:2px}.kg{margin:24px 0 0}.kh{padding:0}.kw> *{margin-right:8px}.kx> :last-child{margin-right:8px}.ln{margin-left:0px}.mo{margin:0}.nd{border:1px solid #F2F2F2}.ne{border-radius:99em}.nf{padding:0px 16px 0px 12px}.ng{height:38px}.nh{align-items:center}.nj svg{margin-right:8px}.nr{font-size:18px}.ns{margin-top:1.56em}.nt{line-height:28px}.nu{letter-spacing:-0.003em}.or{font-size:20px}.os{margin-top:1.2em}.ot{line-height:24px}.ou{letter-spacing:0}.pl{font-size:16px}.pm{margin-top:1.23em}.py{margin-top:0.67em}.qg{margin-top:1.34em}.qt{margin-top:0.93em}.ri{margin-bottom:80px}.ry{padding-top:48px}.sm{margin-bottom:20px}.sn{margin-right:0}.sz{max-width:100%}.tg{font-size:24px}.th{line-height:30px}.ti{letter-spacing:-0.016em}.ni:hover{border-color:#E5E5E5}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="print">.rq{display:none}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="(prefers-reduced-motion: no-preference)">.hb{transition:transform 300ms cubic-bezier(0.2, 0, 0.2, 1)}</style><style type="text/css" data-fela-rehydration="545" data-fela-type="RULE" media="(orientation: landscape) and (max-width: 903.98px)">.kb{max-height:none}</style></head><body><div id="root"><div class="a b c"><div class="d e f g h i j k"></div><script>document.domain = document.domain;</script><div class="l c"><div class="l m n o c"><div class="p q r s t u v w x i d y z"><a class="du ag dv bf ak b am an ao ap aq ar as at s u w i d q dw z" href="https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F561c76af94cf&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderCollection&source=---top_nav_layout_nav----------------------------------" rel="noopener follow">Open in app<svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" fill="none" viewBox="0 0 10 10" class="dt"><path fill="currentColor" d="M.985 8.485a.375.375 0 1 0 .53.53zM8.75 1.25h.375A.375.375 0 0 0 8.75.875zM8.375 6.5a.375.375 0 1 0 .75 0zM3.5.875a.375.375 0 1 0 0 .75zm-1.985 8.14 7.5-7.5-.53-.53-7.5 7.5zm6.86-7.765V6.5h.75V1.25zM3.5 1.625h5.25v-.75H3.5z"></path></svg></a><div class="ab q"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><button class="bf b dx dy eh dz ea ei eb ec ej ek ee el em eg eo ep eq er es et eu ev ew ex ey ez fa fb fc fd bm fe ff" data-testid="headerSignUpButton">Sign up</button></span></p><div class="ax l"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerSignInButton" rel="noopener follow" href="/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&source=post_page---top_nav_layout_nav-----------------------global_nav-----------">Sign in</a></span></p></div></div></div><div class="p q r ab ac"><div class="ab q ae"><a class="af ag ah ai aj ak al am an ao ap aq ar as at ab" aria-label="Homepage" data-testid="headerMediumLogo" rel="noopener follow" href="/?source=---top_nav_layout_nav----------------------------------"><svg xmlns="http://www.w3.org/2000/svg" width="719" height="160" fill="none" viewBox="0 0 719 160" class="au av aw"><path fill="#242424" d="m174.104 9.734.215-.047V8.02H130.39L89.6 103.89 48.81 8.021H1.472v1.666l.212.047c8.018 1.81 12.09 4.509 12.09 14.242V137.93c0 9.734-4.087 12.433-12.106 14.243l-.212.047v1.671h32.118v-1.665l-.213-.048c-8.018-1.809-12.089-4.509-12.089-14.242V30.586l52.399 123.305h2.972l53.925-126.743V140.75c-.687 7.688-4.721 10.062-11.982 11.701l-.215.05v1.652h55.948v-1.652l-.215-.05c-7.269-1.639-11.4-4.013-12.087-11.701l-.037-116.774h.037c0-9.733 4.071-12.432 12.087-14.242m25.555 75.488c.915-20.474 8.268-35.252 20.606-35.507 3.806.063 6.998 1.312 9.479 3.714 5.272 5.118 7.751 15.812 7.368 31.793zm-.553 5.77h65.573v-.275c-.186-15.656-4.721-27.834-13.466-36.196-7.559-7.227-18.751-11.203-30.507-11.203h-.263c-6.101 0-13.584 1.48-18.909 4.16-6.061 2.807-11.407 7.003-15.855 12.511-7.161 8.874-11.499 20.866-12.554 34.343q-.05.606-.092 1.212a50 50 0 0 0-.065 1.151 85.807 85.807 0 0 0-.094 5.689c.71 30.524 17.198 54.917 46.483 54.917 25.705 0 40.675-18.791 44.407-44.013l-1.886-.664c-6.557 13.556-18.334 21.771-31.738 20.769-18.297-1.369-32.314-19.922-31.042-42.395m139.722 41.359c-2.151 5.101-6.639 7.908-12.653 7.908s-11.513-4.129-15.418-11.63c-4.197-8.053-6.405-19.436-6.405-32.92 0-28.067 8.729-46.22 22.24-46.22 5.657 0 10.111 2.807 12.236 7.704zm43.499 20.008c-8.019-1.897-12.089-4.722-12.089-14.951V1.309l-48.716 14.353v1.757l.299-.024c6.72-.543 11.278.386 13.925 2.83 2.072 1.915 3.082 4.853 3.082 8.987v18.66c-4.803-3.067-10.516-4.56-17.448-4.56-14.059 0-26.909 5.92-36.176 16.672-9.66 11.205-14.767 26.518-14.767 44.278-.003 31.72 15.612 53.039 38.851 53.039 13.595 0 24.533-7.449 29.54-20.013v16.865h43.711v-1.746zM424.1 19.819c0-9.904-7.468-17.374-17.375-17.374-9.859 0-17.573 7.632-17.573 17.374s7.721 17.374 17.573 17.374c9.907 0 17.375-7.47 17.375-17.374m11.499 132.546c-8.019-1.897-12.089-4.722-12.089-14.951h-.035V43.635l-43.714 12.551v1.705l.263.024c9.458.842 12.047 4.1 12.047 15.152v81.086h43.751v-1.746zm112.013 0c-8.018-1.897-12.089-4.722-12.089-14.951V43.635l-41.621 12.137v1.71l.246.026c7.733.813 9.967 4.257 9.967 15.36v59.279c-2.578 5.102-7.415 8.131-13.274 8.336-9.503 0-14.736-6.419-14.736-18.073V43.638l-43.714 12.55v1.703l.262.024c9.459.84 12.05 4.097 12.05 15.152v50.17a56.3 56.3 0 0 0 .91 10.444l.787 3.423c3.701 13.262 13.398 20.197 28.59 20.197 12.868 0 24.147-7.966 29.115-20.43v17.311h43.714v-1.747zm169.818 1.788v-1.749l-.213-.05c-8.7-2.006-12.089-5.789-12.089-13.49v-63.79c0-19.89-11.171-31.761-29.883-31.761-13.64 0-25.141 7.882-29.569 20.16-3.517-13.01-13.639-20.16-28.606-20.16-13.146 0-23.449 6.938-27.869 18.657V43.643L545.487 55.68v1.715l.263.024c9.345.829 12.047 4.181 12.047 14.95v81.784h40.787v-1.746l-.215-.053c-6.941-1.631-9.181-4.606-9.181-12.239V66.998c1.836-4.289 5.537-9.37 12.853-9.37 9.086 0 13.692 6.296 13.692 18.697v77.828h40.797v-1.746l-.215-.053c-6.94-1.631-9.18-4.606-9.18-12.239V75.066a42 42 0 0 0-.578-7.26c1.947-4.661 5.86-10.177 13.475-10.177 9.214 0 13.691 6.114 13.691 18.696v77.828z"></path></svg></a><div class="ax h"><div class="ab ay az ba bb q bc bd"><div class="bm" aria-hidden="false" aria-describedby="searchResults" aria-labelledby="searchResults"></div><div class="bn bo ab"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M4.092 11.06a6.95 6.95 0 1 1 13.9 0 6.95 6.95 0 0 1-13.9 0m6.95-8.05a8.05 8.05 0 1 0 5.13 14.26l3.75 3.75a.56.56 0 1 0 .79-.79l-3.73-3.73A8.05 8.05 0 0 0 11.042 3z" clip-rule="evenodd"></path></svg></div><input role="combobox" aria-controls="searchResults" aria-expanded="false" aria-label="search" data-testid="headerSearchInput" tabindex="0" class="ay be bf bg z bh bi bj bk bl" placeholder="Search" value=""/></div></div></div><div class="h k w fg fh"><div class="fi ab"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerWriteButton" rel="noopener follow" href="/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav-----------"><div class="bf b bg z du fj fk ab q fl fm"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24" aria-label="Write"><path fill="currentColor" d="M14 4a.5.5 0 0 0 0-1zm7 6a.5.5 0 0 0-1 0zm-7-7H4v1h10zM3 4v16h1V4zm1 17h16v-1H4zm17-1V10h-1v10zm-1 1a1 1 0 0 0 1-1h-1zM3 20a1 1 0 0 0 1 1v-1zM4 3a1 1 0 0 0-1 1h1z"></path><path stroke="currentColor" d="m17.5 4.5-8.458 8.458a.25.25 0 0 0-.06.098l-.824 2.47a.25.25 0 0 0 .316.316l2.47-.823a.25.25 0 0 0 .098-.06L19.5 6.5m-2-2 2.323-2.323a.25.25 0 0 1 .354 0l1.646 1.646a.25.25 0 0 1 0 .354L19.5 6.5m-2-2 2 2"></path></svg><div class="dt l">Write</div></div></a></span></div></div><div class="k j i d"><div class="fi ab"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerSearchButton" rel="noopener follow" href="/search?source=---top_nav_layout_nav----------------------------------"><div class="bf b bg z du fj fk ab q fl fm"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24" aria-label="Search"><path fill="currentColor" fill-rule="evenodd" d="M4.092 11.06a6.95 6.95 0 1 1 13.9 0 6.95 6.95 0 0 1-13.9 0m6.95-8.05a8.05 8.05 0 1 0 5.13 14.26l3.75 3.75a.56.56 0 1 0 .79-.79l-3.73-3.73A8.05 8.05 0 0 0 11.042 3z" clip-rule="evenodd"></path></svg></div></a></div></div><div class="fi h k j"><div class="ab q"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><button class="bf b dx dy eh dz ea ei eb ec ej ek ee el em eg eo ep eq er es et eu ev ew ex ey ez fa fb fc fd bm fe ff" data-testid="headerSignUpButton">Sign up</button></span></p><div class="ax l"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerSignInButton" rel="noopener follow" href="/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&source=post_page---top_nav_layout_nav-----------------------global_nav-----------">Sign in</a></span></p></div></div></div><div class="l" aria-hidden="false"><button class="ay fn am ab q ao fo fp fq" aria-label="user options menu" data-testid="headerUserIcon"><div class="l fj"><img alt="" class="l fd by bz ca cx" src="https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png" width="32" height="32" loading="lazy" role="presentation"/><div class="fr by l bz ca fs n ay ft"></div></div></button></div></div></div><div class="l"><div class="fu fv fw fx fy l"><div class="ab cb"><div class="ci bh fz ga gb gc"></div></div><article><div class="l"><div class="l"><span class="l"></span><section><div><div class="fs gi gj gk gl gm"></div><div class="gn go gp gq gr"><div class="ab cb"><div class="ci bh fz ga gb gc"><figure class="gv gw gx gy gz ha gs gt paragraph-image"><div role="button" tabindex="0" class="hb hc fj hd bh he"><div class="gs gt gu"><picture><source srcSet="https://miro.medium.com/v2/resize:fit:640/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 640w, https://miro.medium.com/v2/resize:fit:720/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 720w, https://miro.medium.com/v2/resize:fit:750/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 750w, https://miro.medium.com/v2/resize:fit:786/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 786w, https://miro.medium.com/v2/resize:fit:828/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 828w, https://miro.medium.com/v2/resize:fit:1100/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 1100w, https://miro.medium.com/v2/resize:fit:1400/format:webp/1*YEpt4gwe_KcB6O3mGJAzLA.png 1400w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 700px" type="image/webp"/><source data-testid="og" srcSet="https://miro.medium.com/v2/resize:fit:640/1*YEpt4gwe_KcB6O3mGJAzLA.png 640w, https://miro.medium.com/v2/resize:fit:720/1*YEpt4gwe_KcB6O3mGJAzLA.png 720w, https://miro.medium.com/v2/resize:fit:750/1*YEpt4gwe_KcB6O3mGJAzLA.png 750w, https://miro.medium.com/v2/resize:fit:786/1*YEpt4gwe_KcB6O3mGJAzLA.png 786w, https://miro.medium.com/v2/resize:fit:828/1*YEpt4gwe_KcB6O3mGJAzLA.png 828w, https://miro.medium.com/v2/resize:fit:1100/1*YEpt4gwe_KcB6O3mGJAzLA.png 1100w, https://miro.medium.com/v2/resize:fit:1400/1*YEpt4gwe_KcB6O3mGJAzLA.png 1400w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 700px"/><img alt="" class="bh hf hg c" width="700" height="695" loading="eager" role="presentation"/></picture></div></div></figure><div><h1 id="36be" class="pw-post-title hh hi hj bf hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz ia ib ic id ie if ig ih ii ij bk" data-testid="storyTitle"><strong class="al">V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals</strong></h1><div><div class="speechify-ignore ab cp"><div class="speechify-ignore bh l"><div class="ik il im in io ab"><div><div class="ab ip"><div><div class="bm" aria-hidden="false"><a rel="noopener follow" href="/@arobertson_79988?source=post_page---byline--561c76af94cf--------------------------------"><div class="l iq ir by is it"><div class="l fj"><img alt="Amy L. Robertson" class="l fd by dd de cx" src="https://miro.medium.com/v2/resize:fill:88:88/1*HSqNMSnjesj-UnJGDPJi7g.jpeg" width="44" height="44" loading="lazy" data-testid="authorPhoto"/><div class="iu by l dd de fs n iv ft"></div></div></div></a></div></div><div class="iw ab fj"><div><div class="bm" aria-hidden="false"><a href="https://medium.com/mitre-attack?source=post_page---byline--561c76af94cf--------------------------------" rel="noopener follow"><div class="l ix iy by is iz"><div class="l fj"><img alt="MITRE ATT&CK®" class="l fd by br ja cx" src="https://miro.medium.com/v2/resize:fill:48:48/1*Y6LKGEIzmF96lVHkv_RS9A.png" width="24" height="24" loading="lazy" data-testid="publicationPhoto"/><div class="iu by l br ja fs n iv ft"></div></div></div></a></div></div></div></div></div><div class="bn bh l"><div class="ab"><div style="flex:1"><span class="bf b bg z bk"><div class="jb ab q"><div class="ab q jc"><div class="ab q"><div><div class="bm" aria-hidden="false"><p class="bf b jd je bk"><a class="af ag ah ai aj ak al am an ao ap aq ar jf" data-testid="authorName" rel="noopener follow" href="/@arobertson_79988?source=post_page---byline--561c76af94cf--------------------------------">Amy L. Robertson</a></p></div></div></div><span class="jg jh" aria-hidden="true"><span class="bf b bg z du">·</span></span><p class="bf b jd je du"><span><a class="ji jj ah ai aj ak al am an ao ap aq ar ex jk jl" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F13b16fa8065d&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&user=Amy+L.+Robertson&userId=13b16fa8065d&source=post_page-13b16fa8065d--byline--561c76af94cf---------------------post_header-----------">Follow</a></span></p></div></div></span></div></div><div class="l jm"><span class="bf b bg z du"><div class="ab cn jn jo jp"><div class="jq jr ab"><div class="bf b bg z du ab js"><span class="jt l jm">Published in</span><div><div class="l" aria-hidden="false"><a class="af ag ah ai aj ak al am an ao ap aq ar jf ab q" data-testid="publicationName" href="https://medium.com/mitre-attack?source=post_page---byline--561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b bg z ju jv jw jx jy jz ka kb bk">MITRE ATT&CK®</p></a></div></div></div><div class="h k"><span class="jg jh" aria-hidden="true"><span class="bf b bg z du">·</span></span></div></div><span class="bf b bg z du"><div class="ab ae"><span data-testid="storyReadTime">6 min read</span><div class="kc kd l" aria-hidden="true"><span class="l" aria-hidden="true"><span class="bf b bg z du">·</span></span></div><span data-testid="storyPublishDate">Oct 31, 2024</span></div></span></div></span></div></div></div><div class="ab cp ke kf kg kh ki kj kk kl km kn ko kp kq kr ks kt"><div class="h k w fg fh q"><div class="lj l"><div class="ab q lk ll"><div class="pw-multi-vote-icon fj jt lm ln lo"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerClapButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmitre-attack%2F561c76af94cf&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&user=Amy+L.+Robertson&userId=13b16fa8065d&source=---header_actions--561c76af94cf---------------------clap_footer-----------"><div><div class="bm" aria-hidden="false"><div class="lp ao lq lr ls lt am lu lv lw lo"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" d="M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z" clip-rule="evenodd"></path></svg></div></div></div></a></span></div><div class="pw-multi-vote-count l lx ly lz ma mb mc md"><p class="bf b dv z du"><span class="me">--</span></p></div></div></div><div><div class="bm" aria-hidden="false"><button class="ao lp mf mg ab q fk mh mi" aria-label="responses"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="mj"><path d="M18.006 16.803c1.533-1.456 2.234-3.325 2.234-5.321C20.24 7.357 16.709 4 12.191 4S4 7.357 4 11.482c0 4.126 3.674 7.482 8.191 7.482.817 0 1.622-.111 2.393-.327.231.2.48.391.744.559 1.06.693 2.203 1.044 3.399 1.044.224-.008.4-.112.486-.287a.49.49 0 0 0-.042-.518c-.495-.67-.845-1.364-1.04-2.057a4 4 0 0 1-.125-.598zm-3.122 1.055-.067-.223-.315.096a8 8 0 0 1-2.311.338c-4.023 0-7.292-2.955-7.292-6.587 0-3.633 3.269-6.588 7.292-6.588 4.014 0 7.112 2.958 7.112 6.593 0 1.794-.608 3.469-2.027 4.72l-.195.168v.255c0 .056 0 .151.016.295.025.231.081.478.154.733.154.558.398 1.117.722 1.659a5.3 5.3 0 0 1-2.165-.845c-.276-.176-.714-.383-.941-.59z"></path></svg></button></div></div></div><div class="ab q ku kv kw kx ky kz la lb lc ld le lf lg lh li"><div class="mk k j i d"></div><div class="h k"><div><div class="bm" aria-hidden="false"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerBookmarkButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F561c76af94cf&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&source=---header_actions--561c76af94cf---------------------bookmark_footer-----------"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="none" viewBox="0 0 25 25" class="du ml" aria-label="Add to list bookmark button"><path fill="currentColor" d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .805.396L12.5 17l5.695 4.396A.5.5 0 0 0 19 21v-8.5a.5.5 0 0 0-1 0v7.485l-5.195-4.012a.5.5 0 0 0-.61 0L7 19.985z"></path></svg></a></span></div></div></div><div class="fd mm cn"><div class="l ae"><div class="ab cb"><div class="mn mo mp mq mr hf ci bh"><div class="ab"><div class="bm bh" aria-hidden="false"><div><div class="bm" aria-hidden="false"><button aria-label="Listen" data-testid="audioPlayButton" class="af fk ah ai aj ak al ms an ao ap ex mt mu mi mv mw mx my mz s na nb nc nd ne nf ng u nh ni nj"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M3 12a9 9 0 1 1 18 0 9 9 0 0 1-18 0m9-10C6.477 2 2 6.477 2 12s4.477 10 10 10 10-4.477 10-10S17.523 2 12 2m3.376 10.416-4.599 3.066a.5.5 0 0 1-.777-.416V8.934a.5.5 0 0 1 .777-.416l4.599 3.066a.5.5 0 0 1 0 .832" clip-rule="evenodd"></path></svg><div class="j i d"><p class="bf b bg z du">Listen</p></div></button></div></div></div></div></div></div></div></div><div class="bm" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="bm" aria-hidden="false"><button aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post" data-testid="headerSocialShareButton" class="af fk ah ai aj ak al ms an ao ap ex mt mu mi mv mw mx my mz s na nb nc nd ne nf ng u nh ni nj"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M15.218 4.931a.4.4 0 0 1-.118.132l.012.006a.45.45 0 0 1-.292.074.5.5 0 0 1-.3-.13l-2.02-2.02v7.07c0 .28-.23.5-.5.5s-.5-.22-.5-.5v-7.04l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.79a.42.42 0 0 1 .068.498m-.106.138.008.004v-.01zM16 7.063h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11c-1.1 0-2-.9-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.15.5.5 0 0 1 .15.35.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9v-10.2c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1" clip-rule="evenodd"></path></svg><div class="j i d"><p class="bf b bg z du">Share</p></div></button></div></div></div></div></div></div></div></div></div><p id="a258" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">In v16, we’re all about balance — striking that perfect chord between familiar and pioneering to keep things real and actionable.</p><p id="c096" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">This update fine-tunes how we cover cloud environments, finding equilibrium between depth and practicality to ensure it remains practical for defenders. As part of our balancing act, we’re also expanding on familiar threats while introducing some fresh behaviors and groups. This release also features optimized detection engineering offerings and enhanced usability across ATT&CK tools, with the goal of a <em class="oi">balanced</em> resource for everyone.</p><p id="4393" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">For all the details on our updates/additions across Techniques, Software, Groups and Campaigns take a look at our <a class="af oj" href="https://attack.mitre.org/resources/updates/updates-october-2024/" rel="noopener ugc nofollow" target="_blank">release notes</a>, our <a class="af oj" href="https://attack.mitre.org/docs/changelogs/v15.1-v16.0/changelog-detailed.html" rel="noopener ugc nofollow" target="_blank">detailed changelog</a>, or our <a class="af oj" href="https://attacksite.mitre.org/changes/changelog.json" rel="noopener ugc nofollow" target="_blank">changelog.json</a>.</p><h1 id="4203" class="ok ol hj bf om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf pg ph bk">Enterprise</h1><h2 id="8b82" class="pi ol hj bf om pj pk dy oq pl pm ea ou nv pn po pp nz pq pr ps od pt pu pv pw bk">Cloud Realigned</h2><p id="c3a6" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">We’ve been working to fine-tune the balance between abstraction and detail in the Cloud matrix to cover various cloud environments and threats, while staying specific enough to guide actionable defenses. v16 unveils our efforts to keep the matrix practical for defenders across diverse setups, clarify technique descriptions, and ensure that it’s intuitively navigable.</p><p id="1c58" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">We’d like to introduce the recalibrated <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/" rel="noopener ugc nofollow" target="_blank"><strong class="nm hk">Cloud matrix</strong></a><strong class="nm hk">,</strong> now featuring four platforms (<a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/iaas/" rel="noopener ugc nofollow" target="_blank">Iaas</a>, <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/saas/" rel="noopener ugc nofollow" target="_blank">SaaS</a>, <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/identityprovider/" rel="noopener ugc nofollow" target="_blank">Identity Provider</a>, and <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/officesuite/" rel="noopener ugc nofollow" target="_blank">Office Suite</a>) — key changes include:</p><ul class=""><li id="4ab4" class="nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh qc qd qe bk">Broadened <strong class="nm hk">Identity</strong> concept to cover multiple products and services, reflecting how identity functions work similarly across cloud setups. <br/> – This includes incorporating <strong class="nm hk">Azure AD</strong> into <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/identityprovider/" rel="noopener ugc nofollow" target="_blank"><strong class="nm hk">Identity Provider</strong></a> for clearer cloud functionality distinctions.</li><li id="5787" class="nk nl hj nm b nn qf np nq nr qg nt nu nv qh nx ny nz qi ob oc od qj of og oh qc qd qe bk">Clarified the <strong class="nm hk">Google Workspace </strong>and <strong class="nm hk">Microsoft</strong> <strong class="nm hk">365</strong> overlap with the new <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/officesuite/" rel="noopener ugc nofollow" target="_blank"><strong class="nm hk">Office Suite</strong></a> platform, as they behave nearly identically at the technique level.</li></ul><h2 id="5a1e" class="pi ol hj bf om pj pk dy oq pl pm ea ou nv pn po pp nz pq pr ps od pt pu pv pw bk">Behavior Balancing Act</h2><p id="6aaa" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">We maintained our perfect balance formula (<em class="oi">Familiar + Novel = Reality</em>) with this release, expanding on existing techniques with behaviors you’ll recognize, but weren’t previously in the matrix — for example, <a class="af oj" href="https://attack.mitre.org/techniques/T1557/004/" rel="noopener ugc nofollow" target="_blank">T1557.004: Adversary-in-the-Middle: Evil Twin</a>, <a class="af oj" href="https://attack.mitre.org/techniques/T1213/004/" rel="noopener ugc nofollow" target="_blank">T1213.004: Data from Information Repositories: Customer Relationship Management Software</a><strong class="nm hk"> </strong>and<strong class="nm hk"> </strong><a class="af oj" href="https://attack.mitre.org/techniques/T1213/005/" rel="noopener ugc nofollow" target="_blank">T1213:Data from Information Repositories: Messaging Applications</a>.</p><p id="7d6a" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">For the novelty factor, this release also features some intriguing new behaviors, like <a class="af oj" href="https://attack.mitre.org/techniques/T1496/004/" rel="noopener ugc nofollow" target="_blank">T1496.004:Resource Hijacking:Cloud Service Hijacking</a>, where adversaries can hijack compromised SaaS applications (like email and messaging services) to send spam, while also draining your resources and impacting service availability. We also added <a class="af oj" href="https://attack.mitre.org/techniques/T1666/" rel="noopener ugc nofollow" target="_blank">T1666: Modify Cloud Resource Hierarchy</a>, highlighting how IaaS hierarchies can be manipulated to evade defenses and exploit resources by creating covert subscriptions in Azure or detaching AWS accounts from their organizations.</p><p id="b519" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">Our<strong class="nm hk"> Linux </strong>and<strong class="nm hk"> macOS </strong>behavior repository also grew, with<strong class="nm hk"> </strong>the highly demanded <a class="af oj" href="https://attack.mitre.org/techniques/T1546/017/" rel="noopener ugc nofollow" target="_blank">T1546.017: Event Triggered Execution: Udev Rules</a><strong class="nm hk">, </strong>where adversaries can persist on Linux by tweaking udev rules to run malicious code, exploiting its permissions and background capabilities. The new <a class="af oj" href="https://attack.mitre.org/techniques/T1558/005/" rel="noopener ugc nofollow" target="_blank">T1558.005: Steal or Forge Kerberos Tickets: Ccache Files</a> sub reminds us how adversaries can swipe Kerberos tickets from credential cache files to access multiple services as the current user — and even indulge in a little privilege escalation or lateral movement.</p><p id="5ada" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">For the full list of (sub) technique additions and expansions, check out the <a class="af oj" href="https://attack.mitre.org/docs/changelogs/v15.1-v16.0/changelog-detailed.html" rel="noopener ugc nofollow" target="_blank">changelog</a>!</p><p id="cd91" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk"><strong class="nm hk">What’s Next:</strong> We’re looking into a optimizing a couple of disparate areas — including restructuring <a class="af oj" href="https://attack.mitre.org/tactics/TA0005/" rel="noopener ugc nofollow" target="_blank">Defense Evasion</a> for clarity and usability. One approach we’re assessing is to organize techniques based on the specific behaviors they represent: those that focus on evading detection and those aimed at circumventing specific mitigations. We’re also evaluating how to refactor metadata to only feature what’s useable and relevant. Have thoughts or would like to contribute insights to either discussion? Share them on <a class="af oj" href="https://join.slack.com/t/mitreattack/shared_invite/zt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg" rel="noopener ugc nofollow" target="_blank">Slack</a> or <a class="af oj" href="http://attack@mitre.org/" rel="noopener ugc nofollow" target="_blank">email</a>!</p><h1 id="7e9e" class="ok ol hj bf om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf pg ph bk">Defensive Coverage</h1><h2 id="cc6d" class="pi ol hj bf om pj pk dy oq pl pm ea ou nv pn po pp nz pq pr ps od pt pu pv pw bk">Detection Engineering</h2><p id="3e70" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">Our Defensive goal for this year was to expand detections and mitigations, and help you get more actionable through detection engineering. With our optimization of our pseudocode format for analytics — reflecting real-world query language that is meant to serve as a template for your tailored queries — v16 is coming in hot with a whole host of new analytic blueprints.</p><p id="7f84" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">In the <a class="af oj" href="https://attack.mitre.org/tactics/TA0002/" rel="noopener ugc nofollow" target="_blank">Execution</a>, we’ve added <strong class="nm hk">85 new analytics</strong>, to help you identify techniques that execute malicious code,<strong class="nm hk">120 new analytics</strong> under <a class="af oj" href="https://attack.mitre.org/tactics/TA0006/" rel="noopener ugc nofollow" target="_blank">Credential Access</a> aimed at capturing the behaviors used to steal credentials, and <strong class="nm hk">26 new Cloud analytics</strong> designed to highlight techniques that exploit <a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/officesuite/" rel="noopener ugc nofollow" target="_blank">Microsoft 365</a> &<strong class="nm hk"> </strong><a class="af oj" href="https://attack.mitre.org/matrices/enterprise/cloud/identityprovider/" rel="noopener ugc nofollow" target="_blank">Azure AD</a>.</p><p id="7d27" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">As a bonus, v16 also features a <a class="af oj" href="https://github.com/mitre-attack/mitreattack-python/blob/master/examples/analytic_extractor.py" rel="noopener ugc nofollow" target="_blank">STIX analytic extraction Python script</a> that lets you quickly pull and export analytics.</p><h2 id="f853" class="pi ol hj bf om pj pk dy oq pl pm ea ou nv pn po pp nz pq pr ps od pt pu pv pw bk">Mitigations</h2><p id="c76b" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">On the <a class="af oj" href="https://attack.mitre.org/mitigations/enterprise/" rel="noopener ugc nofollow" target="_blank">Mitigations</a> front, we added a new mitigation: <a class="af oj" href="https://attack.mitre.org/mitigations/M1060/" rel="noopener ugc nofollow" target="_blank">Out of Band Communication</a>, focused on secure, alternative communication channels — like encrypted messaging or satellite lines — to keep critical comms safe and running during incidents and bypassing any compromised network systems. We also enhanced <a class="af oj" href="https://attack.mitre.org/mitigations/M1015/" rel="noopener ugc nofollow" target="_blank">Active Directory Configuration</a> with a community contribution that adds clearer examples and detailed interpretations of group policy settings. As we continue to update Mitigations, we need your insights! When you share specific use cases, clearer examples, and detailed configurations, you’re making it easier for fellow defenders to understand and implement mitigations effectively.</p><p id="7097" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk"><strong class="nm hk">What’s Next: </strong>We have a lot on our docket and some areas we’re still considering, including implementing STIX IDs for data components to improve clarity and tracking, developing analytics for Initial Access and Exfiltration, and Discovery, and revamping our data sources for actionability. We’ll also be looking into multi-event analytics that examine how different sources, like file modifications and process creation, interact within a short time frame instead of focusing on just one collection source. We would love your insights and collaboration on these initiatives — <a class="af oj" href="http://attack@mitre.org/" rel="noopener ugc nofollow" target="_blank">email</a> or join <a class="af oj" href="https://mitreattack.slack.com/archives/C036RA0B7EX" rel="noopener ugc nofollow" target="_blank">#defensive_attack</a> to get involved!</p><h1 id="7277" class="ok ol hj bf om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf pg ph bk">Cyber Threat Intelligence</h1><p id="c4e8" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">Our CTI updates also embody the <em class="oi">perfect balance formula</em>: we’re working to close the representation gaps in the cybercrime space while continuing to update state-attributed groups.</p><p id="5aea" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">Some of the cybercriminal additions in v16 include <a class="af oj" href="https://attack.mitre.org/groups/G1032/" rel="noopener ugc nofollow" target="_blank">G1032</a> (Inc Ransom), a group notorious for its double-extortion tactics, as well as the <a class="af oj" href="https://attack.mitre.org/groups/G1040/" rel="noopener ugc nofollow" target="_blank">G1040</a> (Play) ransomware group, that utilizes advanced encryption and targeting of high-value victims. Both groups exploit known vulnerabilities to gain initial access and steal data before deploying their ransomware. Additionally, <a class="af oj" href="https://attack.mitre.org/groups/G1037/" rel="noopener ugc nofollow" target="_blank">G1037</a> operates as an initial access broker, using phishing techniques to infiltrate networks.</p><p id="9538" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">On the State front, we updated <a class="af oj" href="https://attack.mitre.org/groups/G0007/" rel="noopener ugc nofollow" target="_blank">G0007</a> and <a class="af oj" href="https://attack.mitre.org/groups/G0034/" rel="noopener ugc nofollow" target="_blank">G0034</a>, both linked to different units of Russia’s General Staff Main Intelligence Directorate (GRU), with common behaviors, such as using malicious Microsoft Office attachments in their spear-phishing emails.</p><p id="14e1" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk"><strong class="nm hk">What’s Next:</strong> Moving forward, we intend to continue staying responsive to your contributions — highlighting groups, software, and campaigns that matter to practitioners, while also showcasing unique and exceptional tradecraft to highlight techniques. Got brilliant insights or behaviors to share? Join us on <a class="af oj" href="https://join.slack.com/t/mitreattack/shared_invite/zt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg" rel="noopener ugc nofollow" target="_blank">#attack-cti</a>, or <a class="af oj" href="https://attack.mitre.org/resources/engage-with-attack/contribute/" rel="noopener ugc nofollow" target="_blank">contribute</a>.</p><h1 id="393e" class="ok ol hj bf om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf pg ph bk">Software Development</h1><p id="720c" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">Our Software goal this year was to enhance usability and streamline processes for ATT&CK tools and infrastructure. We’ve been working hard towards these goals, but most importantly, we introduced our new TAXII server: the <a class="af oj" href="https://attack-taxii.mitre.org/" rel="noopener ugc nofollow" target="_blank">MITRE ATT&CK Workbench TAXII 2.1 Server</a> and open-sourced the <a class="af oj" href="https://github.com/mitre-attack/attack-workbench-taxii-server" rel="noopener ugc nofollow" target="_blank">TAXII 2.1 code</a> to enable you to establish your own servers within your organization <em class="oi">and </em>contribute to enhancing it. As you’re exploring the new 2.1 server, remember that we’ll be retiring the TAXII 2.0 server on December 18. <strong class="nm hk">To continue receiving updated ATT&CK data, you’ll need to migrate from cti-taxii.mitre.org to attack-taxii.mitre.org. </strong>Check out our <a class="af oj" rel="noopener" href="/mitre-attack/introducing-taxii-2-1-and-a-fond-farewell-to-taxii-2-0-d9fca6ce4c58">TAXII 2.1 blog post</a> for more details.</p><p id="a50a" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk"><strong class="nm hk">What’s Next: </strong>We’re planning on rolling out ATT&CK Data Model 1.0, which will introduce Platform objects and assign ATT&CK IDs to data components for easier tracking. We’ll also be updating the defensive objects structure for intuitiveness and simplifying the Workbench process. On the website front, our goal is to move towards a modern framework and ensure consistency and clarity across ATT&CK tools and documentation with STIX 2.1.</p></div></div></div><div class="ab cb qk ql qm qn" role="separator"><span class="qo by bm qp qq qr"></span><span class="qo by bm qp qq qr"></span><span class="qo by bm qp qq"></span></div><div class="gn go gp gq gr"><div class="ab cb"><div class="ci bh fz ga gb gc"><h1 id="57a7" class="ok ol hj bf om on qs op oq or qt ot ou ov qu ox oy oz qv pb pc pd qw pf pg ph bk">You Bring the Insights, We’ll Bring the Updates</h1><p id="b924" class="pw-post-body-paragraph nk nl hj nm b nn px np nq nr py nt nu nv pz nx ny nz qa ob oc od qb of og oh gn bk">We deeply value our community, and your in-the-wild examples and real-world implementations are what ensure that ATT&CK remains relevant and actionable, so <em class="oi">if you see something, </em><a class="af oj" href="https://attack.mitre.org/resources/engage-with-attack/contribute/" rel="noopener ugc nofollow" target="_blank"><em class="oi">contrib</em></a><em class="oi"> something.</em></p><p id="0a57" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">Looking ahead, we can’t wait to keep partnering with you on everything we have lined up — as well as all the things we haven’t planned yet but will absolutely end up on our agenda, thanks to your great contributions.</p><p id="b3f3" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">Connect with us on <a class="af oj" href="http://attack@mitre.org" rel="noopener ugc nofollow" target="_blank">Email</a>, <a class="af oj" href="https://twitter.com/MITREattack" rel="noopener ugc nofollow" target="_blank">Twitter</a>, <a class="af oj" href="https://www.linkedin.com/showcase/mitre-att&ck/" rel="noopener ugc nofollow" target="_blank">LinkedIn</a>, or <a class="af oj" href="https://join.slack.com/t/mitreattack/shared_invite/zt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg" rel="noopener ugc nofollow" target="_blank">Slack</a>.</p><p id="4c6f" class="pw-post-body-paragraph nk nl hj nm b nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of og oh gn bk">©2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24–00779–4.</p></div></div></div></div></section></div></div></article></div><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="qx qy ab jp"><div class="qz ab"><a class="ra ay am ao" rel="noopener follow" href="/tag/mitre-attck?source=post_page-----561c76af94cf--------------------------------"><div class="rb fj cx rc ge rd re bf b bg z bk rf">Mitre Attck</div></a></div><div class="qz ab"><a class="ra ay am ao" rel="noopener follow" href="/tag/cloud?source=post_page-----561c76af94cf--------------------------------"><div class="rb fj cx rc ge rd re bf b bg z bk rf">Cloud</div></a></div><div class="qz ab"><a class="ra ay am ao" rel="noopener follow" href="/tag/detection-engineering?source=post_page-----561c76af94cf--------------------------------"><div class="rb fj cx rc ge rd re bf b bg z bk rf">Detection Engineering</div></a></div><div class="qz ab"><a class="ra ay am ao" rel="noopener follow" href="/tag/cybercrime?source=post_page-----561c76af94cf--------------------------------"><div class="rb fj cx rc ge rd re bf b bg z bk rf">Cybercrime</div></a></div></div></div></div><div class="l"></div><footer class="rg rh ri rj rk rl rm rn ro ab q rp iz c"><div class="l ae"><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="ab cp rq"><div class="ab q lk"><div class="rr l"><span class="l rs rt ru e d"><div class="ab q lk ll"><div class="pw-multi-vote-icon fj jt lm ln lo"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="footerClapButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmitre-attack%2F561c76af94cf&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&user=Amy+L.+Robertson&userId=13b16fa8065d&source=---footer_actions--561c76af94cf---------------------clap_footer-----------"><div><div class="bm" aria-hidden="false"><div class="lp ao lq lr ls lt am lu lv lw lo"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" d="M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z" clip-rule="evenodd"></path></svg></div></div></div></a></span></div><div class="pw-multi-vote-count l lx ly lz ma mb mc md"><p class="bf b dv z du"><span class="me">--</span></p></div></div></span><span class="l h g f rv rw"><div class="ab q lk ll"><div class="pw-multi-vote-icon fj jt lm ln lo"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="footerClapButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmitre-attack%2F561c76af94cf&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&user=Amy+L.+Robertson&userId=13b16fa8065d&source=---footer_actions--561c76af94cf---------------------clap_footer-----------"><div><div class="bm" aria-hidden="false"><div class="lp ao lq lr ls lt am lu lv lw lo"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" d="M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z" clip-rule="evenodd"></path></svg></div></div></div></a></span></div><div class="pw-multi-vote-count l lx ly lz ma mb mc md"><p class="bf b dv z du"><span class="me">--</span></p></div></div></span></div><div class="bq ab"><div><div class="bm" aria-hidden="false"><button class="ao lp mf mg ab q fk mh mi" aria-label="responses"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="mj"><path d="M18.006 16.803c1.533-1.456 2.234-3.325 2.234-5.321C20.24 7.357 16.709 4 12.191 4S4 7.357 4 11.482c0 4.126 3.674 7.482 8.191 7.482.817 0 1.622-.111 2.393-.327.231.2.48.391.744.559 1.06.693 2.203 1.044 3.399 1.044.224-.008.4-.112.486-.287a.49.49 0 0 0-.042-.518c-.495-.67-.845-1.364-1.04-2.057a4 4 0 0 1-.125-.598zm-3.122 1.055-.067-.223-.315.096a8 8 0 0 1-2.311.338c-4.023 0-7.292-2.955-7.292-6.587 0-3.633 3.269-6.588 7.292-6.588 4.014 0 7.112 2.958 7.112 6.593 0 1.794-.608 3.469-2.027 4.72l-.195.168v.255c0 .056 0 .151.016.295.025.231.081.478.154.733.154.558.398 1.117.722 1.659a5.3 5.3 0 0 1-2.165-.845c-.276-.176-.714-.383-.941-.59z"></path></svg></button></div></div></div></div><div class="ab q"><div class="qr l jm"><div><div class="bm" aria-hidden="false"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="footerBookmarkButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F561c76af94cf&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v16-561c76af94cf&source=---footer_actions--561c76af94cf---------------------bookmark_footer-----------"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="none" viewBox="0 0 25 25" class="du ml" aria-label="Add to list bookmark button"><path fill="currentColor" d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .805.396L12.5 17l5.695 4.396A.5.5 0 0 0 19 21v-8.5a.5.5 0 0 0-1 0v7.485l-5.195-4.012a.5.5 0 0 0-.61 0L7 19.985z"></path></svg></a></span></div></div></div><div class="qr l jm"><div class="bm" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="bm" aria-hidden="false"><button aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post" data-testid="footerSocialShareButton" class="af fk ah ai aj ak al ms an ao ap ex mt mu mi mv"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M15.218 4.931a.4.4 0 0 1-.118.132l.012.006a.45.45 0 0 1-.292.074.5.5 0 0 1-.3-.13l-2.02-2.02v7.07c0 .28-.23.5-.5.5s-.5-.22-.5-.5v-7.04l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.79a.42.42 0 0 1 .068.498m-.106.138.008.004v-.01zM16 7.063h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11c-1.1 0-2-.9-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.15.5.5 0 0 1 .15.35.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9v-10.2c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1" clip-rule="evenodd"></path></svg></button></div></div></div></div></div></div></div></div></div></footer><div class="rx ry rz sa sb l bx"><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="sc l"><div class="ab sd se sf jo jn"><div class="sg sh si sj sk sl sm sn so sp ab cp"><div class="h k"><a href="https://medium.com/mitre-attack?source=post_page---post_publication_info--561c76af94cf--------------------------------" rel="noopener follow"><div class="fj ab"><img alt="MITRE ATT&CK®" class="sq iq ir cx" src="https://miro.medium.com/v2/resize:fill:96:96/1*Y6LKGEIzmF96lVHkv_RS9A.png" width="48" height="48" loading="lazy"/><div class="sq l ir iq fs n fr sr"></div></div></a></div><div class="j i d"><a href="https://medium.com/mitre-attack?source=post_page---post_publication_info--561c76af94cf--------------------------------" rel="noopener follow"><div class="fj ab"><img alt="MITRE ATT&CK®" class="sq st ss cx" src="https://miro.medium.com/v2/resize:fill:128:128/1*Y6LKGEIzmF96lVHkv_RS9A.png" width="64" height="64" loading="lazy"/><div class="sq l ss st fs n fr sr"></div></div></a></div><div class="j i d su jm"><div class="ab"></div></div></div><div class="ab co sv"><div class="sw sx sy sz ta l"><a class="af ag ah aj ak al am an ao ap aq ar as at ab q" href="https://medium.com/mitre-attack?source=post_page---post_publication_info--561c76af94cf--------------------------------" rel="noopener follow"><h2 class="pw-author-name bf tc td te tf tg th ti nv po pp nz pr ps od pu pv bk"><span class="gn tb">Published in MITRE ATT&CK®</span></h2></a><div class="qz ab ip"><div class="l jm"><span class="pw-follower-count bf b bg z du"><a class="af ag ah ai aj ak al am an ao ap aq ar jf" rel="noopener follow" href="/mitre-attack/followers?source=post_page---post_publication_info--561c76af94cf--------------------------------">6.5K Followers</a></span></div><div class="bf b bg z du ab js"><span class="jg l" aria-hidden="true"><span class="bf b bg z du">·</span></span><a class="af ag ah ai aj ak al am an ao ap aq ar jf" rel="noopener follow" href="/mitre-attack/attack-v16-561c76af94cf?source=post_page---post_publication_info--561c76af94cf--------------------------------">Last published <span>Oct 31, 2024</span></a></div></div><div class="tj l"><p class="bf b bg z bk">This is the official blog for MITRE ATT&CK®, the MITRE-developed, globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The full website is located at <a class="af ag ah ai aj ak al am an ao ap aq ar oj go" href="https://attack.mitre.org" rel="noopener ugc nofollow">https://attack.mitre.org</a>.</p></div></div></div><div class="h k"><div class="ab"></div></div></div></div><div class="ab sd se sf jo jn"><div class="sg sh si sj sk sl sm sn so sp ab cp"><div class="h k"><a tabindex="0" rel="noopener follow" href="/@arobertson_79988?source=post_page---post_author_info--561c76af94cf--------------------------------"><div class="l fj"><img alt="Amy L. Robertson" class="l fd by ir iq cx" src="https://miro.medium.com/v2/resize:fill:96:96/1*HSqNMSnjesj-UnJGDPJi7g.jpeg" width="48" height="48" loading="lazy"/><div class="fr by l ir iq fs n ay sr"></div></div></a></div><div class="j i d"><a tabindex="0" rel="noopener follow" href="/@arobertson_79988?source=post_page---post_author_info--561c76af94cf--------------------------------"><div class="l fj"><img alt="Amy L. Robertson" class="l fd by ss st cx" src="https://miro.medium.com/v2/resize:fill:128:128/1*HSqNMSnjesj-UnJGDPJi7g.jpeg" width="64" height="64" loading="lazy"/><div class="fr by l ss st fs n ay sr"></div></div></a></div><div class="j i d su jm"><div class="ab"><span><button class="bf b bg z tk rb tl tm tn to tp ev ew tq tr ts fa fb fc fd bm fe ff">Follow</button></span></div></div></div><div class="ab co sv"><div class="sw sx sy sz ta l"><a class="af ag ah aj ak al am an ao ap aq ar as at ab q" rel="noopener follow" href="/@arobertson_79988?source=post_page---post_author_info--561c76af94cf--------------------------------"><h2 class="pw-author-name bf tc td te tf tg th ti nv po pp nz pr ps od pu pv bk"><span class="gn tb">Written by Amy L. Robertson</span></h2></a><div class="qz ab ip"><div class="l jm"><span class="pw-follower-count bf b bg z du"><a class="af ag ah ai aj ak al am an ao ap aq ar jf" rel="noopener follow" href="/@arobertson_79988/followers?source=post_page---post_author_info--561c76af94cf--------------------------------">618 Followers</a></span></div><div class="bf b bg z du ab js"><span class="jg l" aria-hidden="true"><span class="bf b bg z du">·</span></span><a class="af ag ah ai aj ak al am an ao ap aq ar jf" rel="noopener follow" href="/@arobertson_79988/following?source=post_page---post_author_info--561c76af94cf--------------------------------">5 Following</a></div></div><div class="tj l"></div></div></div><div class="h k"><div class="ab"><span><button class="bf b bg z tk rb tl tm tn to tp ev ew tq tr ts fa fb fc fd bm fe ff">Follow</button></span></div></div></div><div class="tt bh tu tv"></div></div></div><div class="h k j"><div class="tt bh tu tw"></div><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="tx ab lk jp"><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://help.medium.com/hc/en-us?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Help</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://medium.statuspage.io/?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Status</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" rel="noopener follow" href="/about?autoplay=1&source=post_page-----561c76af94cf--------------------------------"><p class="bf b dv z du">About</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" rel="noopener follow" href="/jobs-at-medium/work-at-medium-959d1a85284e?source=post_page-----561c76af94cf--------------------------------"><p class="bf b dv z du">Careers</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="pressinquiries@medium.com?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Press</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://blog.medium.com/?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Blog</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Privacy</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Terms</p></a></div><div class="ty tz l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://speechify.com/medium?source=post_page-----561c76af94cf--------------------------------" rel="noopener follow"><p class="bf b dv z du">Text to speech</p></a></div><div class="ty l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" rel="noopener follow" href="/business?source=post_page-----561c76af94cf--------------------------------"><p class="bf b dv z du">Teams</p></a></div></div></div></div></div></div></div></div></div></div><script>window.__BUILD_ID__="main-20241122-185319-7bcdc08639"</script><script>window.__GRAPHQL_URI__ = "https://medium.com/_/graphql"</script><script>window.__PRELOADED_STATE__ = {"algolia":{"queries":{}},"cache":{"experimentGroupSet":true,"reason":"","group":"enabled","tags":["group-edgeCachePosts","post-561c76af94cf","user-13b16fa8065d","collection-6da19bd08fba"],"serverVariantState":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","middlewareEnabled":true,"cacheStatus":"DYNAMIC","shouldUseCache":true,"vary":[],"lohpSummerUpsellEnabled":false,"publicationHierarchyEnabledWeb":false,"postBottomResponsesEnabled":false},"client":{"hydrated":false,"isUs":false,"isNativeMedium":false,"isSafariMobile":true,"isSafari":true,"isFirefox":false,"routingEntity":{"type":"DEFAULT","explicit":false},"viewerIsBot":false},"debug":{"requestId":"a1d1c55e-c05b-44b3-b781-d783f1c4fb76","hybridDevServices":[],"originalSpanCarrier":{"traceparent":"00-35fc6ad997b528845f6d6784f4b5fde0-ff9049869c2b7688-01"}},"multiVote":{"clapsPerPost":{}},"navigation":{"branch":{"show":null,"hasRendered":null,"blockedByCTA":false},"hideGoogleOneTap":false,"hasRenderedAlternateUserBanner":null,"currentLocation":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v16-561c76af94cf","host":"medium.com","hostname":"medium.com","referrer":"","hasSetReferrer":false,"susiModal":{"step":null,"operation":"register"},"postRead":false,"partnerProgram":{"selectedCountryCode":null},"queryString":"","currentHash":""},"config":{"nodeEnv":"production","version":"main-20241122-185319-7bcdc08639","target":"production","productName":"Medium","publicUrl":"https:\u002F\u002Fcdn-client.medium.com\u002Flite","authDomain":"medium.com","authGoogleClientId":"216296035834-k1k6qe060s2tp2a2jam4ljdcms00sttg.apps.googleusercontent.com","favicon":"production","glyphUrl":"https:\u002F\u002Fglyph.medium.com","branchKey":"key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm","algolia":{"appId":"MQ57UUUQZ2","apiKeySearch":"394474ced050e3911ae2249ecc774921","indexPrefix":"medium_","host":"-dsn.algolia.net"},"recaptchaKey":"6Lfc37IUAAAAAKGGtC6rLS13R1Hrw_BqADfS1LRk","recaptcha3Key":"6Lf8R9wUAAAAABMI_85Wb8melS7Zj6ziuf99Yot5","recaptchaEnterpriseKeyId":"6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp","datadog":{"applicationId":"6702d87d-a7e0-42fe-bbcb-95b469547ea0","clientToken":"pub853ea8d17ad6821d9f8f11861d23dfed","rumToken":"pubf9cc52896502b9413b68ba36fc0c7162","context":{"deployment":{"target":"production","tag":"main-20241122-185319-7bcdc08639","commit":"7bcdc08639c179dc5172558201a3fd3abc1b5db6"}},"datacenter":"us"},"googleAnalyticsCode":"G-7JY7T788PK","googlePay":{"apiVersion":"2","apiVersionMinor":"0","merchantId":"BCR2DN6TV7EMTGBM","merchantName":"Medium","instanceMerchantId":"13685562959212738550"},"applePay":{"version":3},"signInWallCustomDomainCollectionIds":["3a8144eabfe3","336d898217ee","61061eb0c96b","138adf9c44c","819cc2aaeee0"],"mediumMastodonDomainName":"me.dm","mediumOwnedAndOperatedCollectionIds":["8a9336e5bb4","b7e45b22fec3","193b68bd4fba","8d6b8a439e32","54c98c43354d","3f6ecf56618","d944778ce714","92d2092dc598","ae2a65f35510","1285ba81cada","544c7006046e","fc8964313712","40187e704f1c","88d9857e584e","7b6769f2748b","bcc38c8f6edf","cef6983b292","cb8577c9149e","444d13b52878","713d7dbc99b0","ef8e90590e66","191186aaafa0","55760f21cdc5","9dc80918cc93","bdc4052bbdba","8ccfed20cbb2"],"tierOneDomains":["medium.com","thebolditalic.com","arcdigital.media","towardsdatascience.com","uxdesign.cc","codeburst.io","psiloveyou.xyz","writingcooperative.com","entrepreneurshandbook.co","prototypr.io","betterhumans.coach.me","theascent.pub"],"topicsToFollow":["d61cf867d93f","8a146bc21b28","1eca0103fff3","4d562ee63426","aef1078a3ef5","e15e46793f8d","6158eb913466","55f1c20aba7a","3d18b94f6858","4861fee224fd","63c6f1f93ee","1d98b3a9a871","decb52b64abf","ae5d4995e225","830cded25262"],"topicToTagMappings":{"accessibility":"accessibility","addiction":"addiction","android-development":"android-development","art":"art","artificial-intelligence":"artificial-intelligence","astrology":"astrology","basic-income":"basic-income","beauty":"beauty","biotech":"biotech","blockchain":"blockchain","books":"books","business":"business","cannabis":"cannabis","cities":"cities","climate-change":"climate-change","comics":"comics","coronavirus":"coronavirus","creativity":"creativity","cryptocurrency":"cryptocurrency","culture":"culture","cybersecurity":"cybersecurity","data-science":"data-science","design":"design","digital-life":"digital-life","disability":"disability","economy":"economy","education":"education","equality":"equality","family":"family","feminism":"feminism","fiction":"fiction","film":"film","fitness":"fitness","food":"food","freelancing":"freelancing","future":"future","gadgets":"gadgets","gaming":"gaming","gun-control":"gun-control","health":"health","history":"history","humor":"humor","immigration":"immigration","ios-development":"ios-development","javascript":"javascript","justice":"justice","language":"language","leadership":"leadership","lgbtqia":"lgbtqia","lifestyle":"lifestyle","machine-learning":"machine-learning","makers":"makers","marketing":"marketing","math":"math","media":"media","mental-health":"mental-health","mindfulness":"mindfulness","money":"money","music":"music","neuroscience":"neuroscience","nonfiction":"nonfiction","outdoors":"outdoors","parenting":"parenting","pets":"pets","philosophy":"philosophy","photography":"photography","podcasts":"podcast","poetry":"poetry","politics":"politics","privacy":"privacy","product-management":"product-management","productivity":"productivity","programming":"programming","psychedelics":"psychedelics","psychology":"psychology","race":"race","relationships":"relationships","religion":"religion","remote-work":"remote-work","san-francisco":"san-francisco","science":"science","self":"self","self-driving-cars":"self-driving-cars","sexuality":"sexuality","social-media":"social-media","society":"society","software-engineering":"software-engineering","space":"space","spirituality":"spirituality","sports":"sports","startups":"startup","style":"style","technology":"technology","transportation":"transportation","travel":"travel","true-crime":"true-crime","tv":"tv","ux":"ux","venture-capital":"venture-capital","visual-design":"visual-design","work":"work","world":"world","writing":"writing"},"defaultImages":{"avatar":{"imageId":"1*dmbNkD5D-u45r44go_cf0g.png","height":150,"width":150},"orgLogo":{"imageId":"7*V1_7XP4snlmqrc_0Njontw.png","height":110,"width":500},"postLogo":{"imageId":"bd978bb536350a710e8efb012513429cabdc4c28700604261aeda246d0f980b7","height":810,"width":1440},"postPreviewImage":{"imageId":"1*hn4v1tCaJy7cWMyb0bpNpQ.png","height":386,"width":579}},"collectionStructuredData":{"8d6b8a439e32":{"name":"Elemental","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F980\u002F1*9ygdqoKprhwuTVKUM0DLPA@2x.png","width":980,"height":159}}},"3f6ecf56618":{"name":"Forge","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F596\u002F1*uULpIlImcO5TDuBZ6lm7Lg@2x.png","width":596,"height":183}}},"ae2a65f35510":{"name":"GEN","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F264\u002F1*RdVZMdvfV3YiZTw6mX7yWA.png","width":264,"height":140}}},"88d9857e584e":{"name":"LEVEL","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*JqYMhNX6KNNb2UlqGqO2WQ.png","width":540,"height":108}}},"7b6769f2748b":{"name":"Marker","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F383\u002F1*haCUs0wF6TgOOvfoY-jEoQ@2x.png","width":383,"height":92}}},"444d13b52878":{"name":"OneZero","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*cw32fIqCbRWzwJaoQw6BUg.png","width":540,"height":123}}},"8ccfed20cbb2":{"name":"Zora","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*tZUQqRcCCZDXjjiZ4bDvgQ.png","width":540,"height":106}}}},"embeddedPostIds":{"coronavirus":"cd3010f9d81f"},"sharedCdcMessaging":{"COVID_APPLICABLE_TAG_SLUGS":[],"COVID_APPLICABLE_TOPIC_NAMES":[],"COVID_APPLICABLE_TOPIC_NAMES_FOR_TOPIC_PAGE":[],"COVID_MESSAGES":{"tierA":{"text":"For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":66,"end":73,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"tierB":{"text":"Anyone can publish on Medium per our Policies, but we don’t fact-check every story. For more info about the coronavirus, see cdc.gov.","markups":[{"start":37,"end":45,"href":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Fcategories\u002F201931128-Policies-Safety"},{"start":125,"end":132,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"paywall":{"text":"This article has been made free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":56,"end":70,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":138,"end":145,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"unbound":{"text":"This article is free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":45,"end":59,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":127,"end":134,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]}},"COVID_BANNER_POST_ID_OVERRIDE_WHITELIST":["3b31a67bff4a"]},"sharedVoteMessaging":{"TAGS":["politics","election-2020","government","us-politics","election","2020-presidential-race","trump","donald-trump","democrats","republicans","congress","republican-party","democratic-party","biden","joe-biden","maga"],"TOPICS":["politics","election"],"MESSAGE":{"text":"Find out more about the U.S. election results here.","markups":[{"start":46,"end":50,"href":"https:\u002F\u002Fcookpolitical.com\u002F2020-national-popular-vote-tracker"}]},"EXCLUDE_POSTS":["397ef29e3ca5"]},"embedPostRules":[],"recircOptions":{"v1":{"limit":3},"v2":{"limit":8}},"braintreeClientKey":"production_zjkj96jm_m56f8fqpf7ngnrd4","braintree":{"enabled":true,"merchantId":"m56f8fqpf7ngnrd4","merchantAccountId":{"usd":"AMediumCorporation_instant","eur":"amediumcorporation_EUR","cad":"amediumcorporation_CAD"},"publicKey":"ds2nn34bg2z7j5gd","braintreeEnvironment":"production","dashboardUrl":"https:\u002F\u002Fwww.braintreegateway.com\u002Fmerchants","gracePeriodDurationInDays":14,"mediumMembershipPlanId":{"monthly":"ce105f8c57a3","monthlyV2":"e8a5e126-792b-4ee6-8fba-d574c1b02fc5","monthlyWithTrial":"d5ee3dbe3db8","monthlyPremium":"fa741a9b47a2","yearly":"a40ad4a43185","yearlyV2":"3815d7d6-b8ca-4224-9b8c-182f9047866e","yearlyStaff":"d74fb811198a","yearlyWithTrial":"b3bc7350e5c7","yearlyPremium":"e21bd2c12166","monthlyOneYearFree":"e6c0637a-2bad-4171-ab4f-3c268633d83c","monthly25PercentOffFirstYear":"235ecc62-0cdb-49ae-9378-726cd21c504b","monthly20PercentOffFirstYear":"ba518864-9c13-4a99-91ca-411bf0cac756","monthly15PercentOffFirstYear":"594c029b-9f89-43d5-88f8-8173af4e070e","monthly10PercentOffFirstYear":"c6c7bc9a-40f2-4b51-8126-e28511d5bdb0","monthlyForStudents":"629ebe51-da7d-41fd-8293-34cd2f2030a8","yearlyOneYearFree":"78ba7be9-0d9f-4ece-aa3e-b54b826f2bf1","yearly25PercentOffFirstYear":"2dbb010d-bb8f-4eeb-ad5c-a08509f42d34","yearly20PercentOffFirstYear":"47565488-435b-47f8-bf93-40d5fbe0ebc8","yearly15PercentOffFirstYear":"8259809b-0881-47d9-acf7-6c001c7f720f","yearly10PercentOffFirstYear":"9dd694fb-96e1-472c-8d9e-3c868d5c1506","yearlyForStudents":"e29345ef-ab1c-4234-95c5-70e50fe6bc23","monthlyCad":"p52orjkaceei","yearlyCad":"h4q9g2up9ktt"},"braintreeDiscountId":{"oneMonthFree":"MONTHS_FREE_01","threeMonthsFree":"MONTHS_FREE_03","sixMonthsFree":"MONTHS_FREE_06","fiftyPercentOffOneYear":"FIFTY_PERCENT_OFF_ONE_YEAR"},"3DSecureVersion":"2","defaultCurrency":"usd","providerPlanIdCurrency":{"4ycw":"usd","rz3b":"usd","3kqm":"usd","jzw6":"usd","c2q2":"usd","nnsw":"usd","q8qw":"usd","d9y6":"usd","fx7w":"cad","nwf2":"cad"}},"paypalClientId":"AXj1G4fotC2GE8KzWX9mSxCH1wmPE3nJglf4Z2ig_amnhvlMVX87otaq58niAg9iuLktVNF_1WCMnN7v","paypal":{"host":"https:\u002F\u002Fapi.paypal.com:443","clientMode":"production","serverMode":"live","webhookId":"4G466076A0294510S","monthlyPlan":{"planId":"P-9WR0658853113943TMU5FDQA","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlan":{"planId":"P-7N8963881P8875835MU5JOPQ","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oneYearGift":{"name":"Medium Membership (1 Year, Digital Gift Code)","description":"Unlimited access to the best and brightest stories on Medium. Gift codes can be redeemed at medium.com\u002Fredeem.","price":"50.00","currency":"USD","sku":"membership-gift-1-yr"},"oldMonthlyPlan":{"planId":"P-96U02458LM656772MJZUVH2Y","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlan":{"planId":"P-59P80963JF186412JJZU3SMI","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"monthlyPlanWithTrial":{"planId":"P-66C21969LR178604GJPVKUKY","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlanWithTrial":{"planId":"P-6XW32684EX226940VKCT2MFA","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oldMonthlyPlanNoSetupFee":{"planId":"P-4N046520HR188054PCJC7LJI","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlanNoSetupFee":{"planId":"P-7A4913502Y5181304CJEJMXQ","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"sdkUrl":"https:\u002F\u002Fwww.paypal.com\u002Fsdk\u002Fjs"},"stripePublishableKey":"pk_live_7FReX44VnNIInZwrIIx6ghjl","log":{"json":true,"level":"info"},"imageUploadMaxSizeMb":25,"staffPicks":{"title":"Staff Picks","catalogId":"c7bc6e1ee00f"}},"session":{"xsrf":""}}</script><script>window.__APOLLO_STATE__ = {"ROOT_QUERY":{"__typename":"Query","viewer":null,"collectionByDomainOrSlug({\"domainOrSlug\":\"mitre-attack\"})":{"__ref":"Collection:6da19bd08fba"},"postResult({\"id\":\"561c76af94cf\"})":{"__ref":"Post:561c76af94cf"}},"ImageMetadata:":{"__typename":"ImageMetadata","id":""},"Collection:6da19bd08fba":{"__typename":"Collection","id":"6da19bd08fba","favicon":{"__ref":"ImageMetadata:"},"customStyleSheet":null,"colorPalette":{"__typename":"ColorPalette","highlightSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFFFFFFF","colorPoints":[{"__typename":"ColorPoint","color":"#FFFFE3D3","point":0},{"__typename":"ColorPoint","color":"#FFFFDECB","point":0.1},{"__typename":"ColorPoint","color":"#FFFFD9C4","point":0.2},{"__typename":"ColorPoint","color":"#FFFFD4BD","point":0.3},{"__typename":"ColorPoint","color":"#FFFFD0B5","point":0.4},{"__typename":"ColorPoint","color":"#FFFFCBAE","point":0.5},{"__typename":"ColorPoint","color":"#FFFFC6A7","point":0.6},{"__typename":"ColorPoint","color":"#FFFFC1A0","point":0.7},{"__typename":"ColorPoint","color":"#FFFFBC99","point":0.8},{"__typename":"ColorPoint","color":"#FFFFB792","point":0.9},{"__typename":"ColorPoint","color":"#FFFFB18B","point":1}]},"defaultBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFFFFFFF","colorPoints":[{"__typename":"ColorPoint","color":"#FFDA4E2A","point":0},{"__typename":"ColorPoint","color":"#FFCA4A29","point":0.1},{"__typename":"ColorPoint","color":"#FFB94628","point":0.2},{"__typename":"ColorPoint","color":"#FFA84227","point":0.3},{"__typename":"ColorPoint","color":"#FF973D25","point":0.4},{"__typename":"ColorPoint","color":"#FF863823","point":0.5},{"__typename":"ColorPoint","color":"#FF753220","point":0.6},{"__typename":"ColorPoint","color":"#FF632B1C","point":0.7},{"__typename":"ColorPoint","color":"#FF512417","point":0.8},{"__typename":"ColorPoint","color":"#FF3E1B12","point":0.9},{"__typename":"ColorPoint","color":"#FF2A120B","point":1}]},"tintBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFC63F1D","colorPoints":[{"__typename":"ColorPoint","color":"#FFC63F1D","point":0},{"__typename":"ColorPoint","color":"#FFD65331","point":0.1},{"__typename":"ColorPoint","color":"#FFE46644","point":0.2},{"__typename":"ColorPoint","color":"#FFF17858","point":0.3},{"__typename":"ColorPoint","color":"#FFFC8B6B","point":0.4},{"__typename":"ColorPoint","color":"#FFFF9C7F","point":0.5},{"__typename":"ColorPoint","color":"#FFFFAE93","point":0.6},{"__typename":"ColorPoint","color":"#FFFFBFA7","point":0.7},{"__typename":"ColorPoint","color":"#FFFFD0BB","point":0.8},{"__typename":"ColorPoint","color":"#FFFFE1D0","point":0.9},{"__typename":"ColorPoint","color":"#FFFFF2E4","point":1}]}},"domain":null,"slug":"mitre-attack","googleAnalyticsId":null,"editors":[{"__typename":"CollectionMastheadUserItem","user":{"__ref":"User:37fd2c032d44"}},{"__typename":"CollectionMastheadUserItem","user":{"__ref":"User:13b16fa8065d"}},{"__typename":"CollectionMastheadUserItem","user":{"__ref":"User:dde6bca9b8c0"}}],"name":"MITRE ATT&CK®","avatar":{"__ref":"ImageMetadata:1*Y6LKGEIzmF96lVHkv_RS9A.png"},"description":"This is the official blog for MITRE ATT&CK®, the MITRE-developed, globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The full website is located at https:\u002F\u002Fattack.mitre.org.","subscriberCount":6516,"latestPostsConnection({\"paging\":{\"limit\":1}})":{"__typename":"PostConnection","posts":[{"__ref":"Post:561c76af94cf"}]},"viewerEdge":{"__ref":"CollectionViewerEdge:collectionId:6da19bd08fba-viewerId:lo_dd1658dc1d0b"},"twitterUsername":"mitreattack","facebookPageId":null,"logo":{"__ref":"ImageMetadata:1*8epIYX1PfgfnVfDYfZ5loQ.png"}},"User:37fd2c032d44":{"__typename":"User","id":"37fd2c032d44"},"User:13b16fa8065d":{"__typename":"User","id":"13b16fa8065d","customDomainState":null,"hasSubdomain":false,"username":"arobertson_79988","name":"Amy L. Robertson","newsletterV3":{"__ref":"NewsletterV3:62f573dbf646"},"linkedAccounts":{"__ref":"LinkedAccounts:13b16fa8065d"},"isSuspended":false,"imageId":"1*HSqNMSnjesj-UnJGDPJi7g.jpeg","mediumMemberAt":0,"verifications":{"__typename":"VerifiedInfo","isBookAuthor":false},"socialStats":{"__typename":"SocialStats","followerCount":618,"followingCount":4,"collectionFollowingCount":1},"bio":"","isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:13b16fa8065d-viewerId:lo_dd1658dc1d0b"},"viewerIsUser":false,"postSubscribeMembershipUpsellShownAt":0,"membership":null,"allowNotes":true,"twitterScreenName":""},"User:dde6bca9b8c0":{"__typename":"User","id":"dde6bca9b8c0"},"ImageMetadata:1*Y6LKGEIzmF96lVHkv_RS9A.png":{"__typename":"ImageMetadata","id":"1*Y6LKGEIzmF96lVHkv_RS9A.png"},"Post:561c76af94cf":{"__typename":"Post","id":"561c76af94cf","firstPublishedAt":1730389403724,"creator":{"__ref":"User:13b16fa8065d"},"collection":{"__ref":"Collection:6da19bd08fba"},"isSeries":false,"mediumUrl":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v16-561c76af94cf","sequence":null,"uniqueSlug":"attack-v16-561c76af94cf","content({\"postMeteringOptions\":{}})":{"__typename":"PostContent","isLockedPreviewOnly":false,"bodyModel":{"__typename":"RichText","sections":[{"__typename":"Section","name":"8564","startIndex":0,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null},{"__typename":"Section","name":"5504","startIndex":33,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null}],"paragraphs":[{"__ref":"Paragraph:b33719189b51_0"},{"__ref":"Paragraph:b33719189b51_1"},{"__ref":"Paragraph:b33719189b51_2"},{"__ref":"Paragraph:b33719189b51_3"},{"__ref":"Paragraph:b33719189b51_4"},{"__ref":"Paragraph:b33719189b51_5"},{"__ref":"Paragraph:b33719189b51_6"},{"__ref":"Paragraph:b33719189b51_7"},{"__ref":"Paragraph:b33719189b51_8"},{"__ref":"Paragraph:b33719189b51_9"},{"__ref":"Paragraph:b33719189b51_10"},{"__ref":"Paragraph:b33719189b51_11"},{"__ref":"Paragraph:b33719189b51_12"},{"__ref":"Paragraph:b33719189b51_13"},{"__ref":"Paragraph:b33719189b51_14"},{"__ref":"Paragraph:b33719189b51_15"},{"__ref":"Paragraph:b33719189b51_16"},{"__ref":"Paragraph:b33719189b51_17"},{"__ref":"Paragraph:b33719189b51_18"},{"__ref":"Paragraph:b33719189b51_19"},{"__ref":"Paragraph:b33719189b51_20"},{"__ref":"Paragraph:b33719189b51_21"},{"__ref":"Paragraph:b33719189b51_22"},{"__ref":"Paragraph:b33719189b51_23"},{"__ref":"Paragraph:b33719189b51_24"},{"__ref":"Paragraph:b33719189b51_25"},{"__ref":"Paragraph:b33719189b51_26"},{"__ref":"Paragraph:b33719189b51_27"},{"__ref":"Paragraph:b33719189b51_28"},{"__ref":"Paragraph:b33719189b51_29"},{"__ref":"Paragraph:b33719189b51_30"},{"__ref":"Paragraph:b33719189b51_31"},{"__ref":"Paragraph:b33719189b51_32"},{"__ref":"Paragraph:b33719189b51_33"},{"__ref":"Paragraph:b33719189b51_34"},{"__ref":"Paragraph:b33719189b51_35"},{"__ref":"Paragraph:b33719189b51_36"},{"__ref":"Paragraph:b33719189b51_37"}]},"validatedShareKey":"","shareKeyCreator":null},"inResponseToEntityType":null,"isLocked":false,"isMarkedPaywallOnly":false,"lockedSource":"LOCKED_POST_SOURCE_NONE","primaryTopic":null,"topics":[{"__typename":"Topic","slug":"cybersecurity"}],"isPublished":true,"latestPublishedVersion":"b33719189b51","visibility":"PUBLIC","postResponses":{"__typename":"PostResponses","count":0},"clapCount":18,"allowResponses":true,"isLimitedState":false,"title":"v16 Cloud Rebalancing, Analytics,","socialTitle":"","socialDek":"","canonicalUrl":"","metaDescription":"","latestPublishedAt":1730404219250,"readingTime":5.286792452830189,"previewContent":{"__typename":"PreviewContent","subtitle":"Fine-tuned cloud coverage, optimized defense with more analytics, expanded existing techniques\u002Fgroups, and introduced new behaviors &…"},"previewImage":{"__ref":"ImageMetadata:1*YEpt4gwe_KcB6O3mGJAzLA.png"},"isShortform":false,"seoTitle":"","updatedAt":1731566614564,"shortformType":"SHORTFORM_TYPE_LINK","seoDescription":"Fine-tuned cloud coverage, optimized defense with added analytics, expanded existing techniques\u002Fgroups, and introduced new behaviors & groups.","viewerEdge":{"__ref":"PostViewerEdge:postId:561c76af94cf-viewerId:lo_dd1658dc1d0b"},"isSuspended":false,"license":"ALL_RIGHTS_RESERVED","tags":[{"__ref":"Tag:mitre-attck"},{"__ref":"Tag:cloud"},{"__ref":"Tag:detection-engineering"},{"__ref":"Tag:cybercrime"}],"isNewsletter":false,"statusForCollection":"APPROVED","pendingCollection":null,"detectedLanguage":"en","wordCount":1348,"layerCake":6,"responsesLocked":false},"LinkedAccounts:13b16fa8065d":{"__typename":"LinkedAccounts","mastodon":null,"id":"13b16fa8065d"},"UserViewerEdge:userId:13b16fa8065d-viewerId:lo_dd1658dc1d0b":{"__typename":"UserViewerEdge","id":"userId:13b16fa8065d-viewerId:lo_dd1658dc1d0b","isFollowing":false,"isUser":false,"isMuting":false},"NewsletterV3:62f573dbf646":{"__typename":"NewsletterV3","id":"62f573dbf646","type":"NEWSLETTER_TYPE_AUTHOR","slug":"13b16fa8065d","name":"13b16fa8065d","collection":null,"user":{"__ref":"User:13b16fa8065d"}},"ImageMetadata:1*YEpt4gwe_KcB6O3mGJAzLA.png":{"__typename":"ImageMetadata","id":"1*YEpt4gwe_KcB6O3mGJAzLA.png","originalHeight":1233,"originalWidth":1242,"focusPercentX":null,"focusPercentY":null,"alt":null},"Paragraph:b33719189b51_0":{"__typename":"Paragraph","id":"b33719189b51_0","name":"5f91","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:1*YEpt4gwe_KcB6O3mGJAzLA.png"},"text":"","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_1":{"__typename":"Paragraph","id":"b33719189b51_1","name":"36be","type":"H3","href":null,"layout":null,"metadata":null,"text":"V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":82,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_2":{"__typename":"Paragraph","id":"b33719189b51_2","name":"a258","type":"P","href":null,"layout":null,"metadata":null,"text":"In v16, we’re all about balance — striking that perfect chord between familiar and pioneering to keep things real and actionable.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_3":{"__typename":"Paragraph","id":"b33719189b51_3","name":"c096","type":"P","href":null,"layout":null,"metadata":null,"text":"This update fine-tunes how we cover cloud environments, finding equilibrium between depth and practicality to ensure it remains practical for defenders. As part of our balancing act, we’re also expanding on familiar threats while introducing some fresh behaviors and groups. This release also features optimized detection engineering offerings and enhanced usability across ATT&CK tools, with the goal of a balanced resource for everyone.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"EM","start":407,"end":415,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_4":{"__typename":"Paragraph","id":"b33719189b51_4","name":"4393","type":"P","href":null,"layout":null,"metadata":null,"text":"For all the details on our updates\u002Fadditions across Techniques, Software, Groups and Campaigns take a look at our release notes, our detailed changelog, or our changelog.json.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":114,"end":127,"href":"https:\u002F\u002Fattack.mitre.org\u002Fresources\u002Fupdates\u002Fupdates-october-2024\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":133,"end":151,"href":"https:\u002F\u002Fattack.mitre.org\u002Fdocs\u002Fchangelogs\u002Fv15.1-v16.0\u002Fchangelog-detailed.html","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":160,"end":174,"href":"https:\u002F\u002Fattacksite.mitre.org\u002Fchanges\u002Fchangelog.json","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_5":{"__typename":"Paragraph","id":"b33719189b51_5","name":"4203","type":"H3","href":null,"layout":null,"metadata":null,"text":"Enterprise","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_6":{"__typename":"Paragraph","id":"b33719189b51_6","name":"8b82","type":"H4","href":null,"layout":null,"metadata":null,"text":"Cloud Realigned","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_7":{"__typename":"Paragraph","id":"b33719189b51_7","name":"c3a6","type":"P","href":null,"layout":null,"metadata":null,"text":"We’ve been working to fine-tune the balance between abstraction and detail in the Cloud matrix to cover various cloud environments and threats, while staying specific enough to guide actionable defenses. v16 unveils our efforts to keep the matrix practical for defenders across diverse setups, clarify technique descriptions, and ensure that it’s intuitively navigable.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_8":{"__typename":"Paragraph","id":"b33719189b51_8","name":"1c58","type":"P","href":null,"layout":null,"metadata":null,"text":"We’d like to introduce the recalibrated Cloud matrix, now featuring four platforms (Iaas, SaaS, Identity Provider, and Office Suite) — key changes include:","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":40,"end":52,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":84,"end":88,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fiaas\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":90,"end":94,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fsaas\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":96,"end":113,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fidentityprovider\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":119,"end":131,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fofficesuite\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":40,"end":53,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_9":{"__typename":"Paragraph","id":"b33719189b51_9","name":"4ab4","type":"ULI","href":null,"layout":null,"metadata":null,"text":"Broadened Identity concept to cover multiple products and services, reflecting how identity functions work similarly across cloud setups. \n – This includes incorporating Azure AD into Identity Provider for clearer cloud functionality distinctions.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":184,"end":201,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fidentityprovider\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":10,"end":18,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":170,"end":178,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":184,"end":201,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_10":{"__typename":"Paragraph","id":"b33719189b51_10","name":"5787","type":"ULI","href":null,"layout":null,"metadata":null,"text":"Clarified the Google Workspace and Microsoft 365 overlap with the new Office Suite platform, as they behave nearly identically at the technique level.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":70,"end":82,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fofficesuite\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":14,"end":31,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":35,"end":44,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":45,"end":48,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":70,"end":82,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_11":{"__typename":"Paragraph","id":"b33719189b51_11","name":"5a1e","type":"H4","href":null,"layout":null,"metadata":null,"text":"Behavior Balancing Act","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_12":{"__typename":"Paragraph","id":"b33719189b51_12","name":"6aaa","type":"P","href":null,"layout":null,"metadata":null,"text":"We maintained our perfect balance formula (Familiar + Novel = Reality) with this release, expanding on existing techniques with behaviors you’ll recognize, but weren’t previously in the matrix — for example, T1557.004: Adversary-in-the-Middle: Evil Twin, T1213.004: Data from Information Repositories: Customer Relationship Management Software and T1213:Data from Information Repositories: Messaging Applications.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":208,"end":253,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1557\u002F004\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":255,"end":343,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1213\u002F004\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":348,"end":412,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1213\u002F005\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":343,"end":344,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":347,"end":348,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"EM","start":43,"end":69,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_13":{"__typename":"Paragraph","id":"b33719189b51_13","name":"7d6a","type":"P","href":null,"layout":null,"metadata":null,"text":"For the novelty factor, this release also features some intriguing new behaviors, like T1496.004:Resource Hijacking:Cloud Service Hijacking, where adversaries can hijack compromised SaaS applications (like email and messaging services) to send spam, while also draining your resources and impacting service availability. We also added T1666: Modify Cloud Resource Hierarchy, highlighting how IaaS hierarchies can be manipulated to evade defenses and exploit resources by creating covert subscriptions in Azure or detaching AWS accounts from their organizations.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":87,"end":139,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1496\u002F004\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":335,"end":373,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1666\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_14":{"__typename":"Paragraph","id":"b33719189b51_14","name":"b519","type":"P","href":null,"layout":null,"metadata":null,"text":"Our Linux and macOS behavior repository also grew, with the highly demanded T1546.017: Event Triggered Execution: Udev Rules, where adversaries can persist on Linux by tweaking udev rules to run malicious code, exploiting its permissions and background capabilities. The new T1558.005: Steal or Forge Kerberos Tickets: Ccache Files sub reminds us how adversaries can swipe Kerberos tickets from credential cache files to access multiple services as the current user — and even indulge in a little privilege escalation or lateral movement.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":76,"end":124,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1546\u002F017\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":275,"end":331,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1558\u002F005\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":3,"end":10,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":13,"end":20,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":55,"end":56,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":124,"end":126,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_15":{"__typename":"Paragraph","id":"b33719189b51_15","name":"5ada","type":"P","href":null,"layout":null,"metadata":null,"text":"For the full list of (sub) technique additions and expansions, check out the changelog!","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":77,"end":86,"href":"https:\u002F\u002Fattack.mitre.org\u002Fdocs\u002Fchangelogs\u002Fv15.1-v16.0\u002Fchangelog-detailed.html","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_16":{"__typename":"Paragraph","id":"b33719189b51_16","name":"cd91","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: We’re looking into a optimizing a couple of disparate areas — including restructuring Defense Evasion for clarity and usability. One approach we’re assessing is to organize techniques based on the specific behaviors they represent: those that focus on evading detection and those aimed at circumventing specific mitigations. We’re also evaluating how to refactor metadata to only feature what’s useable and relevant. Have thoughts or would like to contribute insights to either discussion? Share them on Slack or email!","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":99,"end":114,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftactics\u002FTA0005\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":517,"end":522,"href":"https:\u002F\u002Fjoin.slack.com\u002Ft\u002Fmitreattack\u002Fshared_invite\u002Fzt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":526,"end":531,"href":"http:\u002F\u002Fattack@mitre.org\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":0,"end":12,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_17":{"__typename":"Paragraph","id":"b33719189b51_17","name":"7e9e","type":"H3","href":null,"layout":null,"metadata":null,"text":"Defensive Coverage","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_18":{"__typename":"Paragraph","id":"b33719189b51_18","name":"cc6d","type":"H4","href":null,"layout":null,"metadata":null,"text":"Detection Engineering","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_19":{"__typename":"Paragraph","id":"b33719189b51_19","name":"3e70","type":"P","href":null,"layout":null,"metadata":null,"text":"Our Defensive goal for this year was to expand detections and mitigations, and help you get more actionable through detection engineering. With our optimization of our pseudocode format for analytics — reflecting real-world query language that is meant to serve as a template for your tailored queries — v16 is coming in hot with a whole host of new analytic blueprints.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_20":{"__typename":"Paragraph","id":"b33719189b51_20","name":"7f84","type":"P","href":null,"layout":null,"metadata":null,"text":"In the Execution, we’ve added 85 new analytics, to help you identify techniques that execute malicious code,120 new analytics under Credential Access aimed at capturing the behaviors used to steal credentials, and 26 new Cloud analytics designed to highlight techniques that exploit Microsoft 365 & Azure AD.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":7,"end":16,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftactics\u002FTA0002\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":132,"end":149,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftactics\u002FTA0006\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":283,"end":296,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fofficesuite\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":299,"end":307,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002Fidentityprovider\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":30,"end":46,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":108,"end":125,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":214,"end":236,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":298,"end":299,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_21":{"__typename":"Paragraph","id":"b33719189b51_21","name":"7d27","type":"P","href":null,"layout":null,"metadata":null,"text":"As a bonus, v16 also features a STIX analytic extraction Python script that lets you quickly pull and export analytics.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":32,"end":70,"href":"https:\u002F\u002Fgithub.com\u002Fmitre-attack\u002Fmitreattack-python\u002Fblob\u002Fmaster\u002Fexamples\u002Fanalytic_extractor.py","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_22":{"__typename":"Paragraph","id":"b33719189b51_22","name":"f853","type":"H4","href":null,"layout":null,"metadata":null,"text":"Mitigations","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_23":{"__typename":"Paragraph","id":"b33719189b51_23","name":"c76b","type":"P","href":null,"layout":null,"metadata":null,"text":"On the Mitigations front, we added a new mitigation: Out of Band Communication, focused on secure, alternative communication channels — like encrypted messaging or satellite lines — to keep critical comms safe and running during incidents and bypassing any compromised network systems. We also enhanced Active Directory Configuration with a community contribution that adds clearer examples and detailed interpretations of group policy settings. As we continue to update Mitigations, we need your insights! When you share specific use cases, clearer examples, and detailed configurations, you’re making it easier for fellow defenders to understand and implement mitigations effectively.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":7,"end":18,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmitigations\u002Fenterprise\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":53,"end":78,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmitigations\u002FM1060\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":303,"end":333,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmitigations\u002FM1015\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_24":{"__typename":"Paragraph","id":"b33719189b51_24","name":"7097","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: We have a lot on our docket and some areas we’re still considering, including implementing STIX IDs for data components to improve clarity and tracking, developing analytics for Initial Access and Exfiltration, and Discovery, and revamping our data sources for actionability. We’ll also be looking into multi-event analytics that examine how different sources, like file modifications and process creation, interact within a short time frame instead of focusing on just one collection source. We would love your insights and collaboration on these initiatives — email or join #defensive_attack to get involved!","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":575,"end":580,"href":"http:\u002F\u002Fattack@mitre.org\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":589,"end":606,"href":"https:\u002F\u002Fmitreattack.slack.com\u002Farchives\u002FC036RA0B7EX","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_25":{"__typename":"Paragraph","id":"b33719189b51_25","name":"7277","type":"H3","href":null,"layout":null,"metadata":null,"text":"Cyber Threat Intelligence","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_26":{"__typename":"Paragraph","id":"b33719189b51_26","name":"c4e8","type":"P","href":null,"layout":null,"metadata":null,"text":"Our CTI updates also embody the perfect balance formula: we’re working to close the representation gaps in the cybercrime space while continuing to update state-attributed groups.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"EM","start":32,"end":55,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_27":{"__typename":"Paragraph","id":"b33719189b51_27","name":"5aea","type":"P","href":null,"layout":null,"metadata":null,"text":"Some of the cybercriminal additions in v16 include G1032 (Inc Ransom), a group notorious for its double-extortion tactics, as well as the G1040 (Play) ransomware group, that utilizes advanced encryption and targeting of high-value victims. Both groups exploit known vulnerabilities to gain initial access and steal data before deploying their ransomware. Additionally, G1037 operates as an initial access broker, using phishing techniques to infiltrate networks.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":51,"end":56,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG1032\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":138,"end":143,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG1040\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":369,"end":374,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG1037\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_28":{"__typename":"Paragraph","id":"b33719189b51_28","name":"9538","type":"P","href":null,"layout":null,"metadata":null,"text":"On the State front, we updated G0007 and G0034, both linked to different units of Russia’s General Staff Main Intelligence Directorate (GRU), with common behaviors, such as using malicious Microsoft Office attachments in their spear-phishing emails.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":31,"end":36,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG0007\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":41,"end":46,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG0034\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_29":{"__typename":"Paragraph","id":"b33719189b51_29","name":"14e1","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: Moving forward, we intend to continue staying responsive to your contributions — highlighting groups, software, and campaigns that matter to practitioners, while also showcasing unique and exceptional tradecraft to highlight techniques. Got brilliant insights or behaviors to share? Join us on #attack-cti, or contribute.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":307,"end":318,"href":"https:\u002F\u002Fjoin.slack.com\u002Ft\u002Fmitreattack\u002Fshared_invite\u002Fzt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":323,"end":333,"href":"https:\u002F\u002Fattack.mitre.org\u002Fresources\u002Fengage-with-attack\u002Fcontribute\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":0,"end":12,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_30":{"__typename":"Paragraph","id":"b33719189b51_30","name":"393e","type":"H3","href":null,"layout":null,"metadata":null,"text":"Software Development","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_31":{"__typename":"Paragraph","id":"b33719189b51_31","name":"720c","type":"P","href":null,"layout":null,"metadata":null,"text":"Our Software goal this year was to enhance usability and streamline processes for ATT&CK tools and infrastructure. We’ve been working hard towards these goals, but most importantly, we introduced our new TAXII server: the MITRE ATT&CK Workbench TAXII 2.1 Server and open-sourced the TAXII 2.1 code to enable you to establish your own servers within your organization and contribute to enhancing it. As you’re exploring the new 2.1 server, remember that we’ll be retiring the TAXII 2.0 server on December 18. To continue receiving updated ATT&CK data, you’ll need to migrate from cti-taxii.mitre.org to attack-taxii.mitre.org. Check out our TAXII 2.1 blog post for more details.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":222,"end":261,"href":"https:\u002F\u002Fattack-taxii.mitre.org\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":283,"end":297,"href":"https:\u002F\u002Fgithub.com\u002Fmitre-attack\u002Fattack-workbench-taxii-server","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":640,"end":659,"href":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fintroducing-taxii-2-1-and-a-fond-farewell-to-taxii-2-0-d9fca6ce4c58","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":508,"end":626,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"EM","start":367,"end":371,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_32":{"__typename":"Paragraph","id":"b33719189b51_32","name":"a50a","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: We’re planning on rolling out ATT&CK Data Model 1.0, which will introduce Platform objects and assign ATT&CK IDs to data components for easier tracking. We’ll also be updating the defensive objects structure for intuitiveness and simplifying the Workbench process. On the website front, our goal is to move towards a modern framework and ensure consistency and clarity across ATT&CK tools and documentation with STIX 2.1.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_33":{"__typename":"Paragraph","id":"b33719189b51_33","name":"57a7","type":"H3","href":null,"layout":null,"metadata":null,"text":"You Bring the Insights, We’ll Bring the Updates","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_34":{"__typename":"Paragraph","id":"b33719189b51_34","name":"b924","type":"P","href":null,"layout":null,"metadata":null,"text":"We deeply value our community, and your in-the-wild examples and real-world implementations are what ensure that ATT&CK remains relevant and actionable, so if you see something, contrib something.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":178,"end":185,"href":"https:\u002F\u002Fattack.mitre.org\u002Fresources\u002Fengage-with-attack\u002Fcontribute\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"EM","start":156,"end":196,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_35":{"__typename":"Paragraph","id":"b33719189b51_35","name":"0a57","type":"P","href":null,"layout":null,"metadata":null,"text":"Looking ahead, we can’t wait to keep partnering with you on everything we have lined up — as well as all the things we haven’t planned yet but will absolutely end up on our agenda, thanks to your great contributions.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_36":{"__typename":"Paragraph","id":"b33719189b51_36","name":"b3f3","type":"P","href":null,"layout":null,"metadata":null,"text":"Connect with us on Email, Twitter, LinkedIn, or Slack.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":19,"end":24,"href":"http:\u002F\u002Fattack@mitre.org","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":26,"end":33,"href":"https:\u002F\u002Ftwitter.com\u002FMITREattack","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":35,"end":43,"href":"https:\u002F\u002Fwww.linkedin.com\u002Fshowcase\u002Fmitre-att&ck\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":48,"end":53,"href":"https:\u002F\u002Fjoin.slack.com\u002Ft\u002Fmitreattack\u002Fshared_invite\u002Fzt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:b33719189b51_37":{"__typename":"Paragraph","id":"b33719189b51_37","name":"4c6f","type":"P","href":null,"layout":null,"metadata":null,"text":"©2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24–00779–4.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"CollectionViewerEdge:collectionId:6da19bd08fba-viewerId:lo_dd1658dc1d0b":{"__typename":"CollectionViewerEdge","id":"collectionId:6da19bd08fba-viewerId:lo_dd1658dc1d0b","isEditor":false,"isMuting":false},"ImageMetadata:1*8epIYX1PfgfnVfDYfZ5loQ.png":{"__typename":"ImageMetadata","id":"1*8epIYX1PfgfnVfDYfZ5loQ.png","originalWidth":796,"originalHeight":164},"PostViewerEdge:postId:561c76af94cf-viewerId:lo_dd1658dc1d0b":{"__typename":"PostViewerEdge","shouldIndexPostForExternalSearch":true,"id":"postId:561c76af94cf-viewerId:lo_dd1658dc1d0b"},"Tag:mitre-attck":{"__typename":"Tag","id":"mitre-attck","displayTitle":"Mitre Attck","normalizedTagSlug":"mitre-attck"},"Tag:cloud":{"__typename":"Tag","id":"cloud","displayTitle":"Cloud","normalizedTagSlug":"cloud"},"Tag:detection-engineering":{"__typename":"Tag","id":"detection-engineering","displayTitle":"Detection Engineering","normalizedTagSlug":"detection-engineering"},"Tag:cybercrime":{"__typename":"Tag","id":"cybercrime","displayTitle":"Cybercrime","normalizedTagSlug":"cybercrime"}}</script><script>window.__MIDDLEWARE_STATE__={"session":{"xsrf":""},"cache":{"cacheStatus":"HIT"}}</script><script src="https://cdn-client.medium.com/lite/static/js/manifest.b2314f6d.js"></script><script src="https://cdn-client.medium.com/lite/static/js/9865.1496d74a.js"></script><script src="https://cdn-client.medium.com/lite/static/js/main.24534aeb.js"></script><script src="https://cdn-client.medium.com/lite/static/js/instrumentation.d9108df7.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/reporting.ff22a7a5.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/9120.5df29668.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/5049.d1ead72d.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/4810.6318add7.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6618.db187378.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2707.b0942613.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/9977.5b3eb23a.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8599.1ab63137.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/5250.9f9e01d2.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6349.b071a958.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2648.26563adf.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8393.826a25fb.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/7079.67349d50.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/3735.afb7e926.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/5642.a2d9f6a1.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6546.cd03f950.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6834.08de95de.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/7346.72622eb9.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2420.2a5e2d95.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/839.ca7937c2.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/7975.d195c6f1.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2106.21ff89d3.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/7394.3d049572.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2961.00a48598.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8204.c4082863.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/4391.59acaed3.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.c8a11795.chunk.js"></script><script>window.main();</script><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8e740cdcca393de2',t:'MTczMjM5NTIyMi4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body></html>