Updates - Updates - July 2019

<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1,shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href='/theme/favicon.ico' type='image/x-icon'> <title>Updates - Updates - July 2019 | MITRE ATT&CK®</title>   <link rel='stylesheet' href='/theme/style/bootstrap.min.css' /> <link rel='stylesheet' href='/theme/style/bootstrap-tourist.css' /> <link rel='stylesheet' href='/theme/style/bootstrap-select.min.css' />  <link rel="stylesheet" href="/theme/style/fontawesome-6.5.1/css/fontawesome.min.css"/> <link rel="stylesheet" href="/theme/style/fontawesome-6.5.1/css/brands.min.css"/> <link rel="stylesheet" href="/theme/style/fontawesome-6.5.1/css/solid.min.css"/> <link rel="stylesheet" type="text/css" href="/theme/style.min.css?6689c2db"> </head> <body> <div class="container-fluid attack-website-wrapper d-flex flex-column h-100"> <div class="row sticky-top flex-grow-0 flex-shrink-1">  <header class="col px-0"> <nav class='navbar navbar-expand-lg navbar-dark position-static'> <a class='navbar-brand' href='/'><img src="/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/matrices/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Matrices</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/matrices/enterprise/">Enterprise</a> <a class="dropdown-item" href="/matrices/mobile/">Mobile</a> <a class="dropdown-item" href="/matrices/ics/">ICS</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/tactics/mobile/">Mobile</a> <a class="dropdown-item" href="/tactics/ics/">ICS</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/techniques/mobile/">Mobile</a> <a class="dropdown-item" href="/techniques/ics/">ICS</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/datasources" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Defenses</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/datasources">Data Sources</a> <div class="dropright dropdown"> <a class="dropdown-item dropdown-toggle" href="/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/mitigations/mobile/">Mobile</a> <a class="dropdown-item" href="/mitigations/ics/">ICS</a> </div> </div> <a class="dropdown-item" href="/assets">Assets</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/groups" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>CTI</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/groups">Groups</a> <a class="dropdown-item" href="/software">Software</a> <a class="dropdown-item" href="/campaigns">Campaigns</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/resources/">Get Started</a> <a class="dropdown-item" href="/resources/learn-more-about-attack/">Learn More about ATT&CK</a> <a class="dropdown-item" href="/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/resources/attack-data-and-tools/">ATT&CK Data & Tools</a> <a class="dropdown-item" href="/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/engage-with-attack/contact/">Engage with ATT&CK</a> <a class="dropdown-item" href="/resources/versions/">Version History</a> <a class="dropdown-item" href="/resources/legal-and-branding/">Legal & Branding</a> </div> </li> <li class="nav-item"> <a href="/resources/engage-with-attack/benefactors/" class="nav-link" ><b>Benefactors</b></a> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>  <img src="/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div id="search-icon" class="icon-button search-icon"></div></button> </li> </ul> </div> </nav> </header> </div> <div class="row flex-grow-0 flex-shrink-1">  <div class="col px-0">   <div class="container-fluid banner-message"> ATT&CK v16 has been released! Check out the <a href='https://medium.com/mitre-attack/attack-v16-561c76af94cf'>blog post</a> for more information. </div> </div> </div> <div class="row flex-grow-1 flex-shrink-0">   <div class="sidebar nav sticky-top flex-column pr-0 pt-4 pb-3 pl-3" id="v-tab" role="tablist" aria-orientation="vertical"> <div class="resizer" id="resizer"></div> <div id="sidebars"></div> </div> <div class="tab-content col-xl-9 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/">Home</a></li> <li class="breadcrumb-item"><a href="/resources/">Resources</a></li> <li class="breadcrumb-item"><a href="/resources/versions/">Version History</a></li> <li class="breadcrumb-item">July 2019 Release Notes</a></li> </ol> <div class="container-fluid blog-post pb-3"> <h1 class="blog-post-title mb-4">Updates - July 2019</h1> <table> <thead> <tr> <th style="text-align: left;">Version</th> <th style="text-align: left;">Start Date</th> <th style="text-align: left;">End Date</th> <th style="text-align: left;">Data</th> </tr> </thead> <tbody> <tr> <td style="text-align: left;"><a href="/versions/v5">ATT&CK v5</a></td> <td style="text-align: left;">July 31, 2019</td> <td style="text-align: left;">October 23, 2019</td> <td style="text-align: left;"><a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v5.2">v5.2 on MITRE/CTI</a></td> </tr> </tbody> </table> <p>The July 2019 release focuses on changes to how Mitigations in ATT&CK for Enterprise are represented and updates the Groups and Software entries. It does not contain updates to techniques- a larger technique update is planned for later this year. We're happy to check off another box on our <a href="https://medium.com/mitre-attack/attacking-2019-c05bccefed2d">planned changes this year</a>, which was to modify how we represent mitigations in Enterprise so that the information is organized similar to how mitigations are handled in ATT&CK for Mobile.</p> <p>Mitigations in Enterprise are now treated like categories and are represented by objects similar to Groups and Software- one example being "<a href="/mitigations/M1032/">Multi-factor Authentication</a>". In the previous free-text mitigation fields, several techniques may reference multi-factor authentication as a potential way to mitigate a technique, but it was difficult to see which techniques a particular mitigation applies to without scouring the text fields across the techniques. Now each technique that a mitigation applies to will be associated to that mitigation category and the details of how each mitigation applies to a technique will appear in a table under the mitigations section. Each mitigation category has a page that lists all the techniques associated with it to give an at-a-glance view of coverage. In all, <a href="/mitigations/enterprise/">40 new mitigation categories</a> were created based on a text analysis of each technique where we pulled apart the definitions and binned them into like categories to consolidate the mitigation information in Enterprise.</p> <p>During the process of applying the new mitigation categories, we also did a bit of house cleaning on what mitigations are appropriate for certain techniques. We generally took the stance that if a mitigation does not directly apply to that specific behavior, then we removed it. For example, there were quite a few techniques that we removed application whitelisting (Execution Prevention) from because it was previously treated as a mitigation of last resort.</p> <p>Mitigations are represented as courses of action in STIX and will have the same ID numbering as Mobile mitigations (M####). The old mitigation text for techniques were placed into temporary mitigations objects with the full text field and will be included as deprecated mitigation objects. They are listed in STIX objects for historical purposes, but will not be present in the website. Those mitigation objects are labeled with the same technique ID (T####) as the technique they were associated to.</p> <p>The Effects tactic in ATT&CK for Mobile was renamed to Impact for consistency with the Enterprise Impact tactic.</p> <p>We've also updated the <a href="/tactics/enterprise/">Enterprise tactic descriptions</a> based on a contribution from Elly Searle at CrowdStrike to make them more straightforward, uniform, and easier to understand.</p> <h3>Techniques</h3> <p><strong>Enterprise</strong></p> <p>New Techniques: No changes</p> <p>Technique changes: No changes</p> <p>Technique revocations: No changes</p> <p>Technique deprecations: No changes</p> <p>Minor Technique changes: No changes</p> <p><strong>PRE-ATT&CK</strong></p> <p>New Techniques: No changes</p> <p>Technique changes: No changes</p> <p>Technique revocations: No changes</p> <p>Technique deprecations: No changes</p> <p>Minor Technique changes: No changes</p> <p><strong>Mobile</strong></p> <p>New Techniques: No changes</p> <p>Technique changes: No changes</p> <p>Technique revocations: No changes</p> <p>Technique deprecations: No changes</p> <p>Minor Technique changes: No changes</p> <h3>Software</h3> <p><strong>Enterprise</strong></p> <p>New Software:</p> <ul> <li><a href="/software/S0384">Dridex</a></li> <li><a href="/software/S0396">EvilBunny</a></li> <li><a href="/software/S0381">FlawedAmmyy</a></li> <li><a href="/software/S0383">FlawedGrace</a></li> <li><a href="/software/S0391">HAWKBALL</a></li> <li><a href="/software/S0394">HiddenWasp</a></li> <li><a href="/software/S0398">HyperBro </a></li> <li><a href="/software/S0389">JCry</a></li> <li><a href="/software/S0387">KeyBoy</a></li> <li><a href="/software/S0395">LightNeuron</a></li> <li><a href="/software/S0397">LoJax</a></li> <li><a href="/software/S0393">PowerStallion</a></li> <li><a href="/software/S0379">Revenge RAT</a></li> <li><a href="/software/S0390">SQLRat</a></li> <li><a href="/software/S0382">ServHelper</a></li> <li><a href="/software/S0380">StoneDrill</a></li> <li><a href="/software/S0386">Ursnif </a></li> <li><a href="/software/S0388">Yahoyah</a></li> <li><a href="/software/S0385">njRAT</a></li> </ul> <p>Software changes:</p> <ul> <li><a href="/software/S0344">Azorult</a></li> <li><a href="/software/S0154">Cobalt Strike</a></li> <li><a href="/software/S0367">Emotet</a></li> <li><a href="/software/S0091">Epic</a></li> <li><a href="/software/S0182">FinFisher</a></li> <li><a href="/software/S0015">Ixeshe</a></li> <li><a href="/software/S0356">KONNI</a></li> <li><a href="/software/S0362">Linux Rabbit</a></li> <li><a href="/software/S0372">LockerGoga </a></li> <li><a href="/software/S0196">PUNCHBUGGY</a></li> <li><a href="/software/S0113">Prikormka</a></li> <li><a href="/software/S0240">ROKRAT</a></li> <li><a href="/software/S0242">SynAck</a></li> <li><a href="/software/S0161">XAgentOSX</a></li> <li><a href="/software/S0341">Xbash</a></li> <li><a href="/software/S0251">Zebrocy</a></li> </ul> <p>Software revocations: No changes</p> <p>Software deprecations: No changes</p> <p>Minor Software changes:</p> <ul> <li><a href="/software/S0089">BlackEnergy</a></li> <li><a href="/software/S0023">CHOPSTICK</a></li> <li><a href="/software/S0348">Cardinal RAT</a></li> <li><a href="/software/S0220">Chaos</a></li> <li><a href="/software/S0334">DarkComet</a></li> <li><a href="/software/S0363">Empire</a></li> <li><a href="/software/S0143">Flame</a></li> <li><a href="/software/S0232">HOMEFRY</a></li> <li><a href="/software/S0349">LaZagne</a></li> <li><a href="/software/S0365">Olympic Destroyer</a></li> <li><a href="/software/S0279">Proton</a></li> <li><a href="/software/S0262">QuasarRAT</a></li> <li><a href="/software/S0226">Smoke Loader</a></li> <li><a href="/software/S0199">TURNEDUP</a></li> <li><a href="/software/S0266">TrickBot</a></li> <li><a href="/software/S0283">jRAT</a></li> </ul> <p><strong>PRE-ATT&CK</strong></p> <p>New Software: No changes</p> <p>Software changes: No changes</p> <p>Software revocations: No changes</p> <p>Software deprecations: No changes</p> <p>Minor Software changes: No changes</p> <p><strong>Mobile</strong></p> <p>New Software:</p> <ul> <li><a href="/software/S0182">FinFisher</a></li> <li><a href="/software/S0399">Pallas</a></li> </ul> <p>Software changes: No changes</p> <p>Software revocations: No changes</p> <p>Software deprecations: No changes</p> <p>Minor Software changes: No changes</p> <h3>Groups</h3> <p><strong>Enterprise</strong></p> <p>New Groups:</p> <ul> <li><a href="/groups/G0091">Silence</a></li> <li><a href="/groups/G0093">Soft Cell</a></li> <li><a href="/groups/G0092">TA505</a></li> <li><a href="/groups/G0089">The White Company</a></li> <li><a href="/groups/G0090">WIRTE</a></li> </ul> <p>Group changes:</p> <ul> <li><a href="/groups/G0005">APT12</a></li> <li><a href="/groups/G0007">APT28</a></li> <li><a href="/groups/G0016">APT29</a></li> <li><a href="/groups/G0064">APT33</a></li> <li><a href="/groups/G0067">APT37</a></li> <li><a href="/groups/G0070">Dark Caracal</a></li> <li><a href="/groups/G0046">FIN7</a></li> <li><a href="/groups/G0078">Gorgon Group</a></li> <li><a href="/groups/G0043">Group5</a></li> <li><a href="/groups/G0069">MuddyWater</a></li> <li><a href="/groups/G0040">Patchwork</a></li> <li><a href="/groups/G0027">Threat Group-3390</a></li> <li><a href="/groups/G0081">Tropic Trooper</a></li> <li><a href="/groups/G0010">Turla</a></li> <li><a href="/groups/G0045">menuPass</a></li> </ul> <p>Group revocations: No changes</p> <p>Group deprecations: No changes</p> <p>Minor Group changes:</p> <ul> <li><a href="/groups/G0026">APT18</a></li> <li><a href="/groups/G0050">APT32</a></li> <li><a href="/groups/G0080">Cobalt Group</a></li> <li><a href="/groups/G0037">FIN6</a></li> <li><a href="/groups/G0049">OilRig</a></li> <li><a href="/groups/G0068">PLATINUM</a></li> <li><a href="/groups/G0086">Stolen Pencil</a></li> </ul> <p><strong>PRE-ATT&CK</strong></p> <p>New Groups: No changes</p> <p>Group changes:</p> <ul> <li><a href="/groups/G0007">APT28</a></li> </ul> <p>Group revocations: No changes</p> <p>Group deprecations: No changes</p> <p>Minor Group changes: No changes</p> <p><strong>Mobile</strong></p> <p>New Groups:</p> <ul> <li><a href="/groups/G0070">Dark Caracal</a></li> </ul> <p>Group changes:</p> <ul> <li><a href="/groups/G0007">APT28</a></li> </ul> <p>Group revocations: No changes</p> <p>Group deprecations: No changes</p> <p>Minor Group changes: No changes</p> <h3>Mitigations</h3> <p><strong>Enterprise</strong></p> <p>New Mitigations:</p> <ul> <li><a href="/mitigations/M1036">Account Use Policies</a></li> <li><a href="/mitigations/M1015">Active Directory Configuration</a></li> <li><a href="/mitigations/M1049">Antivirus/Antimalware</a></li> <li><a href="/mitigations/M1048">Application Isolation and Sandboxing</a></li> <li><a href="/mitigations/M1047">Audit</a></li> <li><a href="/mitigations/M1040">Behavior Prevention on Endpoint</a></li> <li><a href="/mitigations/M1046">Boot Integrity</a></li> <li><a href="/mitigations/M1045">Code Signing</a></li> <li><a href="/mitigations/M1043">Credential Access Protection</a></li> <li><a href="/mitigations/M1053">Data Backup</a></li> <li><a href="/mitigations/M1042">Disable or Remove Feature or Program</a></li> <li><a href="/mitigations/M1055">Do Not Mitigate</a></li> <li><a href="/mitigations/M1041">Encrypt Sensitive Information</a></li> <li><a href="/mitigations/M1039">Environment Variable Permissions</a></li> <li><a href="/mitigations/M1038">Execution Prevention</a></li> <li><a href="/mitigations/M1050">Exploit Protection</a></li> <li><a href="/mitigations/M1037">Filter Network Traffic</a></li> <li><a href="/mitigations/M1035">Limit Access to Resource Over Network</a></li> <li><a href="/mitigations/M1034">Limit Hardware Installation</a></li> <li><a href="/mitigations/M1033">Limit Software Installation</a></li> <li><a href="/mitigations/M1032">Multi-factor Authentication</a></li> <li><a href="/mitigations/M1031">Network Intrusion Prevention</a></li> <li><a href="/mitigations/M1030">Network Segmentation</a></li> <li><a href="/mitigations/M1028">Operating System Configuration</a></li> <li><a href="/mitigations/M1027">Password Policies</a></li> <li><a href="/mitigations/M1026">Privileged Account Management</a></li> <li><a href="/mitigations/M1025">Privileged Process Integrity</a></li> <li><a href="/mitigations/M1029">Remote Data Storage</a></li> <li><a href="/mitigations/M1022">Restrict File and Directory Permissions</a></li> <li><a href="/mitigations/M1044">Restrict Library Loading</a></li> <li><a href="/mitigations/M1024">Restrict Registry Permissions</a></li> <li><a href="/mitigations/M1021">Restrict Web-Based Content</a></li> <li><a href="/mitigations/M1020">SSL/TLS Inspection</a></li> <li><a href="/mitigations/M1054">Software Configuration</a></li> <li><a href="/mitigations/M1019">Threat Intelligence Program</a></li> <li><a href="/mitigations/M1051">Update Software</a></li> <li><a href="/mitigations/M1052">User Account Control</a></li> <li><a href="/mitigations/M1018">User Account Management</a></li> <li><a href="/mitigations/M1017">User Training</a></li> <li><a href="/mitigations/M1016">Vulnerability Scanning</a></li> </ul> <p>Mitigation changes: No changes</p> <p>Mitigation revocations: No changes</p> <p>Mitigation deprecations:</p> <ul> <li>.bash_profile and .bashrc Mitigation</li> <li>Access Token Manipulation Mitigation</li> <li>Accessibility Features Mitigation</li> <li>Account Discovery Mitigation</li> <li>Account Manipulation Mitigation</li> <li>AppCert DLLs Mitigation</li> <li>AppInit DLLs Mitigation</li> <li>AppleScript Mitigation</li> <li>Application Deployment Software Mitigation</li> <li>Application Shimming Mitigation</li> <li>Application Window Discovery Mitigation</li> <li>Audio Capture Mitigation</li> <li>Authentication Package Mitigation</li> <li>Automated Collection Mitigation</li> <li>Automated Exfiltration Mitigation</li> <li>BITS Jobs Mitigation</li> <li>Bash History Mitigation</li> <li>Binary Padding Mitigation</li> <li>Bootkit Mitigation</li> <li>Browser Bookmark Discovery Mitigation</li> <li>Browser Extensions Mitigation</li> <li>Brute Force Mitigation</li> <li>Bypass User Account Control Mitigation</li> <li>CMSTP Mitigation</li> <li>Change Default File Association Mitigation</li> <li>Clear Command History Mitigation</li> <li>Clipboard Data Mitigation</li> <li>Code Signing Mitigation</li> <li>Command-Line Interface Mitigation</li> <li>Commonly Used Port Mitigation</li> <li>Communication Through Removable Media Mitigation</li> <li>Compile After Delivery Mitigation</li> <li>Compiled HTML File Mitigation</li> <li>Component Firmware Mitigation</li> <li>Component Object Model Hijacking Mitigation</li> <li>Connection Proxy Mitigation</li> <li>Control Panel Items Mitigation</li> <li>Create Account Mitigation</li> <li>Credential Dumping Mitigation</li> <li>Credentials in Files Mitigation</li> <li>Credentials in Registry Mitigation</li> <li>Custom Command and Control Protocol Mitigation</li> <li>Custom Cryptographic Protocol Mitigation</li> <li>DCShadow Mitigation</li> <li>DLL Search Order Hijacking Mitigation</li> <li>DLL Side-Loading Mitigation</li> <li>Data Compressed Mitigation</li> <li>Data Destruction Mitigation</li> <li>Data Encoding Mitigation</li> <li>Data Encrypted Mitigation</li> <li>Data Encrypted for Impact Mitigation</li> <li>Data Obfuscation Mitigation</li> <li>Data Staged Mitigation</li> <li>Data Transfer Size Limits Mitigation</li> <li>Data from Information Repositories Mitigation</li> <li>Data from Local System Mitigation</li> <li>Data from Network Shared Drive Mitigation</li> <li>Data from Removable Media Mitigation</li> <li>Defacement Mitigation </li> <li>Deobfuscate/Decode Files or Information Mitigation</li> <li>Disabling Security Tools Mitigation</li> <li>Distributed Component Object Model Mitigation</li> <li>Domain Fronting Mitigation</li> <li>Domain Generation Algorithms Mitigation</li> <li>Domain Trust Discovery Mitigation</li> <li>Drive-by Compromise Mitigation</li> <li>Dylib Hijacking Mitigation</li> <li>Dynamic Data Exchange Mitigation</li> <li>Email Collection Mitigation</li> <li>Endpoint Denial of Service Mitigation</li> <li>Environmental Keying Mitigation</li> <li>Execution through API Mitigation</li> <li>Execution through Module Load Mitigation</li> <li>Exfiltration Over Alternative Protocol Mitigation</li> <li>Exfiltration Over Command and Control Channel Mitigation</li> <li>Exfiltration Over Other Network Medium Mitigation</li> <li>Exfiltration Over Physical Medium Mitigation</li> <li>Exploit Public-Facing Application Mitigation</li> <li>Exploitation for Client Execution Mitigation</li> <li>Exploitation for Credential Access Mitigation</li> <li>Exploitation for Defense Evasion Mitigation</li> <li>Exploitation for Privilege Escalation Mitigation</li> <li>Exploitation of Remote Services Mitigation</li> <li>External Remote Services Mitigation</li> <li>Extra Window Memory Injection Mitigation</li> <li>Fallback Channels Mitigation</li> <li>File Deletion Mitigation</li> <li>File Permissions Modification Mitigation</li> <li>File System Logical Offsets Mitigation</li> <li>File System Permissions Weakness Mitigation</li> <li>File and Directory Discovery Mitigation</li> <li>Firmware Corruption Mitigation</li> <li>Forced Authentication Mitigation</li> <li>Gatekeeper Bypass Mitigation</li> <li>Graphical User Interface Mitigation</li> <li>Group Policy Modification Mitigation</li> <li>HISTCONTROL Mitigation</li> <li>Hardware Additions Mitigation</li> <li>Hidden Files and Directories Mitigation</li> <li>Hidden Users Mitigation</li> <li>Hidden Window Mitigation</li> <li>Hooking Mitigation</li> <li>Hypervisor Mitigation</li> <li>Image File Execution Options Injection Mitigation</li> <li>Indicator Blocking Mitigation</li> <li>Indicator Removal from Tools Mitigation</li> <li>Indicator Removal on Host Mitigation</li> <li>Indirect Command Execution Mitigation</li> <li>Inhibit System Recovery Mitigation</li> <li>Input Capture Mitigation</li> <li>Input Prompt Mitigation</li> <li>Install Root Certificate Mitigation</li> <li>InstallUtil Mitigation</li> <li>Kerberoasting Mitigation</li> <li>Kernel Modules and Extensions Mitigation</li> <li>Keychain Mitigation</li> <li>LC_LOAD_DYLIB Addition Mitigation</li> <li>LC_MAIN Hijacking Mitigation</li> <li>LLMNR/NBT-NS Poisoning Mitigation</li> <li>LSASS Driver Mitigation</li> <li>Launch Agent Mitigation</li> <li>Launch Daemon Mitigation</li> <li>Launchctl Mitigation</li> <li>Login Item Mitigation</li> <li>Logon Scripts Mitigation</li> <li>Man in the Browser Mitigation</li> <li>Masquerading Mitigation</li> <li>Modify Existing Service Mitigation</li> <li>Modify Registry Mitigation</li> <li>Mshta Mitigation</li> <li>Multi-Stage Channels Mitigation</li> <li>Multi-hop Proxy Mitigation</li> <li>Multiband Communication Mitigation</li> <li>Multilayer Encryption Mitigation</li> <li>NTFS File Attributes Mitigation</li> <li>Netsh Helper DLL Mitigation</li> <li>Network Denial of Service Mitigation</li> <li>Network Service Scanning Mitigation</li> <li>Network Share Connection Removal Mitigation</li> <li>Network Share Discovery Mitigation</li> <li>Network Sniffing Mitigation</li> <li>New Service Mitigation</li> <li>Obfuscated Files or Information Mitigation</li> <li>Office Application Startup Mitigation</li> <li>Pass the Hash Mitigation</li> <li>Pass the Ticket Mitigation</li> <li>Password Filter DLL Mitigation</li> <li>Password Policy Discovery Mitigation</li> <li>Path Interception Mitigation</li> <li>Peripheral Device Discovery Mitigation</li> <li>Permission Groups Discovery Mitigation</li> <li>Plist Modification Mitigation</li> <li>Port Knocking Mitigation</li> <li>Port Monitors Mitigation</li> <li>PowerShell Mitigation</li> <li>Private Keys Mitigation</li> <li>Process Discovery Mitigation</li> <li>Process Doppelg盲nging Mitigation</li> <li>Process Hollowing Mitigation</li> <li>Process Injection Mitigation</li> <li>Query Registry Mitigation</li> <li>Rc.common Mitigation</li> <li>Re-opened Applications Mitigation</li> <li>Redundant Access Mitigation</li> <li>Registry Run Keys / Startup Folder Mitigation</li> <li>Regsvcs/Regasm Mitigation</li> <li>Regsvr32 Mitigation</li> <li>Remote Access Tools Mitigation</li> <li>Remote Desktop Protocol Mitigation</li> <li>Remote File Copy Mitigation</li> <li>Remote Services Mitigation</li> <li>Remote System Discovery Mitigation</li> <li>Replication Through Removable Media Mitigation</li> <li>Resource Hijacking Mitigation</li> <li>Rootkit Mitigation</li> <li>Rundll32 Mitigation</li> <li>Runtime Data Manipulation Mitigation</li> <li>SID-History Injection Mitigation</li> <li>SIP and Trust Provider Hijacking Mitigation</li> <li>SSH Hijacking Mitigation</li> <li>Scheduled Task Mitigation</li> <li>Scheduled Transfer Mitigation</li> <li>Screen Capture Mitigation</li> <li>Screensaver Mitigation</li> <li>Scripting Mitigation</li> <li>Security Software Discovery Mitigation</li> <li>Security Support Provider Mitigation</li> <li>Service Execution Mitigation</li> <li>Service Registry Permissions Weakness Mitigation</li> <li>Service Stop Mitigation</li> <li>Setuid and Setgid Mitigation</li> <li>Shared Webroot Mitigation</li> <li>Shortcut Modification Mitigation</li> <li>Signed Binary Proxy Execution Mitigation</li> <li>Signed Script Proxy Execution Mitigation</li> <li>Software Packing Mitigation</li> <li>Source Mitigation</li> <li>Space after Filename Mitigation</li> <li>Spearphishing Attachment Mitigation</li> <li>Spearphishing Link Mitigation</li> <li>Spearphishing via Service Mitigation</li> <li>Standard Application Layer Protocol Mitigation</li> <li>Standard Cryptographic Protocol Mitigation</li> <li>Standard Non-Application Layer Protocol Mitigation</li> <li>Startup Items Mitigation</li> <li>Stored Data Manipulation Mitigation</li> <li>Sudo Caching Mitigation</li> <li>Sudo Mitigation</li> <li>Supply Chain Compromise Mitigation</li> <li>System Firmware Mitigation</li> <li>System Information Discovery Mitigation</li> <li>System Network Configuration Discovery Mitigation</li> <li>System Network Connections Discovery Mitigation</li> <li>System Owner/User Discovery Mitigation</li> <li>System Service Discovery Mitigation</li> <li>System Time Discovery Mitigation</li> <li>Systemd Service Mitigation</li> <li>Taint Shared Content Mitigation</li> <li>Template Injection Mitigation</li> <li>Third-party Software Mitigation</li> <li>Time Providers Mitigation</li> <li>Timestomp Mitigation</li> <li>Transmitted Data Manipulation Mitigation</li> <li>Trap Mitigation</li> <li>Trusted Developer Utilities Mitigation</li> <li>Trusted Relationship Mitigation</li> <li>Two-Factor Authentication Interception Mitigation</li> <li>Uncommonly Used Port Mitigation</li> <li>User Execution Mitigation</li> <li>Valid Accounts Mitigation</li> <li>Video Capture Mitigation</li> <li>Virtualization/Sandbox Evasion Mitigation</li> <li>Web Service Mitigation</li> <li>Web Shell Mitigation</li> <li>Windows Admin Shares Mitigation</li> <li>Windows Management Instrumentation Event Subscription Mitigation</li> <li>Windows Management Instrumentation Mitigation</li> <li>Windows Remote Management Mitigation</li> <li>Winlogon Helper DLL Mitigation</li> <li>XSL Script Processing Mitigation</li> </ul> <p>Minor Mitigation changes: No changes</p> <p><strong>PRE-ATT&CK</strong></p> <p>New Mitigations: No changes</p> <p>Mitigation changes: No changes</p> <p>Mitigation revocations: No changes</p> <p>Mitigation deprecations: No changes</p> <p>Minor Mitigation changes: No changes</p> <p><strong>Mobile</strong></p> <p>New Mitigations: No changes</p> <p>Mitigation changes: No changes</p> <p>Mitigation revocations: No changes</p> <p>Mitigation deprecations: No changes</p> <p>Minor Mitigation changes: No changes</p> </div> </div> </div>   <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner">  <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">×</div> </div> </div>  <div id="search-body" class="search-body"> <div class="results" id="search-results">  </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <div class="row flex-grow-0 flex-shrink-1">  <footer class="col footer"> <div class="container-fluid"> <div class="row row-footer"> <div class="col-2 col-sm-2 col-md-2"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="footer-link-group"> <div class="row row-footer"> <div class="px-3 col-footer"> <u class="footer-link"><a href="/resources/engage-with-attack/contact" class="footer-link">Contact Us</a></u> </div> <div class="px-3 col-footer"> <u class="footer-link"><a href="/resources/legal-and-branding/terms-of-use" class="footer-link">Terms of Use</a></u> </div> <div class="px-3 col-footer"> <u class="footer-link"><a href="/resources/legal-and-branding/privacy" class="footer-link">Privacy Policy</a></u> </div> <div class="px-3"> <u class="footer-link"><a href="/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" data-html="true" title="ATT&CK content v16.1Website v4.2.1">Website Changelog</a></u> </div> </div> <div class="row"> <small class="px-3"> © 2015 - 2024, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </small> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col pr-4"> <div class="footer-float-right-responsive-brand"> <div class="row row-footer row-footer-icon"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-footer"> <i class="fa-brands fa-x-twitter fa-lg"></i> </a> <a href="https://github.com/mitre-attack" class="btn btn-footer"> <i class="fa-brands fa-github fa-lg"></i> </a> </div> </div> </div> </div> </div> </div> </div> </footer> </div> </div>  </div>  <script src="/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/theme/scripts/popper.min.js"></script> <script src="/theme/scripts/bootstrap-select.min.js"></script> <script src="/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/theme/scripts/site.js"></script> <script src="/theme/scripts/settings.js"></script> <script src="/theme/scripts/search_bundle.js"></script>  <script src="/theme/scripts/resizer.js"></script> <script src="/theme/scripts/sidebar-load-all.js"></script> </body> </html>

CINXE.COM

Updates - Updates - July 2019 | MITRE ATT&CK®