CINXE.COM

<!doctype html><html lang="en"><head><title data-rh="true">ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights | by Amy L. Robertson | MITRE ATT&CK® | Medium</title><meta data-rh="true" charset="utf-8"/><meta data-rh="true" name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1,maximum-scale=1"/><meta data-rh="true" name="theme-color" content="#000000"/><meta data-rh="true" name="twitter:app:name:iphone" content="Medium"/><meta data-rh="true" name="twitter:app:id:iphone" content="828256236"/><meta data-rh="true" property="al:ios:app_name" content="Medium"/><meta data-rh="true" property="al:ios:app_store_id" content="828256236"/><meta data-rh="true" property="al:android:package" content="com.medium.reader"/><meta data-rh="true" property="fb:app_id" content="542599432471018"/><meta data-rh="true" property="og:site_name" content="Medium"/><meta data-rh="true" property="og:type" content="article"/><meta data-rh="true" property="article:published_time" content="2024-04-23T16:18:30.137Z"/><meta data-rh="true" name="title" content="ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights | by Amy L. Robertson | MITRE ATT&CK® | Medium"/><meta data-rh="true" property="og:title" content="ATT&CK v15 Brings the Action"/><meta data-rh="true" property="al:android:url" content="medium://p/26685f300acc"/><meta data-rh="true" property="al:ios:url" content="medium://p/26685f300acc"/><meta data-rh="true" property="al:android:app_name" content="Medium"/><meta data-rh="true" name="description" content="v15 is all about actionability and bringing defenders’ reality into focus — we prioritized what you need to detect, and how you can do it more effectively with detection engineering upgrades, and…"/><meta data-rh="true" property="og:description" content="Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights"/><meta data-rh="true" property="og:url" content="https://medium.com/mitre-attack/attack-v15-26685f300acc"/><meta data-rh="true" property="al:web:url" content="https://medium.com/mitre-attack/attack-v15-26685f300acc"/><meta data-rh="true" property="og:image" content="https://miro.medium.com/v2/resize:fit:1200/1*9nefc6VVPUZWdnO9pxLoTA.png"/><meta data-rh="true" property="article:author" content="https://medium.com/@arobertson_79988"/><meta data-rh="true" name="author" content="Amy L. Robertson"/><meta data-rh="true" name="robots" content="index,noarchive,follow,max-image-preview:large"/><meta data-rh="true" name="referrer" content="unsafe-url"/><meta data-rh="true" property="twitter:title" content="ATT&CK v15 Brings the Action"/><meta data-rh="true" name="twitter:site" content="@mitreattack"/><meta data-rh="true" name="twitter:app:url:iphone" content="medium://p/26685f300acc"/><meta data-rh="true" property="twitter:description" content="Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights"/><meta data-rh="true" name="twitter:image:src" content="https://miro.medium.com/v2/resize:fit:1200/1*9nefc6VVPUZWdnO9pxLoTA.png"/><meta data-rh="true" name="twitter:card" content="summary_large_image"/><meta data-rh="true" name="twitter:label1" content="Reading time"/><meta data-rh="true" name="twitter:data1" content="7 min read"/><link data-rh="true" rel="icon" href="https://miro.medium.com/v2/5d8de952517e8160e40ef9841c781cdc14a5db313057fa3c3de41c6f5b494b19"/><link data-rh="true" rel="search" type="application/opensearchdescription+xml" title="Medium" href="/osd.xml"/><link data-rh="true" rel="apple-touch-icon" sizes="152x152" href="https://miro.medium.com/v2/resize:fill:304:304/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="apple-touch-icon" sizes="120x120" href="https://miro.medium.com/v2/resize:fill:240:240/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="apple-touch-icon" sizes="76x76" href="https://miro.medium.com/v2/resize:fill:152:152/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="apple-touch-icon" sizes="60x60" href="https://miro.medium.com/v2/resize:fill:120:120/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156"/><link data-rh="true" rel="mask-icon" href="https://miro.medium.com/v2/resize:fill:1000:1000/7*GAOKVe--MXbEJmV9230oOQ.png" color="#171717"/><link data-rh="true" rel="preconnect" href="https://glyph.medium.com" crossOrigin=""/><link data-rh="true" id="glyph_preload_link" rel="preload" as="style" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" id="glyph_link" rel="stylesheet" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" rel="author" href="https://medium.com/@arobertson_79988"/><link data-rh="true" rel="canonical" href="https://medium.com/mitre-attack/attack-v15-26685f300acc"/><link data-rh="true" rel="alternate" href="android-app://com.medium.reader/https/medium.com/p/26685f300acc"/><script data-rh="true" type="application/ld+json">{"@context":"http:\u002F\u002Fschema.org","@type":"NewsArticle","image":["https:\u002F\u002Fmiro.medium.com\u002Fv2\u002Fresize:fit:1200\u002F1*9nefc6VVPUZWdnO9pxLoTA.png"],"url":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v15-26685f300acc","dateCreated":"2024-04-23T15:35:40.785Z","datePublished":"2024-04-23T15:35:40.785Z","dateModified":"2024-11-28T06:41:37.928Z","headline":"ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights","name":"ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights","description":"v15 is all about actionability and bringing defenders’ reality into focus — we prioritized what you need to detect, and how you can do it more effectively with detection engineering upgrades, and…","identifier":"26685f300acc","author":{"@type":"Person","name":"Amy L. Robertson","url":"https:\u002F\u002Fmedium.com\u002F@arobertson_79988"},"creator":["Amy L. Robertson"],"publisher":{"@type":"Organization","name":"MITRE ATT&CK®","url":"https:\u002F\u002Fmedium.com\u002Fmitre-attack","logo":{"@type":"ImageObject","width":291,"height":60,"url":"https:\u002F\u002Fmiro.medium.com\u002Fv2\u002Fresize:fit:582\u002F1*8epIYX1PfgfnVfDYfZ5loQ.png"}},"mainEntityOfPage":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v15-26685f300acc"}</script><style type="text/css" data-fela-rehydration="524" data-fela-type="STATIC">html{box-sizing:border-box;-webkit-text-size-adjust:100%}*, *:before, *:after{box-sizing:inherit}body{margin:0;padding:0;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;color:rgba(0,0,0,0.8);position:relative;min-height:100vh}h1, h2, h3, h4, h5, h6, dl, dd, ol, ul, menu, figure, blockquote, p, pre, form{margin:0}menu, ol, ul{padding:0;list-style:none;list-style-image:none}main{display:block}a{color:inherit;text-decoration:none}a, button, input{-webkit-tap-highlight-color:transparent}img, svg{vertical-align:middle}button{background:transparent;overflow:visible}button, input, optgroup, select, textarea{margin:0}:root{--reach-tabs:1;--reach-menu-button:1}#speechify-root{font-family:Sohne, sans-serif}div[data-popper-reference-hidden="true"]{visibility:hidden;pointer-events:none}.grecaptcha-badge{visibility:hidden} /*XCode style (c) Angel Garcia <angelgarcia.mail@gmail.com>*/.hljs {background: #fff;color: black; }/* Gray DOCTYPE selectors like WebKit */ .xml .hljs-meta {color: #c0c0c0; }.hljs-comment, .hljs-quote {color: #007400; }.hljs-tag, .hljs-attribute, .hljs-keyword, .hljs-selector-tag, .hljs-literal, .hljs-name {color: #aa0d91; }.hljs-variable, .hljs-template-variable {color: #3F6E74; }.hljs-code, .hljs-string, .hljs-meta .hljs-string {color: #c41a16; }.hljs-regexp, .hljs-link {color: #0E0EFF; }.hljs-title, .hljs-symbol, .hljs-bullet, .hljs-number {color: #1c00cf; }.hljs-section, .hljs-meta {color: #643820; }.hljs-title.class_, .hljs-class .hljs-title, .hljs-type, .hljs-built_in, .hljs-params {color: #5c2699; }.hljs-attr {color: #836C28; }.hljs-subst {color: #000; }.hljs-formula {background-color: #eee;font-style: italic; }.hljs-addition {background-color: #baeeba; }.hljs-deletion {background-color: #ffc8bd; }.hljs-selector-id, .hljs-selector-class {color: #9b703f; }.hljs-doctag, .hljs-strong {font-weight: bold; }.hljs-emphasis {font-style: italic; } </style><style type="text/css" data-fela-rehydration="524" data-fela-type="KEYFRAME">@-webkit-keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}@-moz-keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}@keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE">.a{font-family:medium-content-sans-serif-font, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif}.b{font-weight:400}.c{background-color:rgba(255, 255, 255, 1)}.l{display:block}.m{position:sticky}.n{top:0}.o{z-index:500}.p{padding:0 24px}.q{align-items:center}.r{border-bottom:solid 1px #F2F2F2}.y{height:41px}.z{line-height:20px}.ab{display:flex}.ac{height:57px}.ae{flex:1 0 auto}.af{color:inherit}.ag{fill:inherit}.ah{font-size:inherit}.ai{border:inherit}.aj{font-family:inherit}.ak{letter-spacing:inherit}.al{font-weight:inherit}.am{padding:0}.an{margin:0}.ao{cursor:pointer}.ap:disabled{cursor:not-allowed}.aq:disabled{color:#6B6B6B}.ar:disabled{fill:#6B6B6B}.au{width:auto}.av path{fill:#242424}.aw{height:25px}.ax{margin-left:16px}.ay{border:none}.az{border-radius:20px}.ba{width:240px}.bb{background:#F9F9F9}.bc path{fill:#6B6B6B}.be{outline:none}.bf{font-family:sohne, "Helvetica Neue", Helvetica, Arial, sans-serif}.bg{font-size:14px}.bh{width:100%}.bi{padding:10px 20px 10px 0}.bj{background-color:transparent}.bk{color:#242424}.bl::placeholder{color:#6B6B6B}.bm{display:inline-block}.bn{margin-left:12px}.bo{margin-right:12px}.bp{border-radius:4px}.bq{margin-left:24px}.br{height:24px}.bx{background-color:#F9F9F9}.by{border-radius:50%}.bz{height:32px}.ca{width:32px}.cb{justify-content:center}.ch{max-width:680px}.ci{min-width:0}.cj{animation:k1 1.2s ease-in-out infinite}.ck{height:100vh}.cl{margin-bottom:16px}.cm{margin-top:48px}.cn{align-items:flex-start}.co{flex-direction:column}.cp{justify-content:space-between}.cq{margin-bottom:24px}.cw{width:80%}.cx{background-color:#F2F2F2}.dd{height:44px}.de{width:44px}.df{margin:auto 0}.dg{margin-bottom:4px}.dh{height:16px}.di{width:120px}.dj{width:80px}.dp{margin-bottom:8px}.dq{width:96%}.dr{width:98%}.ds{width:81%}.dt{margin-left:8px}.du{color:#6B6B6B}.dv{font-size:13px}.dw{height:100%}.ep{color:#FFFFFF}.eq{fill:#FFFFFF}.er{background:rgba(218, 78, 42, 1)}.es{border-color:rgba(218, 78, 42, 1)}.ew:disabled{cursor:inherit !important}.ex:disabled{opacity:0.3}.ey:disabled:hover{background:rgba(218, 78, 42, 1)}.ez:disabled:hover{border-color:rgba(218, 78, 42, 1)}.fa{border-radius:99em}.fb{border-width:1px}.fc{border-style:solid}.fd{box-sizing:border-box}.fe{text-decoration:none}.ff{text-align:center}.fi{margin-right:32px}.fj{position:relative}.fk{fill:#6B6B6B}.fn{background:transparent}.fo svg{margin-left:4px}.fp svg{fill:#6B6B6B}.fr{box-shadow:inset 0 0 0 1px rgba(0, 0, 0, 0.05)}.fs{position:absolute}.fz{margin:0 24px}.gd{background:rgba(255, 255, 255, 1)}.ge{border:1px solid #F2F2F2}.gf{box-shadow:0 1px 4px #F2F2F2}.gg{max-height:100vh}.gh{overflow-y:auto}.gi{left:0}.gj{top:calc(100vh + 100px)}.gk{bottom:calc(100vh + 100px)}.gl{width:10px}.gm{pointer-events:none}.gn{word-break:break-word}.go{word-wrap:break-word}.gp:after{display:block}.gq:after{content:""}.gr:after{clear:both}.gs{line-height:1.23}.gt{letter-spacing:0}.gu{font-style:normal}.gv{font-weight:700}.ia{align-items:baseline}.ib{width:48px}.ic{height:48px}.id{border:2px solid rgba(255, 255, 255, 1)}.ie{z-index:0}.if{box-shadow:none}.ig{border:1px solid rgba(0, 0, 0, 0.05)}.ih{margin-left:-12px}.ii{width:28px}.ij{height:28px}.ik{z-index:1}.il{width:24px}.im{margin-bottom:2px}.in{flex-wrap:nowrap}.io{font-size:16px}.ip{line-height:24px}.ir{margin:0 8px}.is{display:inline}.it{color:rgba(218, 78, 42, 1)}.iu{fill:rgba(218, 78, 42, 1)}.ix{flex:0 0 auto}.ja{flex-wrap:wrap}.jb{white-space:pre-wrap}.jc{margin-right:4px}.jd{overflow:hidden}.je{max-height:20px}.jf{text-overflow:ellipsis}.jg{display:-webkit-box}.jh{-webkit-line-clamp:1}.ji{-webkit-box-orient:vertical}.jj{word-break:break-all}.jl{padding-left:8px}.jm{padding-right:8px}.kn> *{flex-shrink:0}.ko{overflow-x:scroll}.kp::-webkit-scrollbar{display:none}.kq{scrollbar-width:none}.kr{-ms-overflow-style:none}.ks{width:74px}.kt{flex-direction:row}.ku{z-index:2}.kx{-webkit-user-select:none}.ky{border:0}.kz{fill:rgba(117, 117, 117, 1)}.lc{outline:0}.ld{user-select:none}.le> svg{pointer-events:none}.ln{cursor:progress}.lo{opacity:1}.lp{padding:4px 0}.ls{margin-top:0px}.lt{width:16px}.lv{display:inline-flex}.mb{max-width:100%}.mc{padding:8px 2px}.md svg{color:#6B6B6B}.mu{margin-left:auto}.mv{margin-right:auto}.mw{max-width:3024px}.nc{clear:both}.ne{cursor:zoom-in}.nf{z-index:auto}.nh{height:auto}.ni{line-height:1.58}.nj{letter-spacing:-0.004em}.nk{font-family:source-serif-pro, Georgia, Cambria, "Times New Roman", Times, serif}.of{margin-bottom:-0.46em}.og{font-style:italic}.oh{text-decoration:underline}.oi{line-height:1.12}.oj{letter-spacing:-0.022em}.ok{font-weight:600}.pf{margin-bottom:-0.28em}.pq{margin-bottom:26px}.pr{margin-top:6px}.ps{margin-top:8px}.pt{margin-right:8px}.pu{padding:8px 16px}.pv{border-radius:100px}.pw{transition:background 300ms ease}.py{white-space:nowrap}.pz{border-top:none}.qa{margin-bottom:50px}.qb{height:52px}.qc{max-height:52px}.qd{box-sizing:content-box}.qe{position:static}.qg{max-width:155px}.qm{margin-right:20px}.qn{margin-bottom:64px}.qo{margin-bottom:48px}.rc{border-radius:2px}.re{height:64px}.rf{width:64px}.rg{align-self:flex-end}.rh{flex:1 1 auto}.rn{padding-right:4px}.ro{font-weight:500}.sb{margin-top:16px}.sc{color:rgba(255, 255, 255, 1)}.sd{fill:rgba(255, 255, 255, 1)}.se{background:rgba(25, 25, 25, 1)}.sf{border-color:rgba(25, 25, 25, 1)}.si:disabled{opacity:0.1}.sj:disabled:hover{background:rgba(25, 25, 25, 1)}.sk:disabled:hover{border-color:rgba(25, 25, 25, 1)}.sl{margin-bottom:54px}.sm{height:0px}.sn{gap:18px}.so{fill:rgba(61, 61, 61, 1)}.ta{border-bottom:solid 1px #E5E5E5}.tb{margin-top:72px}.tc{padding:24px 0}.td{margin-bottom:0px}.te{margin-right:16px}.as:hover:not(:disabled){color:rgba(25, 25, 25, 1)}.at:hover:not(:disabled){fill:rgba(25, 25, 25, 1)}.et:hover{background:rgba(185, 70, 40, 1)}.eu:hover{border-color:rgba(185, 70, 40, 1)}.ev:hover{cursor:pointer}.fl:hover{color:#242424}.fm:hover{fill:#242424}.fq:hover svg{fill:#242424}.ft:hover{background-color:rgba(0, 0, 0, 0.1)}.iq:hover{text-decoration:underline}.iv:hover:not(:disabled){color:rgba(185, 70, 40, 1)}.iw:hover:not(:disabled){fill:rgba(185, 70, 40, 1)}.lb:hover{fill:rgba(8, 8, 8, 1)}.lq:hover{fill:#000000}.lr:hover p{color:#000000}.lu:hover{color:#000000}.me:hover svg{color:#000000}.px:hover{background-color:#F2F2F2}.rd:hover{background-color:none}.sg:hover{background:#000000}.sh:hover{border-color:#242424}.sp:hover{fill:rgba(25, 25, 25, 1)}.bd:focus-within path{fill:#242424}.la:focus{fill:rgba(8, 8, 8, 1)}.mf:focus svg{color:#000000}.ng:focus{transform:scale(1.01)}.lf:active{border-style:none}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (min-width: 1080px)">.d{display:none}.bw{width:64px}.cg{margin:0 64px}.cv{height:48px}.dc{margin-bottom:52px}.do{margin-bottom:48px}.ef{font-size:14px}.eg{line-height:20px}.em{font-size:13px}.eo{padding:5px 12px}.fh{display:flex}.fy{margin-bottom:50px}.gc{max-width:680px}.hq{font-size:42px}.hr{margin-top:1.19em}.hs{margin-bottom:32px}.ht{line-height:52px}.hu{letter-spacing:-0.011em}.hz{align-items:center}.jz{border-top:solid 1px #F2F2F2}.ka{border-bottom:solid 1px #F2F2F2}.kb{margin:32px 0 0}.kc{padding:3px 8px}.kl> *{margin-right:24px}.km> :last-child{margin-right:0}.lm{margin-top:0px}.ma{margin:0}.nb{margin-top:40px}.ob{font-size:20px}.oc{margin-top:2.14em}.od{line-height:32px}.oe{letter-spacing:-0.003em}.pb{font-size:24px}.pc{margin-top:1.95em}.pd{line-height:30px}.pe{letter-spacing:-0.016em}.pk{margin-top:0.94em}.pp{margin-top:56px}.ql{display:inline-block}.qp{flex-direction:row}.qs{margin-bottom:0}.qt{margin-right:20px}.ri{max-width:500px}.rz{line-height:24px}.sa{letter-spacing:0}.su{margin:40px 0 0}.sz{padding-top:72px}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (max-width: 1079.98px)">.e{display:none}.ll{margin-top:0px}.qk{display:inline-block}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (max-width: 903.98px)">.f{display:none}.lk{margin-top:0px}.qj{display:inline-block}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (max-width: 727.98px)">.g{display:none}.li{margin-top:0px}.lj{margin-right:0px}.qi{display:inline-block}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (max-width: 551.98px)">.h{display:none}.s{display:flex}.t{justify-content:space-between}.bs{width:24px}.cc{margin:0 24px}.cr{height:40px}.cy{margin-bottom:44px}.dk{margin-bottom:32px}.dx{font-size:13px}.dy{line-height:20px}.eh{padding:0px 8px 1px}.fu{margin-bottom:2px}.gw{font-size:32px}.gx{margin-top:1.01em}.gy{margin-bottom:24px}.gz{line-height:38px}.ha{letter-spacing:-0.014em}.hv{align-items:flex-start}.iy{flex-direction:column}.jn{margin:24px -24px 0}.jo{padding:0}.kd> *{margin-right:8px}.ke> :last-child{margin-right:24px}.kv{margin-left:0px}.lg{margin-top:0px}.lh{margin-right:0px}.lw{margin:0}.mg{border:1px solid #F2F2F2}.mh{border-radius:99em}.mi{padding:0px 16px 0px 12px}.mj{height:38px}.mk{align-items:center}.mm svg{margin-right:8px}.mx{margin-top:32px}.nl{font-size:18px}.nm{margin-top:1.56em}.nn{line-height:28px}.no{letter-spacing:-0.003em}.ol{font-size:20px}.om{margin-top:1.2em}.on{line-height:24px}.oo{letter-spacing:0}.pg{margin-top:0.67em}.pl{margin-top:40px}.qh{display:inline-block}.ra{margin-bottom:20px}.rb{margin-right:0}.rm{max-width:100%}.rp{font-size:24px}.rq{line-height:30px}.rr{letter-spacing:-0.016em}.sq{margin:32px 0 0}.sv{padding-top:48px}.ml:hover{border-color:#E5E5E5}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (min-width: 904px) and (max-width: 1079.98px)">.i{display:none}.bv{width:64px}.cf{margin:0 64px}.cu{height:48px}.db{margin-bottom:52px}.dn{margin-bottom:48px}.ed{font-size:14px}.ee{line-height:20px}.ek{font-size:13px}.el{padding:5px 12px}.fg{display:flex}.fx{margin-bottom:50px}.gb{max-width:680px}.hl{font-size:42px}.hm{margin-top:1.19em}.hn{margin-bottom:32px}.ho{line-height:52px}.hp{letter-spacing:-0.011em}.hy{align-items:center}.jv{border-top:solid 1px #F2F2F2}.jw{border-bottom:solid 1px #F2F2F2}.jx{margin:32px 0 0}.jy{padding:3px 8px}.kj> *{margin-right:24px}.kk> :last-child{margin-right:0}.lz{margin:0}.na{margin-top:40px}.nx{font-size:20px}.ny{margin-top:2.14em}.nz{line-height:32px}.oa{letter-spacing:-0.003em}.ox{font-size:24px}.oy{margin-top:1.95em}.oz{line-height:30px}.pa{letter-spacing:-0.016em}.pj{margin-top:0.94em}.po{margin-top:56px}.qq{flex-direction:row}.qu{margin-bottom:0}.qv{margin-right:20px}.rj{max-width:500px}.rx{line-height:24px}.ry{letter-spacing:0}.st{margin:40px 0 0}.sy{padding-top:72px}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (min-width: 728px) and (max-width: 903.98px)">.j{display:none}.w{display:flex}.x{justify-content:space-between}.bu{width:64px}.ce{margin:0 48px}.ct{height:48px}.da{margin-bottom:52px}.dm{margin-bottom:48px}.eb{font-size:13px}.ec{line-height:20px}.ej{padding:0px 8px 1px}.fw{margin-bottom:50px}.ga{max-width:680px}.hg{font-size:42px}.hh{margin-top:1.19em}.hi{margin-bottom:32px}.hj{line-height:52px}.hk{letter-spacing:-0.011em}.hx{align-items:center}.jr{border-top:solid 1px #F2F2F2}.js{border-bottom:solid 1px #F2F2F2}.jt{margin:32px 0 0}.ju{padding:3px 8px}.kh> *{margin-right:24px}.ki> :last-child{margin-right:0}.ly{margin:0}.mz{margin-top:40px}.nt{font-size:20px}.nu{margin-top:2.14em}.nv{line-height:32px}.nw{letter-spacing:-0.003em}.ot{font-size:24px}.ou{margin-top:1.95em}.ov{line-height:30px}.ow{letter-spacing:-0.016em}.pi{margin-top:0.94em}.pn{margin-top:56px}.qr{flex-direction:row}.qw{margin-bottom:0}.qx{margin-right:20px}.rk{max-width:500px}.rv{line-height:24px}.rw{letter-spacing:0}.ss{margin:40px 0 0}.sx{padding-top:72px}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="all and (min-width: 552px) and (max-width: 727.98px)">.k{display:none}.u{display:flex}.v{justify-content:space-between}.bt{width:24px}.cd{margin:0 24px}.cs{height:40px}.cz{margin-bottom:44px}.dl{margin-bottom:32px}.dz{font-size:13px}.ea{line-height:20px}.ei{padding:0px 8px 1px}.fv{margin-bottom:2px}.hb{font-size:32px}.hc{margin-top:1.01em}.hd{margin-bottom:24px}.he{line-height:38px}.hf{letter-spacing:-0.014em}.hw{align-items:flex-start}.iz{flex-direction:column}.jp{margin:24px 0 0}.jq{padding:0}.kf> *{margin-right:8px}.kg> :last-child{margin-right:8px}.kw{margin-left:0px}.lx{margin:0}.mn{border:1px solid #F2F2F2}.mo{border-radius:99em}.mp{padding:0px 16px 0px 12px}.mq{height:38px}.mr{align-items:center}.mt svg{margin-right:8px}.my{margin-top:32px}.np{font-size:18px}.nq{margin-top:1.56em}.nr{line-height:28px}.ns{letter-spacing:-0.003em}.op{font-size:20px}.oq{margin-top:1.2em}.or{line-height:24px}.os{letter-spacing:0}.ph{margin-top:0.67em}.pm{margin-top:40px}.qy{margin-bottom:20px}.qz{margin-right:0}.rl{max-width:100%}.rs{font-size:24px}.rt{line-height:30px}.ru{letter-spacing:-0.016em}.sr{margin:32px 0 0}.sw{padding-top:48px}.ms:hover{border-color:#E5E5E5}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="print">.qf{display:none}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="(orientation: landscape) and (max-width: 903.98px)">.jk{max-height:none}</style><style type="text/css" data-fela-rehydration="524" data-fela-type="RULE" media="(prefers-reduced-motion: no-preference)">.nd{transition:transform 300ms cubic-bezier(0.2, 0, 0.2, 1)}</style></head><body><div id="root"><div class="a b c"><div class="d e f g h i j k"></div><script>document.domain = document.domain;</script><div class="l c"><div class="l m n o c"><div class="p q r s t u v w x i d y z"><a class="du ag dv bf ak b am an ao ap aq ar as at s u w i d q dw z" href="https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F26685f300acc&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderCollection&source=---top_nav_layout_nav-----------------------------------------" rel="noopener follow">Open in app<svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" fill="none" viewBox="0 0 10 10" class="dt"><path fill="currentColor" d="M.985 8.485a.375.375 0 1 0 .53.53zM8.75 1.25h.375A.375.375 0 0 0 8.75.875zM8.375 6.5a.375.375 0 1 0 .75 0zM3.5.875a.375.375 0 1 0 0 .75zm-1.985 8.14 7.5-7.5-.53-.53-7.5 7.5zm6.86-7.765V6.5h.75V1.25zM3.5 1.625h5.25v-.75H3.5z"></path></svg></a><div class="ab q"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><button class="bf b dx dy eh dz ea ei eb ec ej ek ee el em eg eo ep eq er es et eu ev ew ex ey ez fa fb fc fd bm fe ff" data-testid="headerSignUpButton">Sign up</button></span></p><div class="ax l"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerSignInButton" rel="noopener follow" href="/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&source=post_page---top_nav_layout_nav-----------------------global_nav------------------">Sign in</a></span></p></div></div></div><div class="p q r ab ac"><div class="ab q ae"><a class="af ag ah ai aj ak al am an ao ap aq ar as at ab" aria-label="Homepage" data-testid="headerMediumLogo" rel="noopener follow" href="/?source=---top_nav_layout_nav-----------------------------------------"><svg xmlns="http://www.w3.org/2000/svg" width="719" height="160" fill="none" viewBox="0 0 719 160" class="au av aw"><path fill="#242424" d="m174.104 9.734.215-.047V8.02H130.39L89.6 103.89 48.81 8.021H1.472v1.666l.212.047c8.018 1.81 12.09 4.509 12.09 14.242V137.93c0 9.734-4.087 12.433-12.106 14.243l-.212.047v1.671h32.118v-1.665l-.213-.048c-8.018-1.809-12.089-4.509-12.089-14.242V30.586l52.399 123.305h2.972l53.925-126.743V140.75c-.687 7.688-4.721 10.062-11.982 11.701l-.215.05v1.652h55.948v-1.652l-.215-.05c-7.269-1.639-11.4-4.013-12.087-11.701l-.037-116.774h.037c0-9.733 4.071-12.432 12.087-14.242m25.555 75.488c.915-20.474 8.268-35.252 20.606-35.507 3.806.063 6.998 1.312 9.479 3.714 5.272 5.118 7.751 15.812 7.368 31.793zm-.553 5.77h65.573v-.275c-.186-15.656-4.721-27.834-13.466-36.196-7.559-7.227-18.751-11.203-30.507-11.203h-.263c-6.101 0-13.584 1.48-18.909 4.16-6.061 2.807-11.407 7.003-15.855 12.511-7.161 8.874-11.499 20.866-12.554 34.343q-.05.606-.092 1.212a50 50 0 0 0-.065 1.151 85.807 85.807 0 0 0-.094 5.689c.71 30.524 17.198 54.917 46.483 54.917 25.705 0 40.675-18.791 44.407-44.013l-1.886-.664c-6.557 13.556-18.334 21.771-31.738 20.769-18.297-1.369-32.314-19.922-31.042-42.395m139.722 41.359c-2.151 5.101-6.639 7.908-12.653 7.908s-11.513-4.129-15.418-11.63c-4.197-8.053-6.405-19.436-6.405-32.92 0-28.067 8.729-46.22 22.24-46.22 5.657 0 10.111 2.807 12.236 7.704zm43.499 20.008c-8.019-1.897-12.089-4.722-12.089-14.951V1.309l-48.716 14.353v1.757l.299-.024c6.72-.543 11.278.386 13.925 2.83 2.072 1.915 3.082 4.853 3.082 8.987v18.66c-4.803-3.067-10.516-4.56-17.448-4.56-14.059 0-26.909 5.92-36.176 16.672-9.66 11.205-14.767 26.518-14.767 44.278-.003 31.72 15.612 53.039 38.851 53.039 13.595 0 24.533-7.449 29.54-20.013v16.865h43.711v-1.746zM424.1 19.819c0-9.904-7.468-17.374-17.375-17.374-9.859 0-17.573 7.632-17.573 17.374s7.721 17.374 17.573 17.374c9.907 0 17.375-7.47 17.375-17.374m11.499 132.546c-8.019-1.897-12.089-4.722-12.089-14.951h-.035V43.635l-43.714 12.551v1.705l.263.024c9.458.842 12.047 4.1 12.047 15.152v81.086h43.751v-1.746zm112.013 0c-8.018-1.897-12.089-4.722-12.089-14.951V43.635l-41.621 12.137v1.71l.246.026c7.733.813 9.967 4.257 9.967 15.36v59.279c-2.578 5.102-7.415 8.131-13.274 8.336-9.503 0-14.736-6.419-14.736-18.073V43.638l-43.714 12.55v1.703l.262.024c9.459.84 12.05 4.097 12.05 15.152v50.17a56.3 56.3 0 0 0 .91 10.444l.787 3.423c3.701 13.262 13.398 20.197 28.59 20.197 12.868 0 24.147-7.966 29.115-20.43v17.311h43.714v-1.747zm169.818 1.788v-1.749l-.213-.05c-8.7-2.006-12.089-5.789-12.089-13.49v-63.79c0-19.89-11.171-31.761-29.883-31.761-13.64 0-25.141 7.882-29.569 20.16-3.517-13.01-13.639-20.16-28.606-20.16-13.146 0-23.449 6.938-27.869 18.657V43.643L545.487 55.68v1.715l.263.024c9.345.829 12.047 4.181 12.047 14.95v81.784h40.787v-1.746l-.215-.053c-6.941-1.631-9.181-4.606-9.181-12.239V66.998c1.836-4.289 5.537-9.37 12.853-9.37 9.086 0 13.692 6.296 13.692 18.697v77.828h40.797v-1.746l-.215-.053c-6.94-1.631-9.18-4.606-9.18-12.239V75.066a42 42 0 0 0-.578-7.26c1.947-4.661 5.86-10.177 13.475-10.177 9.214 0 13.691 6.114 13.691 18.696v77.828z"></path></svg></a><div class="ax h"><div class="ab ay az ba bb q bc bd"><div class="bm" aria-hidden="false" aria-describedby="searchResults" aria-labelledby="searchResults"></div><div class="bn bo ab"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M4.092 11.06a6.95 6.95 0 1 1 13.9 0 6.95 6.95 0 0 1-13.9 0m6.95-8.05a8.05 8.05 0 1 0 5.13 14.26l3.75 3.75a.56.56 0 1 0 .79-.79l-3.73-3.73A8.05 8.05 0 0 0 11.042 3z" clip-rule="evenodd"></path></svg></div><input role="combobox" aria-controls="searchResults" aria-expanded="false" aria-label="search" data-testid="headerSearchInput" tabindex="0" class="ay be bf bg z bh bi bj bk bl" placeholder="Search" value=""/></div></div></div><div class="h k w fg fh"><div class="fi ab"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerWriteButton" rel="noopener follow" href="/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------"><div class="bf b bg z du fj fk ab q fl fm"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24" aria-label="Write"><path fill="currentColor" d="M14 4a.5.5 0 0 0 0-1zm7 6a.5.5 0 0 0-1 0zm-7-7H4v1h10zM3 4v16h1V4zm1 17h16v-1H4zm17-1V10h-1v10zm-1 1a1 1 0 0 0 1-1h-1zM3 20a1 1 0 0 0 1 1v-1zM4 3a1 1 0 0 0-1 1h1z"></path><path stroke="currentColor" d="m17.5 4.5-8.458 8.458a.25.25 0 0 0-.06.098l-.824 2.47a.25.25 0 0 0 .316.316l2.47-.823a.25.25 0 0 0 .098-.06L19.5 6.5m-2-2 2.323-2.323a.25.25 0 0 1 .354 0l1.646 1.646a.25.25 0 0 1 0 .354L19.5 6.5m-2-2 2 2"></path></svg><div class="dt l">Write</div></div></a></span></div></div><div class="k j i d"><div class="fi ab"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerSearchButton" rel="noopener follow" href="/search?source=---top_nav_layout_nav-----------------------------------------"><div class="bf b bg z du fj fk ab q fl fm"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24" aria-label="Search"><path fill="currentColor" fill-rule="evenodd" d="M4.092 11.06a6.95 6.95 0 1 1 13.9 0 6.95 6.95 0 0 1-13.9 0m6.95-8.05a8.05 8.05 0 1 0 5.13 14.26l3.75 3.75a.56.56 0 1 0 .79-.79l-3.73-3.73A8.05 8.05 0 0 0 11.042 3z" clip-rule="evenodd"></path></svg></div></a></div></div><div class="fi h k j"><div class="ab q"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><button class="bf b dx dy eh dz ea ei eb ec ej ek ee el em eg eo ep eq er es et eu ev ew ex ey ez fa fb fc fd bm fe ff" data-testid="headerSignUpButton">Sign up</button></span></p><div class="ax l"><p class="bf b dx dy dz ea eb ec ed ee ef eg du"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerSignInButton" rel="noopener follow" href="/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&source=post_page---top_nav_layout_nav-----------------------global_nav------------------">Sign in</a></span></p></div></div></div><div class="l" aria-hidden="false"><button class="ay fn am ab q ao fo fp fq" aria-label="user options menu" data-testid="headerUserIcon"><div class="l fj"><img alt="" class="l fd by bz ca cx" src="https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png" width="32" height="32" loading="lazy" role="presentation"/><div class="fr by l bz ca fs n ay ft"></div></div></button></div></div></div><div class="l"><div class="fu fv fw fx fy l"><div class="ab cb"><div class="ci bh fz ga gb gc"></div></div><article><div class="l"><div class="l"><span class="l"></span><section><div><div class="fs gi gj gk gl gm"></div><div class="gn go gp gq gr"><div class="ab cb"><div class="ci bh fz ga gb gc"><div><h1 id="94c2" class="pw-post-title gs gt gu bf gv gw gx gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu bk" data-testid="storyTitle">ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights</h1><div><div class="speechify-ignore ab cp"><div class="speechify-ignore bh l"><div class="hv hw hx hy hz ab"><div><div class="ab ia"><div><div class="bm" aria-hidden="false"><a rel="noopener follow" href="/@arobertson_79988?source=post_page---byline--26685f300acc---------------------------------------"><div class="l ib ic by id ie"><div class="l fj"><img alt="Amy L. Robertson" class="l fd by dd de cx" src="https://miro.medium.com/v2/resize:fill:88:88/1*HSqNMSnjesj-UnJGDPJi7g.jpeg" width="44" height="44" loading="lazy" data-testid="authorPhoto"/><div class="if by l dd de fs n ig ft"></div></div></div></a></div></div><div class="ih ab fj"><div><div class="bm" aria-hidden="false"><a href="https://medium.com/mitre-attack?source=post_page---byline--26685f300acc---------------------------------------" rel="noopener follow"><div class="l ii ij by id ik"><div class="l fj"><img alt="MITRE ATT&CK®" class="l fd by br il cx" src="https://miro.medium.com/v2/resize:fill:48:48/1*Y6LKGEIzmF96lVHkv_RS9A.png" width="24" height="24" loading="lazy" data-testid="publicationPhoto"/><div class="if by l br il fs n ig ft"></div></div></div></a></div></div></div></div></div><div class="bn bh l"><div class="ab"><div style="flex:1"><span class="bf b bg z bk"><div class="im ab q"><div class="ab q in"><div class="ab q"><div><div class="bm" aria-hidden="false"><p class="bf b io ip bk"><a class="af ag ah ai aj ak al am an ao ap aq ar iq" data-testid="authorName" rel="noopener follow" href="/@arobertson_79988?source=post_page---byline--26685f300acc---------------------------------------">Amy L. Robertson</a></p></div></div></div><span class="ir is" aria-hidden="true"><span class="bf b bg z du">·</span></span><p class="bf b io ip du"><span><a class="it iu ah ai aj ak al am an ao ap aq ar ex iv iw" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F13b16fa8065d&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&user=Amy+L.+Robertson&userId=13b16fa8065d&source=post_page-13b16fa8065d--byline--26685f300acc---------------------post_header------------------">Follow</a></span></p></div></div></span></div></div><div class="l ix"><span class="bf b bg z du"><div class="ab cn iy iz ja"><div class="fu fv ab"><div class="bf b bg z du ab jb"><span class="jc l ix">Published in</span><div><div class="l" aria-hidden="false"><a class="af ag ah ai aj ak al am an ao ap aq ar iq ab q" data-testid="publicationName" href="https://medium.com/mitre-attack?source=post_page---byline--26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b bg z jd je jf jg jh ji jj jk bk">MITRE ATT&CK®</p></a></div></div></div><div class="h k"><span class="ir is" aria-hidden="true"><span class="bf b bg z du">·</span></span></div></div><span class="bf b bg z du"><div class="ab ae"><span data-testid="storyReadTime">7 min read</span><div class="jl jm l" aria-hidden="true"><span class="l" aria-hidden="true"><span class="bf b bg z du">·</span></span></div><span data-testid="storyPublishDate">Apr 23, 2024</span></div></span></div></span></div></div></div><div class="ab cp jn jo jp jq jr js jt ju jv jw jx jy jz ka kb kc"><div class="h k w fg fh q"><div class="ks l"><div class="ab q kt ku"><div class="pw-multi-vote-icon fj jc kv kw kx"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerClapButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmitre-attack%2F26685f300acc&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&user=Amy+L.+Robertson&userId=13b16fa8065d&source=---header_actions--26685f300acc---------------------clap_footer------------------"><div><div class="bm" aria-hidden="false"><div class="ky ao kz la lb lc am ld le lf kx"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" d="M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z" clip-rule="evenodd"></path></svg></div></div></div></a></span></div><div class="pw-multi-vote-count l lg lh li lj lk ll lm"><p class="bf b dv z du"><span class="ln">--</span></p></div></div></div><div><div class="bm" aria-hidden="false"><button class="ao ky lo lp ab q fk lq lr" aria-label="responses"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="ls"><path d="M18.006 16.803c1.533-1.456 2.234-3.325 2.234-5.321C20.24 7.357 16.709 4 12.191 4S4 7.357 4 11.482c0 4.126 3.674 7.482 8.191 7.482.817 0 1.622-.111 2.393-.327.231.2.48.391.744.559 1.06.693 2.203 1.044 3.399 1.044.224-.008.4-.112.486-.287a.49.49 0 0 0-.042-.518c-.495-.67-.845-1.364-1.04-2.057a4 4 0 0 1-.125-.598zm-3.122 1.055-.067-.223-.315.096a8 8 0 0 1-2.311.338c-4.023 0-7.292-2.955-7.292-6.587 0-3.633 3.269-6.588 7.292-6.588 4.014 0 7.112 2.958 7.112 6.593 0 1.794-.608 3.469-2.027 4.72l-.195.168v.255c0 .056 0 .151.016.295.025.231.081.478.154.733.154.558.398 1.117.722 1.659a5.3 5.3 0 0 1-2.165-.845c-.276-.176-.714-.383-.941-.59z"></path></svg></button></div></div></div><div class="ab q kd ke kf kg kh ki kj kk kl km kn ko kp kq kr"><div class="lt k j i d"></div><div class="h k"><div><div class="bm" aria-hidden="false"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="headerBookmarkButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F26685f300acc&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&source=---header_actions--26685f300acc---------------------bookmark_footer------------------"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="none" viewBox="0 0 25 25" class="du lu" aria-label="Add to list bookmark button"><path fill="currentColor" d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .805.396L12.5 17l5.695 4.396A.5.5 0 0 0 19 21v-8.5a.5.5 0 0 0-1 0v7.485l-5.195-4.012a.5.5 0 0 0-.61 0L7 19.985z"></path></svg></a></span></div></div></div><div class="fd lv cn"><div class="l ae"><div class="ab cb"><div class="lw lx ly lz ma mb ci bh"><div class="ab"><div class="bm" aria-hidden="false"><div><div class="bm" aria-hidden="false"><button aria-label="Listen" data-testid="audioPlayButton" class="af fk ah ai aj ak al mc an ao ap ex md me lr mf mg mh mi mj s mk ml mm mn mo mp mq u mr ms mt"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M3 12a9 9 0 1 1 18 0 9 9 0 0 1-18 0m9-10C6.477 2 2 6.477 2 12s4.477 10 10 10 10-4.477 10-10S17.523 2 12 2m3.376 10.416-4.599 3.066a.5.5 0 0 1-.777-.416V8.934a.5.5 0 0 1 .777-.416l4.599 3.066a.5.5 0 0 1 0 .832" clip-rule="evenodd"></path></svg><div class="j i d"><p class="bf b bg z du">Listen</p></div></button></div></div></div></div></div></div></div></div><div class="bm" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="bm" aria-hidden="false"><button aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post" data-testid="headerSocialShareButton" class="af fk ah ai aj ak al mc an ao ap ex md me lr mf mg mh mi mj s mk ml mm mn mo mp mq u mr ms mt"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M15.218 4.931a.4.4 0 0 1-.118.132l.012.006a.45.45 0 0 1-.292.074.5.5 0 0 1-.3-.13l-2.02-2.02v7.07c0 .28-.23.5-.5.5s-.5-.22-.5-.5v-7.04l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.79a.42.42 0 0 1 .068.498m-.106.138.008.004v-.01zM16 7.063h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11c-1.1 0-2-.9-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.15.5.5 0 0 1 .15.35.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9v-10.2c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1" clip-rule="evenodd"></path></svg><div class="j i d"><p class="bf b bg z du">Share</p></div></button></div></div></div></div></div></div></div></div></div><figure class="mx my mz na nb nc mu mv paragraph-image"><div role="button" tabindex="0" class="nd ne fj nf bh ng"><div class="mu mv mw"><picture><source srcSet="https://miro.medium.com/v2/resize:fit:640/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 640w, https://miro.medium.com/v2/resize:fit:720/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 720w, https://miro.medium.com/v2/resize:fit:750/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 750w, https://miro.medium.com/v2/resize:fit:786/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 786w, https://miro.medium.com/v2/resize:fit:828/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 828w, https://miro.medium.com/v2/resize:fit:1100/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 1100w, https://miro.medium.com/v2/resize:fit:1400/format:webp/1*9nefc6VVPUZWdnO9pxLoTA.png 1400w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 700px" type="image/webp"/><source data-testid="og" srcSet="https://miro.medium.com/v2/resize:fit:640/1*9nefc6VVPUZWdnO9pxLoTA.png 640w, https://miro.medium.com/v2/resize:fit:720/1*9nefc6VVPUZWdnO9pxLoTA.png 720w, https://miro.medium.com/v2/resize:fit:750/1*9nefc6VVPUZWdnO9pxLoTA.png 750w, https://miro.medium.com/v2/resize:fit:786/1*9nefc6VVPUZWdnO9pxLoTA.png 786w, https://miro.medium.com/v2/resize:fit:828/1*9nefc6VVPUZWdnO9pxLoTA.png 828w, https://miro.medium.com/v2/resize:fit:1100/1*9nefc6VVPUZWdnO9pxLoTA.png 1100w, https://miro.medium.com/v2/resize:fit:1400/1*9nefc6VVPUZWdnO9pxLoTA.png 1400w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 700px"/><img alt="" class="bh mb nh c" width="700" height="435" loading="eager" role="presentation"/></picture></div></div></figure><p id="fcc3" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">v15 is all about actionability and bringing defenders’ reality into focus — we prioritized <em class="og">what </em>you need to detect, and <em class="og">how </em>you can do it more effectively with detection engineering upgrades, and deeper intelligence insights across platforms. This release also reflects the new expansion rhythm, balancing both well-known and emerging behaviors to reflect how trends and activity are experienced in the field.</p><p id="9016" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">For the details on our updates/additions across Techniques, Software, Groups and Campaigns take a look at our <a class="af oh" href="https://attack.mitre.org/resources/updates/updates-april-2024/index.html" rel="noopener ugc nofollow" target="_blank">release notes</a>, our <a class="af oh" href="https://attack.mitre.org/docs/changelogs/v14.1-v15.0/changelog-detailed.html" rel="noopener ugc nofollow" target="_blank">detailed changelog</a>, or our <a class="af oh" href="https://attack.mitre.org/docs/changelogs/v14.1-v15.0/changelog.json" rel="noopener ugc nofollow" target="_blank">changelog.json</a>.</p><h1 id="7872" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">Enterprise | Familiar + Novel = Reality</strong></h1><p id="877f" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">With v15 we were aiming for the perfect balance of familiar behaviors you’ve probably seen countless times (e.g., <a class="af oh" href="https://attack.mitre.org/techniques/T1027/013/" rel="noopener ugc nofollow" target="_blank">T1027.013: Obfuscated Files or Information: Encrypted/ Encoded File</a>, <a class="af oh" href="https://attack.mitre.org/techniques/T1665/" rel="noopener ugc nofollow" target="_blank">T1665: Hide Infrastructure</a>), as well as newer, emerging trends. The shadowy domain of Resource Development was expanded to illuminate how adversaries are using generative artificial intelligence tools, like large language models (LLMs), to support various malicious activities (<a class="af oh" href="https://attack.mitre.org/techniques/T1588/007/" rel="noopener ugc nofollow" target="_blank">T1588.007: Obtain Capabilities: Artificial Intelligence</a>). And it’s not just about gaining initial access anymore — we added <a class="af oh" href="https://attack.mitre.org/techniques/T1584/008/" rel="noopener ugc nofollow" target="_blank">T1584.008: Compromise Infrastructure: Network Devices</a> to capture how threat groups are hacking into third-party network devices, including small office/home office routers, to use these devices to facilitate further targeting.</p><h1 id="f1b3" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">Cloud | More Actionability</strong></h1><p id="9809" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">As outlined in the <a class="af oh" rel="noopener ugc nofollow" target="_blank" href="/mitre-attack/attack-2024-roadmap-8dfc46d1ad1b">ATT&CK 2024 Roadmap</a>, we’re striving to make the <a class="af oh" href="https://attack.mitre.org/matrices/enterprise/cloud/" rel="noopener ugc nofollow" target="_blank">Cloud matrix</a> more approachable for defenders of all skill levels. With this release, we focused on providing a broader set of defensive measures, resources, and insights for CI/CD pipelines, Infrastructure as Code (IaC), and Identity. v15 features new mitigations and data sources on token protection, along with more specific references to Okta logs. <a class="af oh" href="https://attack.mitre.org/techniques/T1072/" rel="noopener ugc nofollow" target="_blank">T1072: Software Deployment Tools</a> was expanded to include broad execution of <a class="af oh" href="https://attack.mitre.org/techniques/T1651/" rel="noopener ugc nofollow" target="_blank">T1651: Cloud Administration Command</a>, reflecting how threat actors are turning cloud native tools like AWS Systems Manager into remote access trojans.</p><p id="6301" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">We ramped up resources for CI/CD pipelines and IaC, and made some refinements to Identity, with the expansion of <a class="af oh" href="https://attack.mitre.org/techniques/T1484/002/" rel="noopener ugc nofollow" target="_blank">T1484: Domain Policy Modification</a> to include not just Azure AD, but also other identity-as-a-service providers like Okta. <a class="af oh" href="https://attack.mitre.org/techniques/T1556/" rel="noopener ugc nofollow" target="_blank">T1556: Modify Authentication Process</a> gained a new sub (<a class="af oh" href="https://attack.mitre.org/techniques/T1556/009/" rel="noopener ugc nofollow" target="_blank">T1556.009: Conditional Access Policies</a>) exploring how threat actors have tampered with or disabled conditional access policies for ongoing access to compromised accounts. We also expanded <a class="af oh" href="https://attack.mitre.org/techniques/T1136/003/" rel="noopener ugc nofollow" target="_blank">T1136.003: Create Account: Cloud Account</a> with additional service account insights.</p><p id="d74e" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk"><strong class="nk gv">What’s Next:</strong> v16 will feature robust identity and detection updates, as well as the platform rebalancing operations, where we’re focusing on covering a wider range of cloud environments and threats, while making it more intuitive to prioritize techniques relevant to a specific platform.</p><h1 id="1bcf" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">Defensive Coverage | Upgrading, Converting & Restructuring Defensive Measures</strong></h1><p id="ed51" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">You’ll find expanded detections in v15 to assist your detection engineering. Previously, we structured our analytics in a pseudo format that was consistent with the Cyber Analytic Repository (CAR). In some cases this was hard to understand.</p><p id="b7b1" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">In v15, we transformed that format into a real-world query language style (like Splunk) that is compatible with various security tools. These upgrades are featured in detections across the framework including some techniques within the <a class="af oh" href="https://attack.mitre.org/tactics/TA0002/" rel="noopener ugc nofollow" target="_blank">Execution</a> tactic.</p><p id="5a64" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">Our aim with these upgrades, is to reflect the data source itself is the data you should be collecting, and to provide an understandable format that pairs well with every day defender tools (i.e. SIEMs and Sensors).</p></div></div><div class="nc bh"><figure class="pl pm pn po pp nc bh paragraph-image"><picture><source srcSet="https://miro.medium.com/v2/resize:fit:640/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 640w, https://miro.medium.com/v2/resize:fit:720/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 720w, https://miro.medium.com/v2/resize:fit:750/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 750w, https://miro.medium.com/v2/resize:fit:786/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 786w, https://miro.medium.com/v2/resize:fit:828/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 828w, https://miro.medium.com/v2/resize:fit:1100/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 1100w, https://miro.medium.com/v2/resize:fit:4800/format:webp/1*TPJCF1m40g_-UQwTjlIjaw.png 4800w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 100vw" type="image/webp"/><source data-testid="og" srcSet="https://miro.medium.com/v2/resize:fit:640/1*TPJCF1m40g_-UQwTjlIjaw.png 640w, https://miro.medium.com/v2/resize:fit:720/1*TPJCF1m40g_-UQwTjlIjaw.png 720w, https://miro.medium.com/v2/resize:fit:750/1*TPJCF1m40g_-UQwTjlIjaw.png 750w, https://miro.medium.com/v2/resize:fit:786/1*TPJCF1m40g_-UQwTjlIjaw.png 786w, https://miro.medium.com/v2/resize:fit:828/1*TPJCF1m40g_-UQwTjlIjaw.png 828w, https://miro.medium.com/v2/resize:fit:1100/1*TPJCF1m40g_-UQwTjlIjaw.png 1100w, https://miro.medium.com/v2/resize:fit:4800/1*TPJCF1m40g_-UQwTjlIjaw.png 4800w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 100vw"/><img alt="" class="bh mb nh c" width="2400" height="1228" loading="eager" role="presentation"/></picture></figure><figure class="ls nc bh paragraph-image"><picture><source srcSet="https://miro.medium.com/v2/resize:fit:640/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 640w, https://miro.medium.com/v2/resize:fit:720/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 720w, https://miro.medium.com/v2/resize:fit:750/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 750w, https://miro.medium.com/v2/resize:fit:786/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 786w, https://miro.medium.com/v2/resize:fit:828/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 828w, https://miro.medium.com/v2/resize:fit:1100/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 1100w, https://miro.medium.com/v2/resize:fit:4800/format:webp/1*sP0Dsh-4G3EqqmWg77cBFw.png 4800w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 100vw" type="image/webp"/><source data-testid="og" srcSet="https://miro.medium.com/v2/resize:fit:640/1*sP0Dsh-4G3EqqmWg77cBFw.png 640w, https://miro.medium.com/v2/resize:fit:720/1*sP0Dsh-4G3EqqmWg77cBFw.png 720w, https://miro.medium.com/v2/resize:fit:750/1*sP0Dsh-4G3EqqmWg77cBFw.png 750w, https://miro.medium.com/v2/resize:fit:786/1*sP0Dsh-4G3EqqmWg77cBFw.png 786w, https://miro.medium.com/v2/resize:fit:828/1*sP0Dsh-4G3EqqmWg77cBFw.png 828w, https://miro.medium.com/v2/resize:fit:1100/1*sP0Dsh-4G3EqqmWg77cBFw.png 1100w, https://miro.medium.com/v2/resize:fit:4800/1*sP0Dsh-4G3EqqmWg77cBFw.png 4800w" sizes="(min-resolution: 4dppx) and (max-width: 700px) 50vw, (-webkit-min-device-pixel-ratio: 4) and (max-width: 700px) 50vw, (min-resolution: 3dppx) and (max-width: 700px) 67vw, (-webkit-min-device-pixel-ratio: 3) and (max-width: 700px) 65vw, (min-resolution: 2.5dppx) and (max-width: 700px) 80vw, (-webkit-min-device-pixel-ratio: 2.5) and (max-width: 700px) 80vw, (min-resolution: 2dppx) and (max-width: 700px) 100vw, (-webkit-min-device-pixel-ratio: 2) and (max-width: 700px) 100vw, 100vw"/><img alt="" class="bh mb nh c" width="2400" height="1228" loading="eager" role="presentation"/></picture></figure></div><div class="ab cb"><div class="ci bh fz ga gb gc"><p id="da5f" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">We have also synced up some mitigations within the parent to sub-technique relationship. Our team has analyzed a list of sub-techniques that had mitigations that the parent technique did not have. In v15, you will find some parent techniques now reflect what mitigations are seen in the sub-technique.</p><p id="0bb8" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk"><strong class="nk gv">What’s Next: </strong>As we gear up for October, we’ll be completing the Execution detections, refining Credential Access detections, diving into Cloud analytics, and restructuring our data sources for better accessibility.</p><h1 id="ad9a" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">ICS | Cross-Domain Campaigns</strong></h1><p id="0d2e" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">We’ve been working to retrofit major incidents in the ICS space to improve understanding and showcase how ICS and enterprise techniques intersect in each event. V15 illuminates some of the ICS-Enterprise integration efforts, with the release of four cross-mapped campaigns:</p><p id="262d" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">· Starting with <a class="af oh" href="https://attack.mitre.org/campaigns/C0030/" rel="noopener ugc nofollow" target="_blank">Triton</a>, the Safety Instrumented System attack of 2017 that shook the petrochemical industry to its core.</p><p id="d842" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">· Then there’s <a class="af oh" href="https://attack.mitre.org/campaigns/C0032/" rel="noopener ugc nofollow" target="_blank">C0032</a>, a campaign spanning various utilities from 2014 to 2017, often grouped with the petrochemical incident but distinctly different in nature.</p><p id="d445" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">· Next up, <a class="af oh" href="https://attack.mitre.org/campaigns/C0031/" rel="noopener ugc nofollow" target="_blank">Unitronics</a>, a spree that zeroed-in on specific devices and impacted utilities and organizations worldwide. This campaign saw adversaries disrupting device interfaces to make them unusable for end users.</p><p id="a336" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">· Fast forward to <a class="af oh" href="https://attack.mitre.org/campaigns/C0034/" rel="noopener ugc nofollow" target="_blank">2022 Ukraine Electric Power</a>, where we witnessed a glimpse into the future of ICS attacks, with hypervisor features and shared domain access exploited to infiltrate ICS systems and unleash havoc. The campaign highlights key considerations regarding hypervisor usage across multiple domains, and the abuse of native features in vendor software.</p><p id="0527" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">2022 Ukraine also spawned two new ICS techniques that are featured in this release: <a class="af oh" href="https://attack.mitre.org/techniques/T0895/" rel="noopener ugc nofollow" target="_blank">T0895: Autorun Image</a> and <a class="af oh" href="https://attack.mitre.org/techniques/T0894/" rel="noopener ugc nofollow" target="_blank">T0894:System Binary Proxy Execution</a> via vendor application binaries.</p><p id="1dc7" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk"><strong class="nk gv">What’s Next: </strong>v16 will launch ICS sub-techniques, along with a structured cross-walk to enable mapping between deprecated and new techniques. We’ll also be releasing new asset coverage and updates on our exploration into incorporating more sectors into the ICS matrix.</p><h1 id="8a5e" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">Mobile | New Techniques, Software, Groups & Mitigations</strong></h1><p id="dcf0" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">With help from our community, this release incorporates new techniques, including — <a class="af oh" href="https://attack.mitre.org/techniques/T1664/" rel="noopener ugc nofollow" target="_blank">exploiting software vulnerabilities for initial access </a>and <a class="af oh" href="https://attack.mitre.org/techniques/T1422/" rel="noopener ugc nofollow" target="_blank">adversaries performing active and automated discovery for the lowdown on your network setup</a> — and incorporated fresh software and groups. We also added a new mitigation to the Mobile matrix, <a class="af oh" href="https://attack.mitre.org/mitigations/M1059/" rel="noopener ugc nofollow" target="_blank">M1059 Do Not Mitigate</a> (for Mobile) as a sneak peek to the new mitigations that will be added in future releases. This release also features the first Mobile campaign, <a class="af oh" href="https://attack.mitre.org/campaigns/C0033/" rel="noopener ugc nofollow" target="_blank">C0033</a>, associated with <a class="af oh" href="https://attack.mitre.org/groups/G0056/" rel="noopener ugc nofollow" target="_blank">PROMETHIUM (G0056)</a>. The group primarily targets Windows devices, however, recent reporting and external contributions demonstrated a shift to mobile exploitation on Android and iOS devices.</p><p id="455d" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">We added in Mobile techniques to existing Groups and Software to illuminate the shift to include mobile exploitation. This includes building out the <a class="af oh" href="https://attack.mitre.org/groups/G0099/" rel="noopener ugc nofollow" target="_blank">APT-C-23 (G1028)</a> profile, mirroring this South American threat group’s targeting of Android and iOS devices, and recording how <a class="af oh" href="https://attack.mitre.org/groups/G1002/" rel="noopener ugc nofollow" target="_blank">BITTER (G1002)</a> has distributed malicious apps via SMS, WhatsApp, and various social media platforms.</p><p id="58f8" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk"><strong class="nk gv">What’s Next: </strong>In the coming months, we’ll be rolling out more structured detections, and boosting proactivity across Mobile by evaluating incorporation of pre-intrusion techniques, like active and passive reconnaissance, and acquiring or developing resources for targeting.</p><h1 id="fcc2" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">Cyber Threat Intelligence | More Cybercriminal, Underrepresented Groups</strong></h1><p id="5f16" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">We’re working towards better reflecting the threat landscape by infusing the framework with more cybercriminal and underreported adversary activity. This release showcases new cybercriminal operations and highlights <a class="af oh" href="https://attack.mitre.org/groups/G1026/" rel="noopener ugc nofollow" target="_blank">Malteiro</a>, a criminal group believed to be based in Brazil. They are <a class="af oh" href="https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/" rel="noopener ugc nofollow" target="_blank">known</a> for operating and distributing the Mispadu/URSA banking trojan through a malware-as-a-service model. Banking trojans, a notorious threat in Latin America, are increasingly spreading their chaos across borders, courtesy of malware developers selling tools to overseas operators. Malteiro’s operations exemplify this targeting shift, evident in a <a class="af oh" href="https://blog.morphisec.com/mispadu-infiltration-beyond-latam" rel="noopener ugc nofollow" target="_blank">recent campaign</a> affecting European entities across various sectors.</p><p id="b010" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk"><strong class="nk gv">What’s Next: </strong>We’ll continue conducting thorough assessments of Groups, Software, and Campaigns to up the framework realism quotient and provide clearer insights into adversary activities. We’re also teaming up with ATT&CK domain leads to expand coverage of cross-domain intrusions.</p><h1 id="4250" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">Software Dev | TAXII 2.1, FTW</strong></h1><p id="38aa" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">We’ve been working towards our goals of enhancing Navigator’s usability and streamlining processes for ATT&CK Workbench. Most importantly, we’re taking our TAXII server to new heights, and by December 18, we’ll be retiring the TAXII 2.0 server and transitioning to the upgraded TAXII 2.1 version. You can locate the documentation for the TAXII 2.1 server in our <a class="af oh" href="http://github.com/mitre-attack/attack-workbench-taxii-server" rel="noopener ugc nofollow" target="_blank">GitHub repository</a>.</p><p id="e95c" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk"><strong class="nk gv">What’s Next: </strong>We’ll be continuing to<strong class="nk gv"> </strong>enhance usability on ATT&CK Workbench and Navigator, and building towards swifter Groups and Software releases. Mark your calendars to update the URLs for TAXII 2.1 clients to connect to <a class="af oh" href="https://attack-taxii.mitre.org/" rel="noopener ugc nofollow" target="_blank">https://attack-taxii.mitre.org</a> instead of <a class="af oh" href="https://cti-taxii.mitre.org/" rel="noopener ugc nofollow" target="_blank">https://cti-taxii.mitre.org</a>!</p><h1 id="5955" class="oi oj gu bf ok ol om on oo op oq or os ot ou ov ow ox oy oz pa pb pc pd pe pf bk"><strong class="al">In Conclusion | Field Reports, Benefactors</strong></h1><p id="e46a" class="pw-post-body-paragraph ni nj gu nk b nl pg nn no np ph nr ns nt pi nv nw nx pj nz oa ob pk od oe of gn bk">We’re always on the lookout for field reports and insights from those of you on the ground. Your observations play a crucial role in improving ATT&CK’s tactical utility — so remember, <em class="og">if you see something, </em><a class="af oh" href="https://attack.mitre.org/resources/engage-with-attack/contribute/" rel="noopener ugc nofollow" target="_blank"><em class="og">contrib something</em></a>. Curious about how a contribution becomes a technique? Check out <a class="af oh" href="https://youtu.be/v24a5IOwObc?si=C9CZzBThVfLS19zH" rel="noopener ugc nofollow" target="_blank">our video</a> that walks you through the process.</p><p id="6179" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">If you’re interested in contributing to ATT&CK’s overall autonomy, flexibility, and free services, you can find more details on our <a class="af oh" href="https://attack.mitre.org/resources/engage-with-attack/benefactors/" rel="noopener ugc nofollow" target="_blank">Benefactor</a> page. We are deeply grateful to our initial cohort of benefactors, SOC Prime, Tidal Cyber, and Zimperium, for their generous support.</p><p id="a3a5" class="pw-post-body-paragraph ni nj gu nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk">©2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24–00779–3.</p></div></div></div></div></section></div></div></article></div><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="pq pr ab ja"><div class="ps ab"><a class="pt ay am ao" rel="noopener follow" href="/tag/attck?source=post_page-----26685f300acc---------------------------------------"><div class="pu fj cx pv ge pw px bf b bg z bk py">Attck</div></a></div><div class="ps ab"><a class="pt ay am ao" rel="noopener follow" href="/tag/mitre-attack?source=post_page-----26685f300acc---------------------------------------"><div class="pu fj cx pv ge pw px bf b bg z bk py">Mitre Attack</div></a></div><div class="ps ab"><a class="pt ay am ao" rel="noopener follow" href="/tag/detection-engineering?source=post_page-----26685f300acc---------------------------------------"><div class="pu fj cx pv ge pw px bf b bg z bk py">Detection Engineering</div></a></div><div class="ps ab"><a class="pt ay am ao" rel="noopener follow" href="/tag/cti?source=post_page-----26685f300acc---------------------------------------"><div class="pu fj cx pv ge pw px bf b bg z bk py">Cti</div></a></div><div class="ps ab"><a class="pt ay am ao" rel="noopener follow" href="/tag/cloud?source=post_page-----26685f300acc---------------------------------------"><div class="pu fj cx pv ge pw px bf b bg z bk py">Cloud</div></a></div></div></div></div><div class="l"></div><footer class="pz qa qb qc qd ab q qe ik c"><div class="l ae"><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="ab cp qf"><div class="ab q kt"><div class="qg l"><span class="l qh qi qj e d"><div class="ab q kt ku"><div class="pw-multi-vote-icon fj jc kv kw kx"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="footerClapButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmitre-attack%2F26685f300acc&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&user=Amy+L.+Robertson&userId=13b16fa8065d&source=---footer_actions--26685f300acc---------------------clap_footer------------------"><div><div class="bm" aria-hidden="false"><div class="ky ao kz la lb lc am ld le lf kx"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" d="M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z" clip-rule="evenodd"></path></svg></div></div></div></a></span></div><div class="pw-multi-vote-count l lg lh li lj lk ll lm"><p class="bf b dv z du"><span class="ln">--</span></p></div></div></span><span class="l h g f qk ql"><div class="ab q kt ku"><div class="pw-multi-vote-icon fj jc kv kw kx"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="footerClapButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmitre-attack%2F26685f300acc&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&user=Amy+L.+Robertson&userId=13b16fa8065d&source=---footer_actions--26685f300acc---------------------clap_footer------------------"><div><div class="bm" aria-hidden="false"><div class="ky ao kz la lb lc am ld le lf kx"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" d="M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z" clip-rule="evenodd"></path></svg></div></div></div></a></span></div><div class="pw-multi-vote-count l lg lh li lj lk ll lm"><p class="bf b dv z du"><span class="ln">--</span></p></div></div></span></div><div class="bq ab"><div><div class="bm" aria-hidden="false"><button class="ao ky lo lp ab q fk lq lr" aria-label="responses"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="ls"><path d="M18.006 16.803c1.533-1.456 2.234-3.325 2.234-5.321C20.24 7.357 16.709 4 12.191 4S4 7.357 4 11.482c0 4.126 3.674 7.482 8.191 7.482.817 0 1.622-.111 2.393-.327.231.2.48.391.744.559 1.06.693 2.203 1.044 3.399 1.044.224-.008.4-.112.486-.287a.49.49 0 0 0-.042-.518c-.495-.67-.845-1.364-1.04-2.057a4 4 0 0 1-.125-.598zm-3.122 1.055-.067-.223-.315.096a8 8 0 0 1-2.311.338c-4.023 0-7.292-2.955-7.292-6.587 0-3.633 3.269-6.588 7.292-6.588 4.014 0 7.112 2.958 7.112 6.593 0 1.794-.608 3.469-2.027 4.72l-.195.168v.255c0 .056 0 .151.016.295.025.231.081.478.154.733.154.558.398 1.117.722 1.659a5.3 5.3 0 0 1-2.165-.845c-.276-.176-.714-.383-.941-.59z"></path></svg></button></div></div></div></div><div class="ab q"><div class="qm l ix"><div><div class="bm" aria-hidden="false"><span><a class="af ag ah ai aj ak al am an ao ap aq ar as at" data-testid="footerBookmarkButton" rel="noopener follow" href="/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F26685f300acc&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fmitre-attack%2Fattack-v15-26685f300acc&source=---footer_actions--26685f300acc---------------------bookmark_footer------------------"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="none" viewBox="0 0 25 25" class="du lu" aria-label="Add to list bookmark button"><path fill="currentColor" d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .805.396L12.5 17l5.695 4.396A.5.5 0 0 0 19 21v-8.5a.5.5 0 0 0-1 0v7.485l-5.195-4.012a.5.5 0 0 0-.61 0L7 19.985z"></path></svg></a></span></div></div></div><div class="qm l ix"><div class="bm" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="bm" aria-hidden="false"><button aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post" data-testid="footerSocialShareButton" class="af fk ah ai aj ak al mc an ao ap ex md me lr mf"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M15.218 4.931a.4.4 0 0 1-.118.132l.012.006a.45.45 0 0 1-.292.074.5.5 0 0 1-.3-.13l-2.02-2.02v7.07c0 .28-.23.5-.5.5s-.5-.22-.5-.5v-7.04l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.79a.42.42 0 0 1 .068.498m-.106.138.008.004v-.01zM16 7.063h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11c-1.1 0-2-.9-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.15.5.5 0 0 1 .15.35.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9v-10.2c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1" clip-rule="evenodd"></path></svg></button></div></div></div></div></div></div></div></div></div></footer><div class="qn l"><div><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="qo l"><div class="ab qp qq qr iz iy"><div class="qs qt qu qv qw qx qy qz ra rb ab cp"><div class="h k"><a href="https://medium.com/mitre-attack?source=post_page---post_publication_info--26685f300acc---------------------------------------" rel="noopener follow"><div class="fj ab"><img alt="MITRE ATT&CK®" class="rc ib ic cx" src="https://miro.medium.com/v2/resize:fill:96:96/1*Y6LKGEIzmF96lVHkv_RS9A.png" width="48" height="48" loading="lazy"/><div class="rc l ic ib fs n fr rd"></div></div></a></div><div class="j i d"><a href="https://medium.com/mitre-attack?source=post_page---post_publication_info--26685f300acc---------------------------------------" rel="noopener follow"><div class="fj ab"><img alt="MITRE ATT&CK®" class="rc rf re cx" src="https://miro.medium.com/v2/resize:fill:128:128/1*Y6LKGEIzmF96lVHkv_RS9A.png" width="64" height="64" loading="lazy"/><div class="rc l re rf fs n fr rd"></div></div></a></div><div class="j i d rg ix"><div class="ab"></div></div></div><div class="ab co rh"><div class="ri rj rk rl rm l"><a class="af ag ah aj ak al am an ao ap aq ar as at ab q" href="https://medium.com/mitre-attack?source=post_page---post_publication_info--26685f300acc---------------------------------------" rel="noopener follow"><h2 class="pw-author-name bf ro rp rq rr rs rt ru nt rv rw nx rx ry ob rz sa bk"><span class="gn rn">Published in MITRE ATT&CK®</span></h2></a><div class="ps ab ia"><div class="l ix"><span class="pw-follower-count bf b bg z du"><a class="af ag ah ai aj ak al am an ao ap aq ar iq" rel="noopener follow" href="/mitre-attack/followers?source=post_page---post_publication_info--26685f300acc---------------------------------------">6.6K Followers</a></span></div><div class="bf b bg z du ab jb"><span class="ir l" aria-hidden="true"><span class="bf b bg z du">·</span></span><a class="af ag ah ai aj ak al am an ao ap aq ar iq" rel="noopener follow" href="/mitre-attack/attack-v16-561c76af94cf?source=post_page---post_publication_info--26685f300acc---------------------------------------">Last published <span>Oct 31, 2024</span></a></div></div><div class="sb l"><p class="bf b bg z bk">This is the official blog for MITRE ATT&CK®, the MITRE-developed, globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The full website is located at <a class="af ag ah ai aj ak al am an ao ap aq ar oh go" href="https://attack.mitre.org" rel="noopener ugc nofollow">https://attack.mitre.org</a>.</p></div></div></div><div class="h k"><div class="ab"></div></div></div></div><div class="ab qp qq qr iz iy"><div class="qs qt qu qv qw qx qy qz ra rb ab cp"><div class="h k"><a tabindex="0" rel="noopener follow" href="/@arobertson_79988?source=post_page---post_author_info--26685f300acc---------------------------------------"><div class="l fj"><img alt="Amy L. Robertson" class="l fd by ic ib cx" src="https://miro.medium.com/v2/resize:fill:96:96/1*HSqNMSnjesj-UnJGDPJi7g.jpeg" width="48" height="48" loading="lazy"/><div class="fr by l ic ib fs n ay rd"></div></div></a></div><div class="j i d"><a tabindex="0" rel="noopener follow" href="/@arobertson_79988?source=post_page---post_author_info--26685f300acc---------------------------------------"><div class="l fj"><img alt="Amy L. Robertson" class="l fd by re rf cx" src="https://miro.medium.com/v2/resize:fill:128:128/1*HSqNMSnjesj-UnJGDPJi7g.jpeg" width="64" height="64" loading="lazy"/><div class="fr by l re rf fs n ay rd"></div></div></a></div><div class="j i d rg ix"><div class="ab"><span><button class="bf b bg z sc pu sd se sf sg sh ev ew si sj sk fa fb fc fd bm fe ff">Follow</button></span></div></div></div><div class="ab co rh"><div class="ri rj rk rl rm l"><a class="af ag ah aj ak al am an ao ap aq ar as at ab q" rel="noopener follow" href="/@arobertson_79988?source=post_page---post_author_info--26685f300acc---------------------------------------"><h2 class="pw-author-name bf ro rp rq rr rs rt ru nt rv rw nx rx ry ob rz sa bk"><span class="gn rn">Written by Amy L. Robertson</span></h2></a><div class="ps ab ia"><div class="l ix"><span class="pw-follower-count bf b bg z du"><a class="af ag ah ai aj ak al am an ao ap aq ar iq" rel="noopener follow" href="/@arobertson_79988/followers?source=post_page---post_author_info--26685f300acc---------------------------------------">633 Followers</a></span></div><div class="bf b bg z du ab jb"><span class="ir l" aria-hidden="true"><span class="bf b bg z du">·</span></span><a class="af ag ah ai aj ak al am an ao ap aq ar iq" rel="noopener follow" href="/@arobertson_79988/following?source=post_page---post_author_info--26685f300acc---------------------------------------">5 Following</a></div></div><div class="sb l"></div></div></div><div class="h k"><div class="ab"><span><button class="bf b bg z sc pu sd se sf sg sh ev ew si sj sk fa fb fc fd bm fe ff">Follow</button></span></div></div></div></div></div></div></div><div class="sl l"><div class="sm bh r qn"></div><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="ab q cp"><h2 class="bf ro ol on oo op or os ot ov ow ox oz pa pb pd pe bk">No responses yet</h2><div class="ab sn"><div><div class="bm" aria-hidden="false"><a class="so sp" href="https://policy.medium.com/medium-rules-30e5502c4eb4?source=post_page---post_responses--26685f300acc---------------------------------------" rel="noopener follow" target="_blank"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" viewBox="0 0 25 25"><path fill-rule="evenodd" d="M11.987 5.036a.754.754 0 0 1 .914-.01c.972.721 1.767 1.218 2.6 1.543.828.322 1.719.485 2.887.505a.755.755 0 0 1 .741.757c-.018 3.623-.43 6.256-1.449 8.21-1.034 1.984-2.662 3.209-4.966 4.083a.75.75 0 0 1-.537-.003c-2.243-.874-3.858-2.095-4.897-4.074-1.024-1.951-1.457-4.583-1.476-8.216a.755.755 0 0 1 .741-.757c1.195-.02 2.1-.182 2.923-.503.827-.322 1.6-.815 2.519-1.535m.468.903c-.897.69-1.717 1.21-2.623 1.564-.898.35-1.856.527-3.026.565.037 3.45.469 5.817 1.36 7.515.884 1.684 2.25 2.762 4.284 3.571 2.092-.81 3.465-1.89 4.344-3.575.886-1.698 1.299-4.065 1.334-7.512-1.149-.039-2.091-.217-2.99-.567-.906-.353-1.745-.873-2.683-1.561m-.009 9.155a2.672 2.672 0 1 0 0-5.344 2.672 2.672 0 0 0 0 5.344m0 1a3.672 3.672 0 1 0 0-7.344 3.672 3.672 0 0 0 0 7.344m-1.813-3.777.525-.526.916.917 1.623-1.625.526.526-2.149 2.152z" clip-rule="evenodd"></path></svg></a></div></div></div></div><div class="sq sr ss st su l"></div></div></div></div><div class="sv sw sx sy sz l bx"><div class="h k j"><div class="sm bh ta tb"></div><div class="ab cb"><div class="ci bh fz ga gb gc"><div class="tc ab kt ja"><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://help.medium.com/hc/en-us?source=post_page-----26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b dv z du">Help</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://medium.statuspage.io/?source=post_page-----26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b dv z du">Status</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" rel="noopener follow" href="/about?autoplay=1&source=post_page-----26685f300acc---------------------------------------"><p class="bf b dv z du">About</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" rel="noopener follow" href="/jobs-at-medium/work-at-medium-959d1a85284e?source=post_page-----26685f300acc---------------------------------------"><p class="bf b dv z du">Careers</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="mailto:pressinquiries@medium.com" rel="noopener follow"><p class="bf b dv z du">Press</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://blog.medium.com/?source=post_page-----26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b dv z du">Blog</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b dv z du">Privacy</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b dv z du">Terms</p></a></div><div class="td te l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" href="https://speechify.com/medium?source=post_page-----26685f300acc---------------------------------------" rel="noopener follow"><p class="bf b dv z du">Text to speech</p></a></div><div class="td l"><a class="af ag ah ai aj ak al am an ao ap aq ar as at" rel="noopener follow" href="/business?source=post_page-----26685f300acc---------------------------------------"><p class="bf b dv z du">Teams</p></a></div></div></div></div></div></div></div></div></div></div><script>window.__BUILD_ID__="main-20250214-225023-b6ac233ec4"</script><script>window.__GRAPHQL_URI__ = "https://medium.com/_/graphql"</script><script>window.__PRELOADED_STATE__ = {"algolia":{"queries":{}},"cache":{"experimentGroupSet":true,"reason":"","group":"enabled","tags":["group-edgeCachePosts","post-26685f300acc","user-13b16fa8065d","collection-6da19bd08fba"],"serverVariantState":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","middlewareEnabled":true,"cacheStatus":"DYNAMIC","shouldUseCache":true,"vary":[],"pubFeaturingPostPageLabelEnabled":false},"client":{"hydrated":false,"isUs":false,"isNativeMedium":false,"isSafariMobile":false,"isSafari":false,"isFirefox":false,"routingEntity":{"type":"DEFAULT","explicit":false},"viewerIsBot":false},"debug":{"requestId":"bf9131b4-2b27-409b-a3e2-e00adcc420bb","requestTag":"","hybridDevServices":[],"originalSpanCarrier":{"traceparent":"00-3ac7cd80b7828d70db2ea403e9e25174-33ca7225ad201620-01"}},"multiVote":{"clapsPerPost":{}},"navigation":{"branch":{"show":null,"hasRendered":null,"blockedByCTA":false},"hideGoogleOneTap":false,"hasRenderedAlternateUserBanner":null,"currentLocation":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v15-26685f300acc","host":"medium.com","hostname":"medium.com","referrer":"","hasSetReferrer":false,"susiModal":{"step":null,"operation":"register"},"postRead":false,"partnerProgram":{"selectedCountryCode":null},"queryString":"","currentHash":""},"config":{"nodeEnv":"production","version":"main-20250214-225023-b6ac233ec4","target":"production","productName":"Medium","publicUrl":"https:\u002F\u002Fcdn-client.medium.com\u002Flite","authDomain":"medium.com","authGoogleClientId":"216296035834-k1k6qe060s2tp2a2jam4ljdcms00sttg.apps.googleusercontent.com","favicon":"production","glyphUrl":"https:\u002F\u002Fglyph.medium.com","branchKey":"key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm","algolia":{"appId":"MQ57UUUQZ2","apiKeySearch":"394474ced050e3911ae2249ecc774921","indexPrefix":"medium_","host":"-dsn.algolia.net"},"recaptchaKey":"6Lfc37IUAAAAAKGGtC6rLS13R1Hrw_BqADfS1LRk","recaptcha3Key":"6Lf8R9wUAAAAABMI_85Wb8melS7Zj6ziuf99Yot5","recaptchaEnterpriseKeyId":"6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp","datadog":{"applicationId":"6702d87d-a7e0-42fe-bbcb-95b469547ea0","clientToken":"pub853ea8d17ad6821d9f8f11861d23dfed","rumToken":"pubf9cc52896502b9413b68ba36fc0c7162","context":{"deployment":{"target":"production","tag":"main-20250214-225023-b6ac233ec4","commit":"b6ac233ec4e33c48e304b373b7df8c338a410ef2"}},"datacenter":"us"},"googleAnalyticsCode":"G-7JY7T788PK","googlePay":{"apiVersion":"2","apiVersionMinor":"0","merchantId":"BCR2DN6TV7EMTGBM","merchantName":"Medium","instanceMerchantId":"13685562959212738550"},"applePay":{"version":3},"signInWallCustomDomainCollectionIds":["3a8144eabfe3","336d898217ee","61061eb0c96b","138adf9c44c","819cc2aaeee0"],"mediumMastodonDomainName":"me.dm","mediumOwnedAndOperatedCollectionIds":["8a9336e5bb4","b7e45b22fec3","193b68bd4fba","8d6b8a439e32","54c98c43354d","3f6ecf56618","d944778ce714","92d2092dc598","ae2a65f35510","1285ba81cada","544c7006046e","fc8964313712","40187e704f1c","88d9857e584e","7b6769f2748b","bcc38c8f6edf","cef6983b292","cb8577c9149e","444d13b52878","713d7dbc99b0","ef8e90590e66","191186aaafa0","55760f21cdc5","9dc80918cc93","bdc4052bbdba","8ccfed20cbb2"],"tierOneDomains":["medium.com","thebolditalic.com","arcdigital.media","towardsdatascience.com","uxdesign.cc","codeburst.io","psiloveyou.xyz","writingcooperative.com","entrepreneurshandbook.co","prototypr.io","betterhumans.coach.me","theascent.pub"],"topicsToFollow":["d61cf867d93f","8a146bc21b28","1eca0103fff3","4d562ee63426","aef1078a3ef5","e15e46793f8d","6158eb913466","55f1c20aba7a","3d18b94f6858","4861fee224fd","63c6f1f93ee","1d98b3a9a871","decb52b64abf","ae5d4995e225","830cded25262"],"topicToTagMappings":{"accessibility":"accessibility","addiction":"addiction","android-development":"android-development","art":"art","artificial-intelligence":"artificial-intelligence","astrology":"astrology","basic-income":"basic-income","beauty":"beauty","biotech":"biotech","blockchain":"blockchain","books":"books","business":"business","cannabis":"cannabis","cities":"cities","climate-change":"climate-change","comics":"comics","coronavirus":"coronavirus","creativity":"creativity","cryptocurrency":"cryptocurrency","culture":"culture","cybersecurity":"cybersecurity","data-science":"data-science","design":"design","digital-life":"digital-life","disability":"disability","economy":"economy","education":"education","equality":"equality","family":"family","feminism":"feminism","fiction":"fiction","film":"film","fitness":"fitness","food":"food","freelancing":"freelancing","future":"future","gadgets":"gadgets","gaming":"gaming","gun-control":"gun-control","health":"health","history":"history","humor":"humor","immigration":"immigration","ios-development":"ios-development","javascript":"javascript","justice":"justice","language":"language","leadership":"leadership","lgbtqia":"lgbtqia","lifestyle":"lifestyle","machine-learning":"machine-learning","makers":"makers","marketing":"marketing","math":"math","media":"media","mental-health":"mental-health","mindfulness":"mindfulness","money":"money","music":"music","neuroscience":"neuroscience","nonfiction":"nonfiction","outdoors":"outdoors","parenting":"parenting","pets":"pets","philosophy":"philosophy","photography":"photography","podcasts":"podcast","poetry":"poetry","politics":"politics","privacy":"privacy","product-management":"product-management","productivity":"productivity","programming":"programming","psychedelics":"psychedelics","psychology":"psychology","race":"race","relationships":"relationships","religion":"religion","remote-work":"remote-work","san-francisco":"san-francisco","science":"science","self":"self","self-driving-cars":"self-driving-cars","sexuality":"sexuality","social-media":"social-media","society":"society","software-engineering":"software-engineering","space":"space","spirituality":"spirituality","sports":"sports","startups":"startup","style":"style","technology":"technology","transportation":"transportation","travel":"travel","true-crime":"true-crime","tv":"tv","ux":"ux","venture-capital":"venture-capital","visual-design":"visual-design","work":"work","world":"world","writing":"writing"},"defaultImages":{"avatar":{"imageId":"1*dmbNkD5D-u45r44go_cf0g.png","height":150,"width":150},"orgLogo":{"imageId":"7*V1_7XP4snlmqrc_0Njontw.png","height":110,"width":500},"postLogo":{"imageId":"bd978bb536350a710e8efb012513429cabdc4c28700604261aeda246d0f980b7","height":810,"width":1440},"postPreviewImage":{"imageId":"1*hn4v1tCaJy7cWMyb0bpNpQ.png","height":386,"width":579}},"collectionStructuredData":{"8d6b8a439e32":{"name":"Elemental","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F980\u002F1*9ygdqoKprhwuTVKUM0DLPA@2x.png","width":980,"height":159}}},"3f6ecf56618":{"name":"Forge","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F596\u002F1*uULpIlImcO5TDuBZ6lm7Lg@2x.png","width":596,"height":183}}},"ae2a65f35510":{"name":"GEN","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F264\u002F1*RdVZMdvfV3YiZTw6mX7yWA.png","width":264,"height":140}}},"88d9857e584e":{"name":"LEVEL","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*JqYMhNX6KNNb2UlqGqO2WQ.png","width":540,"height":108}}},"7b6769f2748b":{"name":"Marker","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F383\u002F1*haCUs0wF6TgOOvfoY-jEoQ@2x.png","width":383,"height":92}}},"444d13b52878":{"name":"OneZero","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*cw32fIqCbRWzwJaoQw6BUg.png","width":540,"height":123}}},"8ccfed20cbb2":{"name":"Zora","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*tZUQqRcCCZDXjjiZ4bDvgQ.png","width":540,"height":106}}}},"embeddedPostIds":{"coronavirus":"cd3010f9d81f"},"sharedCdcMessaging":{"COVID_APPLICABLE_TAG_SLUGS":[],"COVID_APPLICABLE_TOPIC_NAMES":[],"COVID_APPLICABLE_TOPIC_NAMES_FOR_TOPIC_PAGE":[],"COVID_MESSAGES":{"tierA":{"text":"For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":66,"end":73,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"tierB":{"text":"Anyone can publish on Medium per our Policies, but we don’t fact-check every story. For more info about the coronavirus, see cdc.gov.","markups":[{"start":37,"end":45,"href":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Fcategories\u002F201931128-Policies-Safety"},{"start":125,"end":132,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"paywall":{"text":"This article has been made free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":56,"end":70,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":138,"end":145,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"unbound":{"text":"This article is free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":45,"end":59,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":127,"end":134,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]}},"COVID_BANNER_POST_ID_OVERRIDE_WHITELIST":["3b31a67bff4a"]},"sharedVoteMessaging":{"TAGS":["politics","election-2020","government","us-politics","election","2020-presidential-race","trump","donald-trump","democrats","republicans","congress","republican-party","democratic-party","biden","joe-biden","maga"],"TOPICS":["politics","election"],"MESSAGE":{"text":"Find out more about the U.S. election results here.","markups":[{"start":46,"end":50,"href":"https:\u002F\u002Fcookpolitical.com\u002F2020-national-popular-vote-tracker"}]},"EXCLUDE_POSTS":["397ef29e3ca5"]},"embedPostRules":[],"recircOptions":{"v1":{"limit":3},"v2":{"limit":8}},"braintreeClientKey":"production_zjkj96jm_m56f8fqpf7ngnrd4","braintree":{"enabled":true,"merchantId":"m56f8fqpf7ngnrd4","merchantAccountId":{"usd":"AMediumCorporation_instant","eur":"amediumcorporation_EUR","cad":"amediumcorporation_CAD"},"publicKey":"ds2nn34bg2z7j5gd","braintreeEnvironment":"production","dashboardUrl":"https:\u002F\u002Fwww.braintreegateway.com\u002Fmerchants","gracePeriodDurationInDays":14,"mediumMembershipPlanId":{"monthly":"ce105f8c57a3","monthlyV2":"e8a5e126-792b-4ee6-8fba-d574c1b02fc5","monthlyWithTrial":"d5ee3dbe3db8","monthlyPremium":"fa741a9b47a2","yearly":"a40ad4a43185","yearlyV2":"3815d7d6-b8ca-4224-9b8c-182f9047866e","yearlyStaff":"d74fb811198a","yearlyWithTrial":"b3bc7350e5c7","yearlyPremium":"e21bd2c12166","monthlyOneYearFree":"e6c0637a-2bad-4171-ab4f-3c268633d83c","monthly25PercentOffFirstYear":"235ecc62-0cdb-49ae-9378-726cd21c504b","monthly20PercentOffFirstYear":"ba518864-9c13-4a99-91ca-411bf0cac756","monthly15PercentOffFirstYear":"594c029b-9f89-43d5-88f8-8173af4e070e","monthly10PercentOffFirstYear":"c6c7bc9a-40f2-4b51-8126-e28511d5bdb0","monthlyForStudents":"629ebe51-da7d-41fd-8293-34cd2f2030a8","yearlyOneYearFree":"78ba7be9-0d9f-4ece-aa3e-b54b826f2bf1","yearly25PercentOffFirstYear":"2dbb010d-bb8f-4eeb-ad5c-a08509f42d34","yearly20PercentOffFirstYear":"47565488-435b-47f8-bf93-40d5fbe0ebc8","yearly15PercentOffFirstYear":"8259809b-0881-47d9-acf7-6c001c7f720f","yearly10PercentOffFirstYear":"9dd694fb-96e1-472c-8d9e-3c868d5c1506","yearlyForStudents":"e29345ef-ab1c-4234-95c5-70e50fe6bc23","monthlyCad":"p52orjkaceei","yearlyCad":"h4q9g2up9ktt"},"braintreeDiscountId":{"oneMonthFree":"MONTHS_FREE_01","threeMonthsFree":"MONTHS_FREE_03","sixMonthsFree":"MONTHS_FREE_06","fiftyPercentOffOneYear":"FIFTY_PERCENT_OFF_ONE_YEAR"},"3DSecureVersion":"2","defaultCurrency":"usd","providerPlanIdCurrency":{"4ycw":"usd","rz3b":"usd","3kqm":"usd","jzw6":"usd","c2q2":"usd","nnsw":"usd","q8qw":"usd","d9y6":"usd","fx7w":"cad","nwf2":"cad"}},"paypalClientId":"AXj1G4fotC2GE8KzWX9mSxCH1wmPE3nJglf4Z2ig_amnhvlMVX87otaq58niAg9iuLktVNF_1WCMnN7v","paypal":{"host":"https:\u002F\u002Fapi.paypal.com:443","clientMode":"production","serverMode":"live","webhookId":"4G466076A0294510S","monthlyPlan":{"planId":"P-9WR0658853113943TMU5FDQA","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlan":{"planId":"P-7N8963881P8875835MU5JOPQ","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oneYearGift":{"name":"Medium Membership (1 Year, Digital Gift Code)","description":"Unlimited access to the best and brightest stories on Medium. Gift codes can be redeemed at medium.com\u002Fredeem.","price":"50.00","currency":"USD","sku":"membership-gift-1-yr"},"oldMonthlyPlan":{"planId":"P-96U02458LM656772MJZUVH2Y","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlan":{"planId":"P-59P80963JF186412JJZU3SMI","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"monthlyPlanWithTrial":{"planId":"P-66C21969LR178604GJPVKUKY","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlanWithTrial":{"planId":"P-6XW32684EX226940VKCT2MFA","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oldMonthlyPlanNoSetupFee":{"planId":"P-4N046520HR188054PCJC7LJI","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlanNoSetupFee":{"planId":"P-7A4913502Y5181304CJEJMXQ","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"sdkUrl":"https:\u002F\u002Fwww.paypal.com\u002Fsdk\u002Fjs"},"stripePublishableKey":"pk_live_7FReX44VnNIInZwrIIx6ghjl","log":{"json":true,"level":"info"},"imageUploadMaxSizeMb":25,"staffPicks":{"title":"Staff Picks","catalogId":"c7bc6e1ee00f"}},"session":{"xsrf":""}}</script><script>window.__APOLLO_STATE__ = {"ROOT_QUERY":{"__typename":"Query","collectionByDomainOrSlug({\"domainOrSlug\":\"mitre-attack\"})":{"__ref":"Collection:6da19bd08fba"},"postResult({\"id\":\"26685f300acc\"})":{"__ref":"Post:26685f300acc"},"viewer":null},"ImageMetadata:":{"__typename":"ImageMetadata","id":""},"Collection:6da19bd08fba":{"__typename":"Collection","id":"6da19bd08fba","favicon":{"__ref":"ImageMetadata:"},"customStyleSheet":null,"colorPalette":{"__typename":"ColorPalette","highlightSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFFFFFFF","colorPoints":[{"__typename":"ColorPoint","color":"#FFFFE3D3","point":0},{"__typename":"ColorPoint","color":"#FFFFDECB","point":0.1},{"__typename":"ColorPoint","color":"#FFFFD9C4","point":0.2},{"__typename":"ColorPoint","color":"#FFFFD4BD","point":0.3},{"__typename":"ColorPoint","color":"#FFFFD0B5","point":0.4},{"__typename":"ColorPoint","color":"#FFFFCBAE","point":0.5},{"__typename":"ColorPoint","color":"#FFFFC6A7","point":0.6},{"__typename":"ColorPoint","color":"#FFFFC1A0","point":0.7},{"__typename":"ColorPoint","color":"#FFFFBC99","point":0.8},{"__typename":"ColorPoint","color":"#FFFFB792","point":0.9},{"__typename":"ColorPoint","color":"#FFFFB18B","point":1}]},"defaultBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFFFFFFF","colorPoints":[{"__typename":"ColorPoint","color":"#FFDA4E2A","point":0},{"__typename":"ColorPoint","color":"#FFCA4A29","point":0.1},{"__typename":"ColorPoint","color":"#FFB94628","point":0.2},{"__typename":"ColorPoint","color":"#FFA84227","point":0.3},{"__typename":"ColorPoint","color":"#FF973D25","point":0.4},{"__typename":"ColorPoint","color":"#FF863823","point":0.5},{"__typename":"ColorPoint","color":"#FF753220","point":0.6},{"__typename":"ColorPoint","color":"#FF632B1C","point":0.7},{"__typename":"ColorPoint","color":"#FF512417","point":0.8},{"__typename":"ColorPoint","color":"#FF3E1B12","point":0.9},{"__typename":"ColorPoint","color":"#FF2A120B","point":1}]},"tintBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFC63F1D","colorPoints":[{"__typename":"ColorPoint","color":"#FFC63F1D","point":0},{"__typename":"ColorPoint","color":"#FFD65331","point":0.1},{"__typename":"ColorPoint","color":"#FFE46644","point":0.2},{"__typename":"ColorPoint","color":"#FFF17858","point":0.3},{"__typename":"ColorPoint","color":"#FFFC8B6B","point":0.4},{"__typename":"ColorPoint","color":"#FFFF9C7F","point":0.5},{"__typename":"ColorPoint","color":"#FFFFAE93","point":0.6},{"__typename":"ColorPoint","color":"#FFFFBFA7","point":0.7},{"__typename":"ColorPoint","color":"#FFFFD0BB","point":0.8},{"__typename":"ColorPoint","color":"#FFFFE1D0","point":0.9},{"__typename":"ColorPoint","color":"#FFFFF2E4","point":1}]}},"domain":null,"slug":"mitre-attack","googleAnalyticsId":null,"name":"MITRE ATT&CK®","avatar":{"__ref":"ImageMetadata:1*Y6LKGEIzmF96lVHkv_RS9A.png"},"description":"This is the official blog for MITRE ATT&CK®, the MITRE-developed, globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The full website is located at https:\u002F\u002Fattack.mitre.org.","subscriberCount":6661,"latestPostsConnection({\"paging\":{\"limit\":1}})":{"__typename":"PostConnection","posts":[{"__ref":"Post:561c76af94cf"}]},"isAuroraVisible":false,"tintColor":"#FFC63F1D","newsletterV3":null,"viewerEdge":{"__ref":"CollectionViewerEdge:collectionId:6da19bd08fba-viewerId:lo_7cdcda5578c7"},"twitterUsername":"mitreattack","facebookPageId":null,"logo":{"__ref":"ImageMetadata:1*8epIYX1PfgfnVfDYfZ5loQ.png"}},"ImageMetadata:1*Y6LKGEIzmF96lVHkv_RS9A.png":{"__typename":"ImageMetadata","id":"1*Y6LKGEIzmF96lVHkv_RS9A.png"},"User:13b16fa8065d":{"__typename":"User","id":"13b16fa8065d","customDomainState":null,"hasSubdomain":false,"username":"arobertson_79988","linkedAccounts":{"__ref":"LinkedAccounts:13b16fa8065d"},"isSuspended":false,"name":"Amy L. Robertson","imageId":"1*HSqNMSnjesj-UnJGDPJi7g.jpeg","verifications":{"__typename":"VerifiedInfo","isBookAuthor":false},"socialStats":{"__typename":"SocialStats","followerCount":633,"followingCount":4,"collectionFollowingCount":1},"bio":"","membership":null,"allowNotes":true,"viewerEdge":{"__ref":"UserViewerEdge:userId:13b16fa8065d-viewerId:lo_7cdcda5578c7"},"twitterScreenName":""},"Post:561c76af94cf":{"__typename":"Post","id":"561c76af94cf","firstPublishedAt":1730389403724,"creator":{"__ref":"User:13b16fa8065d"},"collection":{"__ref":"Collection:6da19bd08fba"},"isSeries":false,"mediumUrl":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v16-561c76af94cf","sequence":null,"uniqueSlug":"attack-v16-561c76af94cf"},"LinkedAccounts:13b16fa8065d":{"__typename":"LinkedAccounts","mastodon":null,"id":"13b16fa8065d"},"Paragraph:5cc83dcfd95c_0":{"__typename":"Paragraph","id":"5cc83dcfd95c_0","name":"94c2","type":"H3","href":null,"layout":null,"metadata":null,"text":"ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"ImageMetadata:1*9nefc6VVPUZWdnO9pxLoTA.png":{"__typename":"ImageMetadata","id":"1*9nefc6VVPUZWdnO9pxLoTA.png","originalHeight":1876,"originalWidth":3024,"focusPercentX":null,"focusPercentY":null,"alt":null},"Paragraph:5cc83dcfd95c_1":{"__typename":"Paragraph","id":"5cc83dcfd95c_1","name":"7c73","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:1*9nefc6VVPUZWdnO9pxLoTA.png"},"text":"","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_2":{"__typename":"Paragraph","id":"5cc83dcfd95c_2","name":"fcc3","type":"P","href":null,"layout":null,"metadata":null,"text":"v15 is all about actionability and bringing defenders’ reality into focus — we prioritized what you need to detect, and how you can do it more effectively with detection engineering upgrades, and deeper intelligence insights across platforms. This release also reflects the new expansion rhythm, balancing both well-known and emerging behaviors to reflect how trends and activity are experienced in the field.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"EM","start":91,"end":96,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"EM","start":120,"end":124,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_3":{"__typename":"Paragraph","id":"5cc83dcfd95c_3","name":"9016","type":"P","href":null,"layout":null,"metadata":null,"text":"For the details on our updates\u002Fadditions across Techniques, Software, Groups and Campaigns take a look at our release notes, our detailed changelog, or our changelog.json.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":110,"end":123,"href":"https:\u002F\u002Fattack.mitre.org\u002Fresources\u002Fupdates\u002Fupdates-april-2024\u002Findex.html","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":129,"end":147,"href":"https:\u002F\u002Fattack.mitre.org\u002Fdocs\u002Fchangelogs\u002Fv14.1-v15.0\u002Fchangelog-detailed.html","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":156,"end":170,"href":"https:\u002F\u002Fattack.mitre.org\u002Fdocs\u002Fchangelogs\u002Fv14.1-v15.0\u002Fchangelog.json","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_4":{"__typename":"Paragraph","id":"5cc83dcfd95c_4","name":"7872","type":"H3","href":null,"layout":null,"metadata":null,"text":"Enterprise | Familiar + Novel = Reality","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":39,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_5":{"__typename":"Paragraph","id":"5cc83dcfd95c_5","name":"877f","type":"P","href":null,"layout":null,"metadata":null,"text":"With v15 we were aiming for the perfect balance of familiar behaviors you’ve probably seen countless times (e.g., T1027.013: Obfuscated Files or Information: Encrypted\u002F Encoded File, T1665: Hide Infrastructure), as well as newer, emerging trends. The shadowy domain of Resource Development was expanded to illuminate how adversaries are using generative artificial intelligence tools, like large language models (LLMs), to support various malicious activities (T1588.007: Obtain Capabilities: Artificial Intelligence). And it’s not just about gaining initial access anymore — we added T1584.008: Compromise Infrastructure: Network Devices to capture how threat groups are hacking into third-party network devices, including small office\u002Fhome office routers, to use these devices to facilitate further targeting.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":114,"end":181,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1027\u002F013\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":183,"end":209,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1665\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":461,"end":516,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1588\u002F007\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":585,"end":638,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1584\u002F008\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_6":{"__typename":"Paragraph","id":"5cc83dcfd95c_6","name":"f1b3","type":"H3","href":null,"layout":null,"metadata":null,"text":"Cloud | More Actionability","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":26,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_7":{"__typename":"Paragraph","id":"5cc83dcfd95c_7","name":"9809","type":"P","href":null,"layout":null,"metadata":null,"text":"As outlined in the ATT&CK 2024 Roadmap, we’re striving to make the Cloud matrix more approachable for defenders of all skill levels. With this release, we focused on providing a broader set of defensive measures, resources, and insights for CI\u002FCD pipelines, Infrastructure as Code (IaC), and Identity. v15 features new mitigations and data sources on token protection, along with more specific references to Okta logs. T1072: Software Deployment Tools was expanded to include broad execution of T1651: Cloud Administration Command, reflecting how threat actors are turning cloud native tools like AWS Systems Manager into remote access trojans.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":19,"end":38,"href":"\u002Fmitre-attack\u002Fattack-2024-roadmap-8dfc46d1ad1b","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":67,"end":79,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmatrices\u002Fenterprise\u002Fcloud\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":419,"end":451,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1072\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":495,"end":530,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1651\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_8":{"__typename":"Paragraph","id":"5cc83dcfd95c_8","name":"6301","type":"P","href":null,"layout":null,"metadata":null,"text":"We ramped up resources for CI\u002FCD pipelines and IaC, and made some refinements to Identity, with the expansion of T1484: Domain Policy Modification to include not just Azure AD, but also other identity-as-a-service providers like Okta. T1556: Modify Authentication Process gained a new sub (T1556.009: Conditional Access Policies) exploring how threat actors have tampered with or disabled conditional access policies for ongoing access to compromised accounts. We also expanded T1136.003: Create Account: Cloud Account with additional service account insights.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":113,"end":146,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1484\u002F002\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":235,"end":271,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1556\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":290,"end":328,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1556\u002F009\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":478,"end":518,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1136\u002F003\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_9":{"__typename":"Paragraph","id":"5cc83dcfd95c_9","name":"d74e","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: v16 will feature robust identity and detection updates, as well as the platform rebalancing operations, where we’re focusing on covering a wider range of cloud environments and threats, while making it more intuitive to prioritize techniques relevant to a specific platform.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":12,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_10":{"__typename":"Paragraph","id":"5cc83dcfd95c_10","name":"1bcf","type":"H3","href":null,"layout":null,"metadata":null,"text":"Defensive Coverage | Upgrading, Converting & Restructuring Defensive Measures","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":77,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_11":{"__typename":"Paragraph","id":"5cc83dcfd95c_11","name":"ed51","type":"P","href":null,"layout":null,"metadata":null,"text":"You’ll find expanded detections in v15 to assist your detection engineering. Previously, we structured our analytics in a pseudo format that was consistent with the Cyber Analytic Repository (CAR). In some cases this was hard to understand.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_12":{"__typename":"Paragraph","id":"5cc83dcfd95c_12","name":"b7b1","type":"P","href":null,"layout":null,"metadata":null,"text":"In v15, we transformed that format into a real-world query language style (like Splunk) that is compatible with various security tools. These upgrades are featured in detections across the framework including some techniques within the Execution tactic.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":236,"end":245,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftactics\u002FTA0002\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_13":{"__typename":"Paragraph","id":"5cc83dcfd95c_13","name":"5a64","type":"P","href":null,"layout":null,"metadata":null,"text":"Our aim with these upgrades, is to reflect the data source itself is the data you should be collecting, and to provide an understandable format that pairs well with every day defender tools (i.e. SIEMs and Sensors).","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"ImageMetadata:1*TPJCF1m40g_-UQwTjlIjaw.png":{"__typename":"ImageMetadata","id":"1*TPJCF1m40g_-UQwTjlIjaw.png","originalHeight":1228,"originalWidth":3302,"focusPercentX":null,"focusPercentY":null,"alt":null},"Paragraph:5cc83dcfd95c_14":{"__typename":"Paragraph","id":"5cc83dcfd95c_14","name":"637a","type":"IMG","href":null,"layout":"FULL_WIDTH","metadata":{"__ref":"ImageMetadata:1*TPJCF1m40g_-UQwTjlIjaw.png"},"text":"","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"ImageMetadata:1*sP0Dsh-4G3EqqmWg77cBFw.png":{"__typename":"ImageMetadata","id":"1*sP0Dsh-4G3EqqmWg77cBFw.png","originalHeight":1228,"originalWidth":3292,"focusPercentX":null,"focusPercentY":null,"alt":null},"Paragraph:5cc83dcfd95c_15":{"__typename":"Paragraph","id":"5cc83dcfd95c_15","name":"51a3","type":"IMG","href":null,"layout":"FULL_WIDTH","metadata":{"__ref":"ImageMetadata:1*sP0Dsh-4G3EqqmWg77cBFw.png"},"text":"","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_16":{"__typename":"Paragraph","id":"5cc83dcfd95c_16","name":"da5f","type":"P","href":null,"layout":null,"metadata":null,"text":"We have also synced up some mitigations within the parent to sub-technique relationship. Our team has analyzed a list of sub-techniques that had mitigations that the parent technique did not have. In v15, you will find some parent techniques now reflect what mitigations are seen in the sub-technique.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_17":{"__typename":"Paragraph","id":"5cc83dcfd95c_17","name":"0bb8","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: As we gear up for October, we’ll be completing the Execution detections, refining Credential Access detections, diving into Cloud analytics, and restructuring our data sources for better accessibility.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_18":{"__typename":"Paragraph","id":"5cc83dcfd95c_18","name":"ad9a","type":"H3","href":null,"layout":null,"metadata":null,"text":"ICS | Cross-Domain Campaigns","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":28,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_19":{"__typename":"Paragraph","id":"5cc83dcfd95c_19","name":"0d2e","type":"P","href":null,"layout":null,"metadata":null,"text":"We’ve been working to retrofit major incidents in the ICS space to improve understanding and showcase how ICS and enterprise techniques intersect in each event. V15 illuminates some of the ICS-Enterprise integration efforts, with the release of four cross-mapped campaigns:","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_20":{"__typename":"Paragraph","id":"5cc83dcfd95c_20","name":"262d","type":"P","href":null,"layout":null,"metadata":null,"text":"· Starting with Triton, the Safety Instrumented System attack of 2017 that shook the petrochemical industry to its core.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":16,"end":22,"href":"https:\u002F\u002Fattack.mitre.org\u002Fcampaigns\u002FC0030\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_21":{"__typename":"Paragraph","id":"5cc83dcfd95c_21","name":"d842","type":"P","href":null,"layout":null,"metadata":null,"text":"· Then there’s C0032, a campaign spanning various utilities from 2014 to 2017, often grouped with the petrochemical incident but distinctly different in nature.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":15,"end":20,"href":"https:\u002F\u002Fattack.mitre.org\u002Fcampaigns\u002FC0032\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_22":{"__typename":"Paragraph","id":"5cc83dcfd95c_22","name":"d445","type":"P","href":null,"layout":null,"metadata":null,"text":"· Next up, Unitronics, a spree that zeroed-in on specific devices and impacted utilities and organizations worldwide. This campaign saw adversaries disrupting device interfaces to make them unusable for end users.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":11,"end":21,"href":"https:\u002F\u002Fattack.mitre.org\u002Fcampaigns\u002FC0031\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_23":{"__typename":"Paragraph","id":"5cc83dcfd95c_23","name":"a336","type":"P","href":null,"layout":null,"metadata":null,"text":"· Fast forward to 2022 Ukraine Electric Power, where we witnessed a glimpse into the future of ICS attacks, with hypervisor features and shared domain access exploited to infiltrate ICS systems and unleash havoc. The campaign highlights key considerations regarding hypervisor usage across multiple domains, and the abuse of native features in vendor software.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":18,"end":45,"href":"https:\u002F\u002Fattack.mitre.org\u002Fcampaigns\u002FC0034\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_24":{"__typename":"Paragraph","id":"5cc83dcfd95c_24","name":"0527","type":"P","href":null,"layout":null,"metadata":null,"text":"2022 Ukraine also spawned two new ICS techniques that are featured in this release: T0895: Autorun Image and T0894:System Binary Proxy Execution via vendor application binaries.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":84,"end":104,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT0895\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":109,"end":144,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT0894\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_25":{"__typename":"Paragraph","id":"5cc83dcfd95c_25","name":"1dc7","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: v16 will launch ICS sub-techniques, along with a structured cross-walk to enable mapping between deprecated and new techniques. We’ll also be releasing new asset coverage and updates on our exploration into incorporating more sectors into the ICS matrix.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_26":{"__typename":"Paragraph","id":"5cc83dcfd95c_26","name":"8a5e","type":"H3","href":null,"layout":null,"metadata":null,"text":"Mobile | New Techniques, Software, Groups & Mitigations","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":55,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_27":{"__typename":"Paragraph","id":"5cc83dcfd95c_27","name":"dcf0","type":"P","href":null,"layout":null,"metadata":null,"text":"With help from our community, this release incorporates new techniques, including — exploiting software vulnerabilities for initial access and adversaries performing active and automated discovery for the lowdown on your network setup — and incorporated fresh software and groups. We also added a new mitigation to the Mobile matrix, M1059 Do Not Mitigate (for Mobile) as a sneak peek to the new mitigations that will be added in future releases. This release also features the first Mobile campaign, C0033, associated with PROMETHIUM (G0056). The group primarily targets Windows devices, however, recent reporting and external contributions demonstrated a shift to mobile exploitation on Android and iOS devices.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":84,"end":139,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1664\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":143,"end":234,"href":"https:\u002F\u002Fattack.mitre.org\u002Ftechniques\u002FT1422\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":334,"end":355,"href":"https:\u002F\u002Fattack.mitre.org\u002Fmitigations\u002FM1059\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":501,"end":506,"href":"https:\u002F\u002Fattack.mitre.org\u002Fcampaigns\u002FC0033\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":524,"end":542,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG0056\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_28":{"__typename":"Paragraph","id":"5cc83dcfd95c_28","name":"455d","type":"P","href":null,"layout":null,"metadata":null,"text":"We added in Mobile techniques to existing Groups and Software to illuminate the shift to include mobile exploitation. This includes building out the APT-C-23 (G1028) profile, mirroring this South American threat group’s targeting of Android and iOS devices, and recording how BITTER (G1002) has distributed malicious apps via SMS, WhatsApp, and various social media platforms.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":149,"end":165,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG0099\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":276,"end":290,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG1002\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_29":{"__typename":"Paragraph","id":"5cc83dcfd95c_29","name":"58f8","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: In the coming months, we’ll be rolling out more structured detections, and boosting proactivity across Mobile by evaluating incorporation of pre-intrusion techniques, like active and passive reconnaissance, and acquiring or developing resources for targeting.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_30":{"__typename":"Paragraph","id":"5cc83dcfd95c_30","name":"fcc2","type":"H3","href":null,"layout":null,"metadata":null,"text":"Cyber Threat Intelligence | More Cybercriminal, Underrepresented Groups","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":71,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_31":{"__typename":"Paragraph","id":"5cc83dcfd95c_31","name":"5f16","type":"P","href":null,"layout":null,"metadata":null,"text":"We’re working towards better reflecting the threat landscape by infusing the framework with more cybercriminal and underreported adversary activity. This release showcases new cybercriminal operations and highlights Malteiro, a criminal group believed to be based in Brazil. They are known for operating and distributing the Mispadu\u002FURSA banking trojan through a malware-as-a-service model. Banking trojans, a notorious threat in Latin America, are increasingly spreading their chaos across borders, courtesy of malware developers selling tools to overseas operators. Malteiro’s operations exemplify this targeting shift, evident in a recent campaign affecting European entities across various sectors.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":216,"end":224,"href":"https:\u002F\u002Fattack.mitre.org\u002Fgroups\u002FG1026\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":284,"end":289,"href":"https:\u002F\u002Fblog.scilabs.mx\u002Fen\u002Fcyber-threat-profile-malteiro\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":635,"end":650,"href":"https:\u002F\u002Fblog.morphisec.com\u002Fmispadu-infiltration-beyond-latam","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_32":{"__typename":"Paragraph","id":"5cc83dcfd95c_32","name":"b010","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: We’ll continue conducting thorough assessments of Groups, Software, and Campaigns to up the framework realism quotient and provide clearer insights into adversary activities. We’re also teaming up with ATT&CK domain leads to expand coverage of cross-domain intrusions.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_33":{"__typename":"Paragraph","id":"5cc83dcfd95c_33","name":"4250","type":"H3","href":null,"layout":null,"metadata":null,"text":"Software Dev | TAXII 2.1, FTW","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":29,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_34":{"__typename":"Paragraph","id":"5cc83dcfd95c_34","name":"38aa","type":"P","href":null,"layout":null,"metadata":null,"text":"We’ve been working towards our goals of enhancing Navigator’s usability and streamlining processes for ATT&CK Workbench. Most importantly, we’re taking our TAXII server to new heights, and by December 18, we’ll be retiring the TAXII 2.0 server and transitioning to the upgraded TAXII 2.1 version. You can locate the documentation for the TAXII 2.1 server in our GitHub repository.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":362,"end":379,"href":"http:\u002F\u002Fgithub.com\u002Fmitre-attack\u002Fattack-workbench-taxii-server","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_35":{"__typename":"Paragraph","id":"5cc83dcfd95c_35","name":"e95c","type":"P","href":null,"layout":null,"metadata":null,"text":"What’s Next: We’ll be continuing to enhance usability on ATT&CK Workbench and Navigator, and building towards swifter Groups and Software releases. Mark your calendars to update the URLs for TAXII 2.1 clients to connect to https:\u002F\u002Fattack-taxii.mitre.org instead of https:\u002F\u002Fcti-taxii.mitre.org!","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":223,"end":253,"href":"https:\u002F\u002Fattack-taxii.mitre.org\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":265,"end":292,"href":"https:\u002F\u002Fcti-taxii.mitre.org\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":0,"end":13,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":35,"end":36,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_36":{"__typename":"Paragraph","id":"5cc83dcfd95c_36","name":"5955","type":"H3","href":null,"layout":null,"metadata":null,"text":"In Conclusion | Field Reports, Benefactors","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":0,"end":42,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_37":{"__typename":"Paragraph","id":"5cc83dcfd95c_37","name":"e46a","type":"P","href":null,"layout":null,"metadata":null,"text":"We’re always on the lookout for field reports and insights from those of you on the ground. Your observations play a crucial role in improving ATT&CK’s tactical utility — so remember, if you see something, contrib something. Curious about how a contribution becomes a technique? Check out our video that walks you through the process.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":206,"end":223,"href":"https:\u002F\u002Fattack.mitre.org\u002Fresources\u002Fengage-with-attack\u002Fcontribute\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"A","start":289,"end":298,"href":"https:\u002F\u002Fyoutu.be\u002Fv24a5IOwObc?si=C9CZzBThVfLS19zH","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","type":"EM","start":184,"end":223,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_38":{"__typename":"Paragraph","id":"5cc83dcfd95c_38","name":"6179","type":"P","href":null,"layout":null,"metadata":null,"text":"If you’re interested in contributing to ATT&CK’s overall autonomy, flexibility, and free services, you can find more details on our Benefactor page. We are deeply grateful to our initial cohort of benefactors, SOC Prime, Tidal Cyber, and Zimperium, for their generous support.","hasDropCap":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":132,"end":142,"href":"https:\u002F\u002Fattack.mitre.org\u002Fresources\u002Fengage-with-attack\u002Fbenefactors\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"Paragraph:5cc83dcfd95c_39":{"__typename":"Paragraph","id":"5cc83dcfd95c_39","name":"a3a5","type":"P","href":null,"layout":null,"metadata":null,"text":"©2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24–00779–3.","hasDropCap":null,"dropCapImage":null,"markups":[],"codeBlockMetadata":null,"iframe":null,"mixtapeMetadata":null},"CollectionViewerEdge:collectionId:6da19bd08fba-viewerId:lo_7cdcda5578c7":{"__typename":"CollectionViewerEdge","id":"collectionId:6da19bd08fba-viewerId:lo_7cdcda5578c7","isEditor":false,"isMuting":false},"UserViewerEdge:userId:13b16fa8065d-viewerId:lo_7cdcda5578c7":{"__typename":"UserViewerEdge","id":"userId:13b16fa8065d-viewerId:lo_7cdcda5578c7","isMuting":false},"ImageMetadata:1*8epIYX1PfgfnVfDYfZ5loQ.png":{"__typename":"ImageMetadata","id":"1*8epIYX1PfgfnVfDYfZ5loQ.png","originalWidth":796,"originalHeight":164},"PostViewerEdge:postId:26685f300acc-viewerId:lo_7cdcda5578c7":{"__typename":"PostViewerEdge","shouldIndexPostForExternalSearch":true,"id":"postId:26685f300acc-viewerId:lo_7cdcda5578c7"},"Tag:attck":{"__typename":"Tag","id":"attck","displayTitle":"Attck","normalizedTagSlug":"attck"},"Tag:mitre-attack":{"__typename":"Tag","id":"mitre-attack","displayTitle":"Mitre Attack","normalizedTagSlug":"mitre-attack"},"Tag:detection-engineering":{"__typename":"Tag","id":"detection-engineering","displayTitle":"Detection Engineering","normalizedTagSlug":"detection-engineering"},"Tag:cti":{"__typename":"Tag","id":"cti","displayTitle":"Cti","normalizedTagSlug":"cti"},"Tag:cloud":{"__typename":"Tag","id":"cloud","displayTitle":"Cloud","normalizedTagSlug":"cloud"},"Post:26685f300acc":{"__typename":"Post","id":"26685f300acc","collection":{"__ref":"Collection:6da19bd08fba"},"content({\"postMeteringOptions\":{\"referrer\":\"https:\u002F\u002Fmedium.com\u002Fmitre-attack\"}})":{"__typename":"PostContent","isLockedPreviewOnly":false,"bodyModel":{"__typename":"RichText","sections":[{"__typename":"Section","name":"3b68","startIndex":0,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null}],"paragraphs":[{"__ref":"Paragraph:5cc83dcfd95c_0"},{"__ref":"Paragraph:5cc83dcfd95c_1"},{"__ref":"Paragraph:5cc83dcfd95c_2"},{"__ref":"Paragraph:5cc83dcfd95c_3"},{"__ref":"Paragraph:5cc83dcfd95c_4"},{"__ref":"Paragraph:5cc83dcfd95c_5"},{"__ref":"Paragraph:5cc83dcfd95c_6"},{"__ref":"Paragraph:5cc83dcfd95c_7"},{"__ref":"Paragraph:5cc83dcfd95c_8"},{"__ref":"Paragraph:5cc83dcfd95c_9"},{"__ref":"Paragraph:5cc83dcfd95c_10"},{"__ref":"Paragraph:5cc83dcfd95c_11"},{"__ref":"Paragraph:5cc83dcfd95c_12"},{"__ref":"Paragraph:5cc83dcfd95c_13"},{"__ref":"Paragraph:5cc83dcfd95c_14"},{"__ref":"Paragraph:5cc83dcfd95c_15"},{"__ref":"Paragraph:5cc83dcfd95c_16"},{"__ref":"Paragraph:5cc83dcfd95c_17"},{"__ref":"Paragraph:5cc83dcfd95c_18"},{"__ref":"Paragraph:5cc83dcfd95c_19"},{"__ref":"Paragraph:5cc83dcfd95c_20"},{"__ref":"Paragraph:5cc83dcfd95c_21"},{"__ref":"Paragraph:5cc83dcfd95c_22"},{"__ref":"Paragraph:5cc83dcfd95c_23"},{"__ref":"Paragraph:5cc83dcfd95c_24"},{"__ref":"Paragraph:5cc83dcfd95c_25"},{"__ref":"Paragraph:5cc83dcfd95c_26"},{"__ref":"Paragraph:5cc83dcfd95c_27"},{"__ref":"Paragraph:5cc83dcfd95c_28"},{"__ref":"Paragraph:5cc83dcfd95c_29"},{"__ref":"Paragraph:5cc83dcfd95c_30"},{"__ref":"Paragraph:5cc83dcfd95c_31"},{"__ref":"Paragraph:5cc83dcfd95c_32"},{"__ref":"Paragraph:5cc83dcfd95c_33"},{"__ref":"Paragraph:5cc83dcfd95c_34"},{"__ref":"Paragraph:5cc83dcfd95c_35"},{"__ref":"Paragraph:5cc83dcfd95c_36"},{"__ref":"Paragraph:5cc83dcfd95c_37"},{"__ref":"Paragraph:5cc83dcfd95c_38"},{"__ref":"Paragraph:5cc83dcfd95c_39"}]},"validatedShareKey":"","shareKeyCreator":null},"creator":{"__ref":"User:13b16fa8065d"},"inResponseToEntityType":null,"isLocked":false,"isMarkedPaywallOnly":false,"lockedSource":"LOCKED_POST_SOURCE_NONE","mediumUrl":"https:\u002F\u002Fmedium.com\u002Fmitre-attack\u002Fattack-v15-26685f300acc","primaryTopic":null,"topics":[{"__typename":"Topic","slug":"cybersecurity"}],"isLimitedState":false,"isPublished":true,"allowResponses":true,"latestPublishedVersion":"5cc83dcfd95c","visibility":"PUBLIC","postResponses":{"__typename":"PostResponses","count":0},"responseDistribution":"NOT_DISTRIBUTED","clapCount":63,"title":"ATT&CK v15 Brings the Action","isSeries":false,"sequence":null,"uniqueSlug":"attack-v15-26685f300acc","socialTitle":"","socialDek":"","canonicalUrl":"","metaDescription":"","latestPublishedAt":1713889110137,"readingTime":6.085849056603774,"previewContent":{"__typename":"PreviewContent","subtitle":"Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights"},"previewImage":{"__ref":"ImageMetadata:1*9nefc6VVPUZWdnO9pxLoTA.png"},"isShortform":false,"seoTitle":"","firstPublishedAt":1713886540785,"updatedAt":1732776097928,"shortformType":"SHORTFORM_TYPE_LINK","seoDescription":"","viewerEdge":{"__ref":"PostViewerEdge:postId:26685f300acc-viewerId:lo_7cdcda5578c7"},"isSuspended":false,"license":"ALL_RIGHTS_RESERVED","tags":[{"__ref":"Tag:attck"},{"__ref":"Tag:mitre-attack"},{"__ref":"Tag:detection-engineering"},{"__ref":"Tag:cti"},{"__ref":"Tag:cloud"}],"isFeaturedInPublishedPublication":false,"isNewsletter":false,"statusForCollection":"APPROVED","pendingCollection":null,"detectedLanguage":"en","wordCount":1467,"layerCake":4,"responsesLocked":false}}</script><script>window.__MIDDLEWARE_STATE__={"session":{"xsrf":""},"cache":{"cacheStatus":"HIT"}}</script><script src="https://cdn-client.medium.com/lite/static/js/manifest.8b67b313.js"></script><script src="https://cdn-client.medium.com/lite/static/js/9865.1496d74a.js"></script><script src="https://cdn-client.medium.com/lite/static/js/main.94ea62ed.js"></script><script src="https://cdn-client.medium.com/lite/static/js/instrumentation.5bef8967.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/reporting.ff22a7a5.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/9120.5df29668.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/5049.d1ead72d.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/4505.6dfaf853.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6618.db187378.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/9380.fb176dee.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2707.dc8dbee4.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/9977.933c1c9a.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8599.68bc318b.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/3045.1cc3d8cb.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6349.3329b100.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2648.26563adf.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8393.a4ecfb83.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6428.36238b5a.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6199.6da73f3b.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/5642.7d9f7f3d.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6546.67eb283b.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6834.8aa8d357.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/4492.0c3e1a1d.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2571.6814b962.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/839.1c286b32.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/6128.f8800a13.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2135.2e8dc177.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/7975.60bcefe8.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/144.86429b48.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/5240.6281357f.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8819.c627c2bf.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8204.d0637ed0.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.c3ee9367.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/8414.0d800846.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/3974.8d3e0217.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/2527.18a8996d.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/PostResponsesContent.e1e580cb.chunk.js"></script> <script src="https://cdn-client.medium.com/lite/static/js/responses.editor.e89462cb.chunk.js"></script><script>window.main();</script><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'913870551ae4ce35',t:'MTczOTgyMzIxNS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body></html>