├── .DS_Store
├── Categorized_Adversary_TTPs.csv
├── Categorized_Adversary_TTPs.json
├── LICENSE
├── README.md
├── docs
├── .DS_Store
├── csv_for_pivot_tables
│ └── Categorized_Adversary_TTPs_Industries.csv
├── diamond_models
│ ├── .DS_Store
│ ├── APT-C-36.svg
│ ├── APT1.svg
│ ├── APT12.svg
│ ├── APT16.svg
│ ├── APT17.svg
│ ├── APT18.svg
│ ├── APT19.svg
│ ├── APT28.svg
│ ├── APT29.svg
│ ├── APT3.svg
│ ├── APT30.svg
│ ├── APT32.svg
│ ├── APT33.svg
│ ├── APT37.svg
│ ├── APT38.svg
│ ├── APT39.svg
│ ├── APT41.svg
│ ├── Ajax Security Team.svg
│ ├── Andariel.svg
│ ├── Aquatic Panda.svg
│ ├── Axiom.svg
│ ├── BRONZE BUTLER.svg
│ ├── BackdoorDiplomacy.svg
│ ├── BlackOasis.svg
│ ├── BlackTech.svg
│ ├── Carbanak.svg
│ ├── Chimera.svg
│ ├── Cleaver.svg
│ ├── Cobalt Group.svg
│ ├── CopyKittens.svg
│ ├── CostaRicto.svg
│ ├── Dark Caracal.svg
│ ├── DarkHydrus.svg
│ ├── Darkhotel.svg
│ ├── Deep Panda.svg
│ ├── Dragonfly.svg
│ ├── Dust Storm.svg
│ ├── Elderwood.svg
│ ├── Evilnum.svg
│ ├── FIN10.svg
│ ├── FIN4.svg
│ ├── FIN5.svg
│ ├── FIN6.svg
│ ├── FIN7.svg
│ ├── FIN8.svg
│ ├── Ferocious Kitten.svg
│ ├── Fox Kitten.svg
│ ├── GALLIUM.svg
│ ├── GCMAN.svg
│ ├── GOLD SOUTHFIELD.svg
│ ├── Gallmaker.svg
│ ├── Gamaredon Group.svg
│ ├── Gorgon Group.svg
│ ├── Group5.svg
│ ├── HAFNIUM.svg
│ ├── Higaisa.svg
│ ├── Honeybee.svg
│ ├── Inception.svg
│ ├── IndigoZebra.svg
│ ├── Indrik Spider.svg
│ ├── Ke3chang.svg
│ ├── Kimsuky.svg
│ ├── Lazarus Group.svg
│ ├── LazyScripter.svg
│ ├── Leafminer.svg
│ ├── Leviathan.svg
│ ├── Machete.svg
│ ├── Magic Hound.svg
│ ├── Moafee.svg
│ ├── Mofang.svg
│ ├── Molerats.svg
│ ├── MuddyWater.svg
│ ├── Mustang Panda.svg
│ ├── Naikon.svg
│ ├── Night Dragon.svg
│ ├── Nomadic Octopus.svg
│ ├── OilRig.svg
│ ├── Orangeworm.svg
│ ├── PLATINUM.svg
│ ├── PROMETHIUM.svg
│ ├── Patchwork.svg
│ ├── PittyTiger.svg
│ ├── Poseidon Group.svg
│ ├── Putter Panda.svg
│ ├── RTM.svg
│ ├── Rancor.svg
│ ├── Rocke.svg
│ ├── Sandworm Team.svg
│ ├── Scarlet Mimic.svg
│ ├── Sidewinder.svg
│ ├── Silence.svg
│ ├── Silent Librarian.svg
│ ├── Sowbug.svg
│ ├── Stealth Falcon.svg
│ ├── Strider.svg
│ ├── Suckfly.svg
│ ├── TA459.svg
│ ├── TA505.svg
│ ├── TA551.svg
│ ├── TEMP.Veles.svg
│ ├── Taidoor.svg
│ ├── The White Company.svg
│ ├── Threat Group-3390.svg
│ ├── Thrip.svg
│ ├── Tonto Team.svg
│ ├── Transparent Tribe.svg
│ ├── Tropic Trooper.svg
│ ├── Turla.svg
│ ├── UNC2452.svg
│ ├── Volatile Cedar.svg
│ ├── Whitefly.svg
│ ├── Windshift.svg
│ ├── Winnti Group.svg
│ ├── Wizard Spider.svg
│ ├── ZIRCONIUM.svg
│ ├── admin@338.svg
│ └── menuPass.svg
├── heatmaps
│ ├── .DS_Store
│ ├── README.md
│ ├── all_adversaries
│ │ ├── .DS_Store
│ │ ├── APT-C-36.json
│ │ ├── APT1.json
│ │ ├── APT12.json
│ │ ├── APT16.json
│ │ ├── APT17.json
│ │ ├── APT18.json
│ │ ├── APT19.json
│ │ ├── APT28.json
│ │ ├── APT29.json
│ │ ├── APT3.json
│ │ ├── APT30.json
│ │ ├── APT32.json
│ │ ├── APT33.json
│ │ ├── APT37.json
│ │ ├── APT38.json
│ │ ├── APT39.json
│ │ ├── APT41.json
│ │ ├── Ajax Security Team.json
│ │ ├── Andariel.json
│ │ ├── Aquatic Panda.json
│ │ ├── Axiom.json
│ │ ├── BRONZE BUTLER.json
│ │ ├── BackdoorDiplomacy.json
│ │ ├── BlackOasis.json
│ │ ├── BlackTech.json
│ │ ├── Carbanak.json
│ │ ├── Categorized_Adversary_TTPs_CVC.json
│ │ ├── Chimera.json
│ │ ├── Cleaver.json
│ │ ├── Cobalt Group.json
│ │ ├── CopyKittens.json
│ │ ├── CostaRicto.json
│ │ ├── Dark Caracal.json
│ │ ├── DarkHydrus.json
│ │ ├── Darkhotel.json
│ │ ├── Deep Panda.json
│ │ ├── Dragonfly.json
│ │ ├── Dust Storm.json
│ │ ├── Elderwood.json
│ │ ├── Evilnum.json
│ │ ├── FIN10.json
│ │ ├── FIN4.json
│ │ ├── FIN5.json
│ │ ├── FIN6.json
│ │ ├── FIN7.json
│ │ ├── FIN8.json
│ │ ├── Ferocious Kitten.json
│ │ ├── Fox Kitten.json
│ │ ├── GALLIUM.json
│ │ ├── GCMAN.json
│ │ ├── GOLD SOUTHFIELD.json
│ │ ├── Gallmaker.json
│ │ ├── Gamaredon Group.json
│ │ ├── Gorgon Group.json
│ │ ├── Group5.json
│ │ ├── HAFNIUM.json
│ │ ├── Higaisa.json
│ │ ├── Honeybee.json
│ │ ├── Inception.json
│ │ ├── IndigoZebra.json
│ │ ├── Indrik Spider.json
│ │ ├── Ke3chang.json
│ │ ├── Kimsuky.json
│ │ ├── Lazarus Group.json
│ │ ├── LazyScripter.json
│ │ ├── Leafminer.json
│ │ ├── Leviathan.json
│ │ ├── Machete.json
│ │ ├── Magic Hound.json
│ │ ├── Moafee.json
│ │ ├── Mofang.json
│ │ ├── Molerats.json
│ │ ├── MuddyWater.json
│ │ ├── Mustang Panda.json
│ │ ├── Naikon.json
│ │ ├── Night Dragon.json
│ │ ├── Nomadic Octopus.json
│ │ ├── OilRig.json
│ │ ├── Orangeworm.json
│ │ ├── PLATINUM.json
│ │ ├── PROMETHIUM.json
│ │ ├── Patchwork.json
│ │ ├── PittyTiger.json
│ │ ├── Poseidon Group.json
│ │ ├── Putter Panda.json
│ │ ├── RTM.json
│ │ ├── Rancor.json
│ │ ├── Rocke.json
│ │ ├── Sandworm Team.json
│ │ ├── Scarlet Mimic.json
│ │ ├── Sidewinder.json
│ │ ├── Silence.json
│ │ ├── Silent Librarian.json
│ │ ├── Sowbug.json
│ │ ├── Stealth Falcon.json
│ │ ├── Strider.json
│ │ ├── Suckfly.json
│ │ ├── TA459.json
│ │ ├── TA505.json
│ │ ├── TA551.json
│ │ ├── TEMP.Veles.json
│ │ ├── Taidoor.json
│ │ ├── The White Company.json
│ │ ├── Threat Group-3390.json
│ │ ├── Thrip.json
│ │ ├── Tonto Team.json
│ │ ├── Transparent Tribe.json
│ │ ├── Tropic Trooper.json
│ │ ├── Turla.json
│ │ ├── UNC2452.json
│ │ ├── Volatile Cedar.json
│ │ ├── Whitefly.json
│ │ ├── Windshift.json
│ │ ├── Winnti Group.json
│ │ ├── Wizard Spider.json
│ │ ├── ZIRCONIUM.json
│ │ ├── admin@338.json
│ │ └── menuPass.json
│ ├── country
│ │ ├── Brazil (Base).json
│ │ ├── China (Base).json
│ │ ├── Colombia (Base).json
│ │ ├── India (Base).json
│ │ ├── Iran (Base).json
│ │ ├── Lebanon (Base).json
│ │ ├── North Korea (Democratic People's Republic of Korea, DPRK) (Base).json
│ │ ├── Pakistan (Base).json
│ │ ├── README.md
│ │ ├── Romania (Base).json
│ │ ├── Russia (Base).json
│ │ ├── South Korea (Republic of Korea, ROK) (Base).json
│ │ ├── Turkey (Base).json
│ │ ├── Ukraine (Base).json
│ │ ├── United Arab Emirates (UAE) (Base).json
│ │ ├── United States of America (USA) (Base).json
│ │ └── Vietnam (Base).json
│ ├── industries
│ │ ├── Aerospace.json
│ │ ├── Aerospace.png
│ │ ├── Automotive.json
│ │ ├── Aviation.json
│ │ ├── Casinos & Gambling.json
│ │ ├── Chemical.json
│ │ ├── Construction.json
│ │ ├── Critical Infrastructure.json
│ │ ├── Defense.json
│ │ ├── Education.json
│ │ ├── Embassies.json
│ │ ├── Energy.json
│ │ ├── Engineering.json
│ │ ├── Entertainment.json
│ │ ├── Financial (Finance).json
│ │ ├── Food & Agriculture.json
│ │ ├── Gaming.json
│ │ ├── Government.json
│ │ ├── Healthcare.json
│ │ ├── High Tech (High-Tech).json
│ │ ├── High Tech.json
│ │ ├── Hospitality.json
│ │ ├── Industrial.json
│ │ ├── Information Technology (IT).json
│ │ ├── Law Enforcement.json
│ │ ├── Manufacturing.json
│ │ ├── Media.json
│ │ ├── Mining.json
│ │ ├── Non-Governmental Organizations (NGOs).json
│ │ ├── Non-Profit Organizations (Non Profits).json
│ │ ├── Oil & Gas.json
│ │ ├── Online Video Game Companies (Online Gaming).json
│ │ ├── Petrochemical.json
│ │ ├── Pharmaceutical.png
│ │ ├── Pharmaceuticals.json
│ │ ├── README.md
│ │ ├── Research.json
│ │ ├── Retail.json
│ │ ├── Satellites.json
│ │ ├── Shipping & Logistics.json
│ │ ├── Technology.json
│ │ ├── Telecommunications (Telecoms).json
│ │ ├── Think Tanks.json
│ │ ├── Transportation.json
│ │ └── Utilities.json
│ ├── lookup_index_all_categories.json
│ ├── motivations
│ │ ├── Financial Crime.json
│ │ ├── Financial Gain.json
│ │ ├── Financial_crime.png
│ │ ├── Information Theft & Espionage.json
│ │ ├── Information_theft_and_espionage.png
│ │ ├── README.md
│ │ └── Sabotage & Destruction.json
│ └── victim-country
│ │ ├── ASEAN (Victim Country).json
│ │ ├── Afghanistan (Victim Country).json
│ │ ├── Albania (Victim Country).json
│ │ ├── Algeria (Victim Country).json
│ │ ├── Angola (Victim Country).json
│ │ ├── Antigua and Barbuda (Victim Country).json
│ │ ├── Argentina (Victim Country).json
│ │ ├── Armenia (Victim Country).json
│ │ ├── Australia (Victim Country).json
│ │ ├── Austria (Victim Country).json
│ │ ├── Azerbaijan (Victim Country).json
│ │ ├── Bahamas (Victim Country).json
│ │ ├── Bahrain (Victim Country).json
│ │ ├── Bangladesh (Victim Country).json
│ │ ├── Barbados (Victim Country).json
│ │ ├── Belarus (Victim Country).json
│ │ ├── Belgium (Victim Country).json
│ │ ├── Belize (Victim Country).json
│ │ ├── Bhutan (Victim Country).json
│ │ ├── Bolivia (Victim Country).json
│ │ ├── Bosnia and Herzegovina (Victim Country).json
│ │ ├── Botswana (Victim Country).json
│ │ ├── Brazil (Victim Country).json
│ │ ├── Brunei (Victim Country).json
│ │ ├── Bulgaria (Victim Country).json
│ │ ├── Cambodia (Victim Country).json
│ │ ├── Canada (Victim Country).json
│ │ ├── Chechnya (Victim Country).json
│ │ ├── Chile (Victim Country).json
│ │ ├── China (Victim Country).json
│ │ ├── Colombia (Victim Country).json
│ │ ├── Congo (Victim Country).json
│ │ ├── Costa Rica (Victim Country).json
│ │ ├── Cote d'Ivoire (Victim Country).json
│ │ ├── Croatia (Victim Country).json
│ │ ├── Cuba (Victim Country).json
│ │ ├── Cyprus (Victim Country).json
│ │ ├── Czech (Victim Country).json
│ │ ├── Denmark (Victim Country).json
│ │ ├── Dominican Republic (Victim Country).json
│ │ ├── Ecuador (Victim Country).json
│ │ ├── Egypt (Victim Country).json
│ │ ├── El Salvador (Victim Country).json
│ │ ├── Estonia (Victim Country).json
│ │ ├── Ethiopia (Victim Country).json
│ │ ├── Finland (Victim Country).json
│ │ ├── France (Victim Country).json
│ │ ├── Georgia (Victim Country).json
│ │ ├── Germany (Victim Country).json
│ │ ├── Ghana (Victim Country).json
│ │ ├── Gibraltar (Victim Country).json
│ │ ├── Greece (Victim Country).json
│ │ ├── Guatemala (Victim Country).json
│ │ ├── Honduras (Victim Country).json
│ │ ├── Hong Kong (Victim Country).json
│ │ ├── Hungary (Victim Country).json
│ │ ├── Iceland (Victim Country).json
│ │ ├── India (Victim Country).json
│ │ ├── Indonesia (Victim Country).json
│ │ ├── Iran (Victim Country).json
│ │ ├── Iraq (Victim Country).json
│ │ ├── Ireland (Victim Country).json
│ │ ├── Israel (Victim Country).json
│ │ ├── Italy (Victim Country).json
│ │ ├── Jamaica (Victim Country).json
│ │ ├── Japan (Victim Country).json
│ │ ├── Jordan (Victim Country).json
│ │ ├── Kazakhstan (Victim Country).json
│ │ ├── Kenya (Victim Country).json
│ │ ├── Kuwait (Victim Country).json
│ │ ├── Kyrgyzstan (Victim Country).json
│ │ ├── Laos (Victim Country).json
│ │ ├── Latvia (Victim Country).json
│ │ ├── Lebanon (Victim Country).json
│ │ ├── Libya (Victim Country).json
│ │ ├── Lithuania (Victim Country).json
│ │ ├── Luxembourg (Victim Country).json
│ │ ├── Macao (Victim Country).json
│ │ ├── Macedonia (Victim Country).json
│ │ ├── Malaysia (Victim Country).json
│ │ ├── Mali (Victim Country).json
│ │ ├── Malta (Victim Country).json
│ │ ├── Mauritius (Victim Country).json
│ │ ├── Mexico (Victim Country).json
│ │ ├── Moldova (Victim Country).json
│ │ ├── Mongolia (Victim Country).json
│ │ ├── Montenegro (Victim Country).json
│ │ ├── Morocco (Victim Country).json
│ │ ├── Mozambique (Victim Country).json
│ │ ├── Myanmar (Victim Country).json
│ │ ├── NATO (Victim Country).json
│ │ ├── Namibia (Victim Country).json
│ │ ├── Nepal (Victim Country).json
│ │ ├── Netherlands (Victim Country).json
│ │ ├── New Zealand (Victim Country).json
│ │ ├── Nicaragua (Victim Country).json
│ │ ├── Nigeria (Victim Country).json
│ │ ├── North Korea (Victim Country).json
│ │ ├── Norway (Victim Country).json
│ │ ├── Oman (Victim Country).json
│ │ ├── Pakistan (Victim Country).json
│ │ ├── Palestine (Victim Country).json
│ │ ├── Panama (Victim Country).json
│ │ ├── Papua New Guinea (Victim Country).json
│ │ ├── Paraguay (Victim Country).json
│ │ ├── Peru (Victim Country).json
│ │ ├── Philippines (Victim Country).json
│ │ ├── Poland (Victim Country).json
│ │ ├── Portugal (Victim Country).json
│ │ ├── Qatar (Victim Country).json
│ │ ├── README.md
│ │ ├── Romania (Victim Country).json
│ │ ├── Russia (Victim Country).json
│ │ ├── Rwanda (Victim Country).json
│ │ ├── Saudi Arabia (Victim Country).json
│ │ ├── Senegal (Victim Country).json
│ │ ├── Serbia (Victim Country).json
│ │ ├── Seychelles (Victim Country).json
│ │ ├── Singapore (Victim Country).json
│ │ ├── Slovakia (Victim Country).json
│ │ ├── Slovenia (Victim Country).json
│ │ ├── Somalia (Victim Country).json
│ │ ├── South Africa (Victim Country).json
│ │ ├── South Korea (Victim Country).json
│ │ ├── South Sudan (Victim Country).json
│ │ ├── Spain (Victim Country).json
│ │ ├── Sri Lanka (Victim Country).json
│ │ ├── Suriname (Victim Country).json
│ │ ├── Sweden (Victim Country).json
│ │ ├── Switzerland (Victim Country).json
│ │ ├── Syria (Victim Country).json
│ │ ├── Taiwan (Victim Country).json
│ │ ├── Tajikistan (Victim Country).json
│ │ ├── Tanzania (Victim Country).json
│ │ ├── Thailand (Victim Country).json
│ │ ├── Tibet (Victim Country).json
│ │ ├── Trinidad and Tobago (Victim Country).json
│ │ ├── Tunisia (Victim Country).json
│ │ ├── Turkey (Victim Country).json
│ │ ├── Turkmenistan (Victim Country).json
│ │ ├── Uganda (Victim Country).json
│ │ ├── Ukraine (Victim Country).json
│ │ ├── United Arab Emirates (UAE) (Victim Country).json
│ │ ├── United Kingdom (UK) (Victim Country).json
│ │ ├── United States of America (USA) (Victim Country).json
│ │ ├── Uruguay (Victim Country).json
│ │ ├── Uzbekistan (Victim Country).json
│ │ ├── Venezuela (Victim Country).json
│ │ ├── Vietnam (Victim Country).json
│ │ └── Yemen (Victim Country).json
├── ttpCategories.png
└── ttpCategories_wide.png
└── src
└── ttpCategory.py
/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/.DS_Store
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2022 IntelScott
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/docs/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/.DS_Store
--------------------------------------------------------------------------------
/docs/csv_for_pivot_tables/Categorized_Adversary_TTPs_Industries.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/csv_for_pivot_tables/Categorized_Adversary_TTPs_Industries.csv
--------------------------------------------------------------------------------
/docs/diamond_models/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/diamond_models/.DS_Store
--------------------------------------------------------------------------------
/docs/diamond_models/APT-C-36.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/APT12.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/APT16.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/APT18.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/APT38.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Ajax Security Team.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Andariel.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Aquatic Panda.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Axiom.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Chimera.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/DarkHydrus.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Dust Storm.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/FIN10.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/FIN4.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/FIN5.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/FIN6.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Ferocious Kitten.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/GALLIUM.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/GCMAN.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/GOLD SOUTHFIELD.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Gallmaker.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Gorgon Group.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Group5.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/HAFNIUM.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Honeybee.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/IndigoZebra.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Indrik Spider.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Kimsuky.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/LazyScripter.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Leafminer.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Moafee.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Night Dragon.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Nomadic Octopus.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/PittyTiger.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Putter Panda.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/RTM.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Rancor.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Rocke.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Scarlet Mimic.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Sidewinder.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Sowbug.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Stealth Falcon.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Suckfly.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/TA459.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/TA505.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/TA551.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/TEMP.Veles.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Taidoor.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/The White Company.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Windshift.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/Wizard Spider.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/ZIRCONIUM.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/diamond_models/admin@338.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/heatmaps/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/.DS_Store
--------------------------------------------------------------------------------
/docs/heatmaps/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/README.md
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/all_adversaries/.DS_Store
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/APT-C-36.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "APT-C-36, Blind Eagle",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for APT-C-36, Blind Eagle. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0099\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1421d8ca-9aff-4245-8ee4-cdf72c4c65c5",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1059.005",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1588.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1027",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1105",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.004",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1571",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1053.005",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/APT12.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "APT12, IXESHE, DynCalc, Numbered Panda, DNSCALC, APT 12, CTG-8223, Bronze Globe, BeeBus, Calc Team, DynCALC, DNSCalc, Group 22, Crimson Iron",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for APT12, IXESHE, DynCalc, Numbered Panda, DNSCALC, APT 12, CTG-8223, Bronze Globe, BeeBus, Calc Team, DynCALC, DNSCalc, Group 22, Crimson Iron. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0005\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a85ba864-0a13-4337-bd57-8df380b7b4fa",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1203",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1102.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1568.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/APT16.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "APT16, APT 16, SVCMONDR",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for APT16, APT 16, SVCMONDR. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0023\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=96d67d0e-dff0-4bbd-99fa-6dbdb433474f",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1584.004",
13 | "score": 1
14 | }
15 | ],
16 | "layout": {
17 | "layout": "side",
18 | "aggregateFunction": "max",
19 | "showID": false,
20 | "showName": true,
21 | "showAggregateScores": true,
22 | "countUnscored": false
23 | },
24 | "gradient": {
25 | "colors": [
26 | "#ffffff",
27 | "#ff6666"
28 | ],
29 | "minValue": 0,
30 | "maxValue": 1
31 | }
32 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/APT17.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "APT17, Deputy Dog, APT 17, Tailgater Team, Elderwood, Elderwood Gang, Sneaky Panda, SIG22, Beijing Group, Bronze Keystone, TG-8153, TEMP.Avengers, Dogfish, ATK 2, Operation Aurora, Operation \u201cDeputyDog\u201d, Operation \u201cEphemeral Hydra\u201d, Operation \u201cRAT Cook\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for APT17, Deputy Dog, APT 17, Tailgater Team, Elderwood, Elderwood Gang, Sneaky Panda, SIG22, Beijing Group, Bronze Keystone, TG-8153, TEMP.Avengers, Dogfish, ATK 2, Operation Aurora, Operation \u201cDeputyDog\u201d, Operation \u201cEphemeral Hydra\u201d, Operation \u201cRAT Cook\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0025\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=58f101e3-5fe8-43d4-8d92-f09987604385",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1585",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1583.006",
17 | "score": 1
18 | }
19 | ],
20 | "layout": {
21 | "layout": "side",
22 | "aggregateFunction": "max",
23 | "showID": false,
24 | "showName": true,
25 | "showAggregateScores": true,
26 | "countUnscored": false
27 | },
28 | "gradient": {
29 | "colors": [
30 | "#ffffff",
31 | "#ff6666"
32 | ],
33 | "minValue": 0,
34 | "maxValue": 1
35 | }
36 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/APT18.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "APT18, TG-0416, Dynamite Panda, Threat Group-0416, APT 18, Wekby, Scandium",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for APT18, TG-0416, Dynamite Panda, Threat Group-0416, APT 18, Wekby, Scandium. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0026\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=aa2f3420-e239-4b0c-9066-c6f5804de6a8",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1059.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1133",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1547.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1027",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1070.004",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1053.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1078",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1082",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1083",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1071.004",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1043",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1105",
57 | "score": 1
58 | },
59 | {
60 | "techniqueID": "T1071.001",
61 | "score": 1
62 | }
63 | ],
64 | "layout": {
65 | "layout": "side",
66 | "aggregateFunction": "max",
67 | "showID": false,
68 | "showName": true,
69 | "showAggregateScores": true,
70 | "countUnscored": false
71 | },
72 | "gradient": {
73 | "colors": [
74 | "#ffffff",
75 | "#ff6666"
76 | ],
77 | "minValue": 0,
78 | "maxValue": 1
79 | }
80 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/APT30.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "APT30, APT 30, Override Panda, CTG-5326, Bronze Geneva, Bronze Sterling",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for APT30, APT 30, Override Panda, CTG-5326, Bronze Geneva, Bronze Sterling. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0013\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a97aea4e-ac99-4506-89e6-ba1e5b766b0d",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1204.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.001",
17 | "score": 1
18 | }
19 | ],
20 | "layout": {
21 | "layout": "side",
22 | "aggregateFunction": "max",
23 | "showID": false,
24 | "showName": true,
25 | "showAggregateScores": true,
26 | "countUnscored": false
27 | },
28 | "gradient": {
29 | "colors": [
30 | "#ffffff",
31 | "#ff6666"
32 | ],
33 | "minValue": 0,
34 | "maxValue": 1
35 | }
36 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Ajax Security Team.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Ajax Security Team, Operation Woolen-Goldfish, AjaxTM, Rocket Kitten, Flying Kitten, Operation Saffron Rose, Group 26, Operation \u201cSaffron Rose\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Ajax Security Team, Operation Woolen-Goldfish, AjaxTM, Rocket Kitten, Flying Kitten, Operation Saffron Rose, Group 26, Operation \u201cSaffron Rose\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0130\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=9d17cae3-0777-428b-b9b7-fcbdf52af5ba",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1555.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.003",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1105",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1056.001",
33 | "score": 1
34 | }
35 | ],
36 | "layout": {
37 | "layout": "side",
38 | "aggregateFunction": "max",
39 | "showID": false,
40 | "showName": true,
41 | "showAggregateScores": true,
42 | "countUnscored": false
43 | },
44 | "gradient": {
45 | "colors": [
46 | "#ffffff",
47 | "#ff6666"
48 | ],
49 | "minValue": 0,
50 | "maxValue": 1
51 | }
52 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/BlackOasis.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "BlackOasis",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for BlackOasis. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0063\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=7db7cd4f-ca76-4176-9d94-80429033ef49",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1027",
13 | "score": 1
14 | }
15 | ],
16 | "layout": {
17 | "layout": "side",
18 | "aggregateFunction": "max",
19 | "showID": false,
20 | "showName": true,
21 | "showAggregateScores": true,
22 | "countUnscored": false
23 | },
24 | "gradient": {
25 | "colors": [
26 | "#ffffff",
27 | "#ff6666"
28 | ],
29 | "minValue": 0,
30 | "maxValue": 1
31 | }
32 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Carbanak.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Carbanak, Anunak, Carbon Spider, Gold Waterfall",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Carbanak, Anunak, Carbon Spider, Gold Waterfall. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0008\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e5869096-4b2d-406d-b8d1-713eda321457",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1078",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1218.011",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1036.004",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1543.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1562.004",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1102.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1219",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1036.005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1588.002",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Cleaver.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Cleaver, Threat Group 2889, TG-2889, Cutting Kitten, Operation \u201cCleaver\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Cleaver, Threat Group 2889, TG-2889, Cutting Kitten, Operation \u201cCleaver\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0003\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4622bc44-8c01-4807-8d12-b22352472c29",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1588.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1003.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1587.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1585.001",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1557.002",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/CopyKittens.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "CopyKittens, Slayer Kitten, Operation \u201cWilted Tulip\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for CopyKittens, Slayer Kitten, Operation \u201cWilted Tulip\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0052\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a674fc23-26e8-4f6e-ba55-1a6ef4029878",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1588.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1564.003",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1560.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1218.011",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1059.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1553.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1560.003",
37 | "score": 1
38 | }
39 | ],
40 | "layout": {
41 | "layout": "side",
42 | "aggregateFunction": "max",
43 | "showID": false,
44 | "showName": true,
45 | "showAggregateScores": true,
46 | "countUnscored": false
47 | },
48 | "gradient": {
49 | "colors": [
50 | "#ffffff",
51 | "#ff6666"
52 | ],
53 | "minValue": 0,
54 | "maxValue": 1
55 | }
56 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/CostaRicto.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "CostaRicto",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for CostaRicto. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0132\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=18339642-2d15-4dae-abfe-27abe661b911",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1588.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1053.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1572",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1046",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1090.003",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Dark Caracal.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Dark Caracal, ATK 27, TAG-CT3, Operation \u201cDark Caracal\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Dark Caracal, ATK 27, TAG-CT3, Operation \u201cDark Caracal\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0070\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=fc5237e5-874a-4892-af91-f50550dd9588",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1071.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1547.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1027",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1566.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1059.003",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1204.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1218.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1083",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1027.002",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1189",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1113",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/DarkHydrus.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "DarkHydrus, LazyMeerkat, ATK 77",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for DarkHydrus, LazyMeerkat, ATK 77. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0079\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2849cc26-d6c8-4484-821e-cb0f7006bddc",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1187",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1588.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1564.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1204.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1221",
37 | "score": 1
38 | }
39 | ],
40 | "layout": {
41 | "layout": "side",
42 | "aggregateFunction": "max",
43 | "showID": false,
44 | "showName": true,
45 | "showAggregateScores": true,
46 | "countUnscored": false
47 | },
48 | "gradient": {
49 | "colors": [
50 | "#ffffff",
51 | "#ff6666"
52 | ],
53 | "minValue": 0,
54 | "maxValue": 1
55 | }
56 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Deep Panda.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Deep Panda, Shell Crew, WebMasters, KungFu Kittens, PinkPanther, Black Vine, APT 19, Codoso, Sunshop Group, TG-3551, Bronze Firestone, Pupa, Operation \u201cKingslayer\u201d, C0d0so0",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Deep Panda, Shell Crew, WebMasters, KungFu Kittens, PinkPanther, Black Vine, APT 19, Codoso, Sunshop Group, TG-3551, Bronze Firestone, Pupa, Operation \u201cKingslayer\u201d, C0d0so0. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0009\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=58c7e347-341c-4446-bf03-81fc1f7d9254",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1564.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1027.005",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1546.008",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1021.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1505.003",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1047",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1018",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1218.010",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1057",
49 | "score": 1
50 | }
51 | ],
52 | "layout": {
53 | "layout": "side",
54 | "aggregateFunction": "max",
55 | "showID": false,
56 | "showName": true,
57 | "showAggregateScores": true,
58 | "countUnscored": false
59 | },
60 | "gradient": {
61 | "colors": [
62 | "#ffffff",
63 | "#ff6666"
64 | ],
65 | "minValue": 0,
66 | "maxValue": 1
67 | }
68 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Dust Storm.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Dust Storm",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Dust Storm. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0031\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3c462561-ef5e-48ac-9138-38dc25d2afc4",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1005",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1027",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1083",
21 | "score": 1
22 | }
23 | ],
24 | "layout": {
25 | "layout": "side",
26 | "aggregateFunction": "max",
27 | "showID": false,
28 | "showName": true,
29 | "showAggregateScores": true,
30 | "countUnscored": false
31 | },
32 | "gradient": {
33 | "colors": [
34 | "#ffffff",
35 | "#ff6666"
36 | ],
37 | "minValue": 0,
38 | "maxValue": 1
39 | }
40 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Elderwood.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Elderwood, Elderwood Gang, Beijing Group, Sneaky Panda, APT 17, Tailgater Team, SIG22, Bronze Keystone, TG-8153, TEMP.Avengers, Dogfish, Deputy Dog, ATK 2, Operation Aurora, Operation \u201cDeputyDog\u201d, Operation \u201cEphemeral Hydra\u201d, Operation \u201cRAT Cook\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Elderwood, Elderwood Gang, Beijing Group, Sneaky Panda, APT 17, Tailgater Team, SIG22, Bronze Keystone, TG-8153, TEMP.Avengers, Dogfish, Deputy Dog, ATK 2, Operation Aurora, Operation \u201cDeputyDog\u201d, Operation \u201cEphemeral Hydra\u201d, Operation \u201cRAT Cook\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0066\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=58f101e3-5fe8-43d4-8d92-f09987604385",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1203",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1027",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1105",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1204.001",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1027.002",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1204.002",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Evilnum.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Evilnum, Jointworm, Operation \u201cPhantom in the Command Shell\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Evilnum, Jointworm, Operation \u201cPhantom in the Command Shell\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0120\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e5ad7790-80c8-4319-a52e-469e20c95573",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1574.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1497.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1566.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1555",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1105",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1219",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1539",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1548.002",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1070.004",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1204.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1059.007",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/FIN10.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "FIN10",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for FIN10. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0051\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=32e3ffa7-e053-4841-a072-7f314eb1637c",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1059.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1078",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1033",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1588.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1059.003",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1053.005",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1547.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1078.003",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1070.004",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1021.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1570",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/FIN4.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "FIN4, Wolf Spider",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for FIN4, Wolf Spider. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0085\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1a7f67d2-c05e-48f6-b62e-76b2bea6d174",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1056.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1056.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1114.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1566.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1071.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1090.003",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1564.008",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1204.001",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1059.005",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1078",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1204.002",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1566.001",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/FIN5.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "FIN5",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for FIN5. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0053\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=79996110-5bcb-4996-b3d8-0d778030f0dc",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1078",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1133",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1588.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1090.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1110",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1070.004",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1074.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1119",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1059",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1070.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1018",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Ferocious Kitten.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Ferocious Kitten",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Ferocious Kitten. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0137\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e4c70f58-d897-472b-8a10-577c0239a678",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1036.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1036.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1583.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1566.001",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1204.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1588.002",
33 | "score": 1
34 | }
35 | ],
36 | "layout": {
37 | "layout": "side",
38 | "aggregateFunction": "max",
39 | "showID": false,
40 | "showName": true,
41 | "showAggregateScores": true,
42 | "countUnscored": false
43 | },
44 | "gradient": {
45 | "colors": [
46 | "#ffffff",
47 | "#ff6666"
48 | ],
49 | "minValue": 0,
50 | "maxValue": 1
51 | }
52 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/GCMAN.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "GCMAN",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for GCMAN. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0036\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e6eeb30a-a941-46f9-8340-20958f1d6cb0",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1021.005",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1021.004",
17 | "score": 1
18 | }
19 | ],
20 | "layout": {
21 | "layout": "side",
22 | "aggregateFunction": "max",
23 | "showID": false,
24 | "showName": true,
25 | "showAggregateScores": true,
26 | "countUnscored": false
27 | },
28 | "gradient": {
29 | "colors": [
30 | "#ffffff",
31 | "#ff6666"
32 | ],
33 | "minValue": 0,
34 | "maxValue": 1
35 | }
36 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/GOLD SOUTHFIELD.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "GOLD SOUTHFIELD, Pinchy Spider, Gold Southfield, Gold Garden",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for GOLD SOUTHFIELD, Pinchy Spider, Gold Southfield, Gold Garden. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0115\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=bdd28842-178b-4258-a37f-5c1c1bb71bb2",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1027",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1195.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1219",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1566",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1133",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1199",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1190",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1113",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1059.001",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Gallmaker.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Gallmaker",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Gallmaker. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0084\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=dafbb134-1652-4444-8b12-9b4cc121e3c2",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1204.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1559.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1027",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1560.001",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1059.001",
33 | "score": 1
34 | }
35 | ],
36 | "layout": {
37 | "layout": "side",
38 | "aggregateFunction": "max",
39 | "showID": false,
40 | "showName": true,
41 | "showAggregateScores": true,
42 | "countUnscored": false
43 | },
44 | "gradient": {
45 | "colors": [
46 | "#ffffff",
47 | "#ff6666"
48 | ],
49 | "minValue": 0,
50 | "maxValue": 1
51 | }
52 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Group5.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Group5",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Group5. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0043\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=316b9d45-f67a-4595-bdf3-5137489fb3c5",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1065",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1070.004",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1056.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1027",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1113",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/IndigoZebra.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "IndigoZebra",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for IndigoZebra. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0136\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1583.006",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1588.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1586.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1204.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1105",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1566.001",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1583.001",
37 | "score": 1
38 | }
39 | ],
40 | "layout": {
41 | "layout": "side",
42 | "aggregateFunction": "max",
43 | "showID": false,
44 | "showName": true,
45 | "showAggregateScores": true,
46 | "countUnscored": false
47 | },
48 | "gradient": {
49 | "colors": [
50 | "#ffffff",
51 | "#ff6666"
52 | ],
53 | "minValue": 0,
54 | "maxValue": 1
55 | }
56 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Machete.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Machete, APT-C-43, El Machete, TEMP.Andromeda, ATK 97, TAG-NS1, Operation \u201cHpReact\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Machete, APT-C-43, El Machete, TEMP.Andromeda, ATK 97, TAG-NS1, Operation \u201cHpReact\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0095\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=833458a9-a8a0-4efb-be06-d5ef87b6b842",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1218.007",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1036.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1059.006",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1032",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1566.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1053.005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1204.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1059.003",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1059.005",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Moafee.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Moafee",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Moafee. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0002\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a89dfb9b-f899-4d5e-b835-1fbb37295660",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1027.001",
13 | "score": 1
14 | }
15 | ],
16 | "layout": {
17 | "layout": "side",
18 | "aggregateFunction": "max",
19 | "showID": false,
20 | "showName": true,
21 | "showAggregateScores": true,
22 | "countUnscored": false
23 | },
24 | "gradient": {
25 | "colors": [
26 | "#ffffff",
27 | "#ff6666"
28 | ],
29 | "minValue": 0,
30 | "maxValue": 1
31 | }
32 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Mofang.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Mofang, Whitefly, TEMP.Mimic, Bronze Walker, ATK 83, SectorM04, Superman",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Mofang, Whitefly, TEMP.Mimic, Bronze Walker, ATK 83, SectorM04, Superman. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0103\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=59308a4a-3c7b-4589-87e5-0c4d0d19274e",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1204.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1027",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Nomadic Octopus.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Nomadic Octopus, DustSquad, Golden Falcon, APT-C-34",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Nomadic Octopus, DustSquad, Golden Falcon, APT-C-34. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0133\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=982ea477-0c28-490e-87d6-3f43da257cae",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1564.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1059.003",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1204.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1059.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1036",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1105",
37 | "score": 1
38 | }
39 | ],
40 | "layout": {
41 | "layout": "side",
42 | "aggregateFunction": "max",
43 | "showID": false,
44 | "showName": true,
45 | "showAggregateScores": true,
46 | "countUnscored": false
47 | },
48 | "gradient": {
49 | "colors": [
50 | "#ffffff",
51 | "#ff6666"
52 | ],
53 | "minValue": 0,
54 | "maxValue": 1
55 | }
56 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Orangeworm.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Orangeworm",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Orangeworm. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0071\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=571b223a-c3cd-4c5c-a4fb-7fa7f3ce4502",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1071.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1021.002",
17 | "score": 1
18 | }
19 | ],
20 | "layout": {
21 | "layout": "side",
22 | "aggregateFunction": "max",
23 | "showID": false,
24 | "showName": true,
25 | "showAggregateScores": true,
26 | "countUnscored": false
27 | },
28 | "gradient": {
29 | "colors": [
30 | "#ffffff",
31 | "#ff6666"
32 | ],
33 | "minValue": 0,
34 | "maxValue": 1
35 | }
36 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/PLATINUM.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "PLATINUM, TwoForOne, ATK 33, Operation \u201cEasternRoppels\u201d, Platinum",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for PLATINUM, TwoForOne, ATK 33, Operation \u201cEasternRoppels\u201d, Platinum. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0068\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=69d35f6f-9bd8-4d36-b120-2b563ef06841",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1105",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1204.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1056.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1095",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1068",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1189",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1566.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1055",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1036",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1003.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1094",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1056.004",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/PROMETHIUM.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "PROMETHIUM, StrongPity, Promethium, APT-C-41",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for PROMETHIUM, StrongPity, Promethium, APT-C-41. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0056\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=c33e0a3e-f5b9-46e2-9fab-f19869292c11",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1547.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1205.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1543.003",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1078.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1204.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1587.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.004",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1587.003",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1036.005",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1553.002",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/PittyTiger.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "PittyTiger, Pitty Panda, Operation \u201cThe Eye of the Tiger\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for PittyTiger, Pitty Panda, Operation \u201cThe Eye of the Tiger\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0011\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=26627515-afdb-421b-b59e-3a5300210001",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1588.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1078",
17 | "score": 1
18 | }
19 | ],
20 | "layout": {
21 | "layout": "side",
22 | "aggregateFunction": "max",
23 | "showID": false,
24 | "showName": true,
25 | "showAggregateScores": true,
26 | "countUnscored": false
27 | },
28 | "gradient": {
29 | "colors": [
30 | "#ffffff",
31 | "#ff6666"
32 | ],
33 | "minValue": 0,
34 | "maxValue": 1
35 | }
36 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Poseidon Group.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Poseidon Group",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Poseidon Group. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0033\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8a39ee0-3ec7-41dc-9d6e-dcbab0779ca3",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1087.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1057",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1007",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1049",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1003",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.005",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1087.001",
41 | "score": 1
42 | }
43 | ],
44 | "layout": {
45 | "layout": "side",
46 | "aggregateFunction": "max",
47 | "showID": false,
48 | "showName": true,
49 | "showAggregateScores": true,
50 | "countUnscored": false
51 | },
52 | "gradient": {
53 | "colors": [
54 | "#ffffff",
55 | "#ff6666"
56 | ],
57 | "minValue": 0,
58 | "maxValue": 1
59 | }
60 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Putter Panda.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Putter Panda, APT2, MSUpdater, TG-6952, APT 2, Group 36, Sulphur",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Putter Panda, APT2, MSUpdater, TG-6952, APT 2, Group 36, Sulphur. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0024\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=028aa521-2de8-49c4-88d7-455f4d9141ba",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1055.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1562.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1027",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1547.001",
25 | "score": 1
26 | }
27 | ],
28 | "layout": {
29 | "layout": "side",
30 | "aggregateFunction": "max",
31 | "showID": false,
32 | "showName": true,
33 | "showAggregateScores": true,
34 | "countUnscored": false
35 | },
36 | "gradient": {
37 | "colors": [
38 | "#ffffff",
39 | "#ff6666"
40 | ],
41 | "minValue": 0,
42 | "maxValue": 1
43 | }
44 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/RTM.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "RTM",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for RTM. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0048\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=72d3f856-6883-4840-bf43-a3dd24c61bbc",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1574.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1189",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1566.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1547.001",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1102.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1204.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1219",
37 | "score": 1
38 | }
39 | ],
40 | "layout": {
41 | "layout": "side",
42 | "aggregateFunction": "max",
43 | "showID": false,
44 | "showName": true,
45 | "showAggregateScores": true,
46 | "countUnscored": false
47 | },
48 | "gradient": {
49 | "colors": [
50 | "#ffffff",
51 | "#ff6666"
52 | ],
53 | "minValue": 0,
54 | "maxValue": 1
55 | }
56 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Rancor.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Rancor, Rancor Group",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Rancor, Rancor Group. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0075\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=020d538c-5250-46d8-9713-e739536cdd7e",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1204.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1071.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1218.007",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1566.001",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1053.005",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1105",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1059.003",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1059.005",
41 | "score": 1
42 | }
43 | ],
44 | "layout": {
45 | "layout": "side",
46 | "aggregateFunction": "max",
47 | "showID": false,
48 | "showName": true,
49 | "showAggregateScores": true,
50 | "countUnscored": false
51 | },
52 | "gradient": {
53 | "colors": [
54 | "#ffffff",
55 | "#ff6666"
56 | ],
57 | "minValue": 0,
58 | "maxValue": 1
59 | }
60 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Scarlet Mimic.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Scarlet Mimic",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Scarlet Mimic. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0029\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d130ffbe-6498-4559-9b16-58fb88146c45",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1036.002",
13 | "score": 1
14 | }
15 | ],
16 | "layout": {
17 | "layout": "side",
18 | "aggregateFunction": "max",
19 | "showID": false,
20 | "showName": true,
21 | "showAggregateScores": true,
22 | "countUnscored": false
23 | },
24 | "gradient": {
25 | "colors": [
26 | "#ffffff",
27 | "#ff6666"
28 | ],
29 | "minValue": 0,
30 | "maxValue": 1
31 | }
32 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Sowbug.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Sowbug",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Sowbug. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0054\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=76db0506-25f4-4b80-90aa-032d0a8345fe",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1039",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1560.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1135",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1082",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1083",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1056.001",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1003",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1059.003",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1036.005",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Strider.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Strider, ProjectSauron",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Strider, ProjectSauron. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0041\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d7d99de3-c515-4117-b40c-7696babb69c1",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1556.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1090.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1564.005",
21 | "score": 1
22 | }
23 | ],
24 | "layout": {
25 | "layout": "side",
26 | "aggregateFunction": "max",
27 | "showID": false,
28 | "showName": true,
29 | "showAggregateScores": true,
30 | "countUnscored": false
31 | },
32 | "gradient": {
33 | "colors": [
34 | "#ffffff",
35 | "#ff6666"
36 | ],
37 | "minValue": 0,
38 | "maxValue": 1
39 | }
40 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Suckfly.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Suckfly",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Suckfly. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0039\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=155b1a73-17ac-449e-bdcd-54a79119b397",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1059.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1046",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1078",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1553.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1003",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/TA459.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "TA459",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for TA459. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0062\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=da14ab64-16ed-4d61-93a7-69cf3f06115d",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1204.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1566.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1059.001",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1203",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/TA551.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "TA551, GOLD CABIN, Shathak, Gold Cabin",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for TA551, GOLD CABIN, Shathak, Gold Cabin. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0127\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=269da320-1b20-4721-9bd6-17e0a355fe7d",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1071.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1589.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1132.001",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1036",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1218.011",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1105",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1059.003",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1218.010",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1568.002",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1218.005",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1566.001",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1027",
57 | "score": 1
58 | },
59 | {
60 | "techniqueID": "T1204.002",
61 | "score": 1
62 | },
63 | {
64 | "techniqueID": "T1027.003",
65 | "score": 1
66 | }
67 | ],
68 | "layout": {
69 | "layout": "side",
70 | "aggregateFunction": "max",
71 | "showID": false,
72 | "showName": true,
73 | "showAggregateScores": true,
74 | "countUnscored": false
75 | },
76 | "gradient": {
77 | "colors": [
78 | "#ffffff",
79 | "#ff6666"
80 | ],
81 | "minValue": 0,
82 | "maxValue": 1
83 | }
84 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Taidoor.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Taidoor, Budminer",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Taidoor, Budminer. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0015\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=24403b57-1bb4-4c24-964c-ac2a35e67869",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1032",
13 | "score": 1
14 | }
15 | ],
16 | "layout": {
17 | "layout": "side",
18 | "aggregateFunction": "max",
19 | "showID": false,
20 | "showName": true,
21 | "showAggregateScores": true,
22 | "countUnscored": false
23 | },
24 | "gradient": {
25 | "colors": [
26 | "#ffffff",
27 | "#ff6666"
28 | ],
29 | "minValue": 0,
30 | "maxValue": 1
31 | }
32 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/The White Company.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "The White Company, Operation \u201cShaheen\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for The White Company, Operation \u201cShaheen\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0089\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=7f575804-406b-4dde-b2ce-563eca80c703",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1204.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1027.002",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1070.004",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1124",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1518.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1203",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1566.001",
37 | "score": 1
38 | }
39 | ],
40 | "layout": {
41 | "layout": "side",
42 | "aggregateFunction": "max",
43 | "showID": false,
44 | "showName": true,
45 | "showAggregateScores": true,
46 | "countUnscored": false
47 | },
48 | "gradient": {
49 | "colors": [
50 | "#ffffff",
51 | "#ff6666"
52 | ],
53 | "minValue": 0,
54 | "maxValue": 1
55 | }
56 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Thrip.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Thrip, Lotus Blossom, Spring Dragon, Dragonfish, Billbug, Bronze Elgin, CTG-8171, ATK 1, ATK 78, Operation \u201cLotus Blossom\u201d",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Thrip, Lotus Blossom, Spring Dragon, Dragonfish, Billbug, Bronze Elgin, CTG-8171, ATK 1, ATK 78, Operation \u201cLotus Blossom\u201d. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0076\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3b0d3a5d-1858-4be6-b23e-c2620e6e1065",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1048.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1588.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1219",
25 | "score": 1
26 | }
27 | ],
28 | "layout": {
29 | "layout": "side",
30 | "aggregateFunction": "max",
31 | "showID": false,
32 | "showName": true,
33 | "showAggregateScores": true,
34 | "countUnscored": false
35 | },
36 | "gradient": {
37 | "colors": [
38 | "#ffffff",
39 | "#ff6666"
40 | ],
41 | "minValue": 0,
42 | "maxValue": 1
43 | }
44 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Volatile Cedar.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Volatile Cedar, Lebanese Cedar, Dancing Salome",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Volatile Cedar, Lebanese Cedar, Dancing Salome. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0123\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=238acb51-8489-43d7-83b2-9ea4db18ddb6",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1105",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1505.003",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1595.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1190",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1595.003",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Whitefly.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Whitefly, Mofang, TEMP.Mimic, Bronze Walker, ATK 83, SectorM04, Superman",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Whitefly, Mofang, TEMP.Mimic, Bronze Walker, ATK 83, SectorM04, Superman. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0107\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=59308a4a-3c7b-4589-87e5-0c4d0d19274e",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1068",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1036.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1588.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1105",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1204.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1003.001",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1059",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1027",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1574.001",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/Winnti Group.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Winnti Group, Blackfly, Wicked Panda",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for Winnti Group, Blackfly, Wicked Panda. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0044\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=55d0e323-bb26-4779-b09f-cae04740b0bd",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1583.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1083",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1105",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1057",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1553.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1014",
33 | "score": 1
34 | }
35 | ],
36 | "layout": {
37 | "layout": "side",
38 | "aggregateFunction": "max",
39 | "showID": false,
40 | "showName": true,
41 | "showAggregateScores": true,
42 | "countUnscored": false
43 | },
44 | "gradient": {
45 | "colors": [
46 | "#ffffff",
47 | "#ff6666"
48 | ],
49 | "minValue": 0,
50 | "maxValue": 1
51 | }
52 | }
--------------------------------------------------------------------------------
/docs/heatmaps/all_adversaries/admin@338.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "admin@338, Temper Panda, Team338, Magnesium",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for admin@338, Temper Panda, Team338, Magnesium. Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nMITRE ATT&CK profile: https://attack.mitre.org/groups/G0018\nETDA profile: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d54adbf5-1684-4824-8416-045b3265eb3d",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1069.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1036.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1203",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1082",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1049",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1016",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1083",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1007",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1087.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1204.002",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1059.003",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/country/Brazil (Base).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Brazil (Base)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for adversaries based in Brazil (Base). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1087.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1057",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1007",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1049",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1003",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.005",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1087.001",
41 | "score": 1
42 | }
43 | ],
44 | "layout": {
45 | "layout": "side",
46 | "aggregateFunction": "max",
47 | "showID": false,
48 | "showName": true,
49 | "showAggregateScores": true,
50 | "countUnscored": false
51 | },
52 | "gradient": {
53 | "colors": [
54 | "#ffffff",
55 | "#ff6666"
56 | ],
57 | "minValue": 0,
58 | "maxValue": 1
59 | }
60 | }
--------------------------------------------------------------------------------
/docs/heatmaps/country/Colombia (Base).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Colombia (Base)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for adversaries based in Colombia (Base). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1059.005",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1566.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1588.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1027",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1105",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.004",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1571",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1053.005",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/country/Romania (Base).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Romania (Base)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for adversaries based in Romania (Base). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1056.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1056.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1114.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1566.002",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1071.001",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1090.003",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1564.008",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1204.001",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1059.005",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1078",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1204.002",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1566.001",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/country/Turkey (Base).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Turkey (Base)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for adversaries based in Turkey (Base). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1547.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1205.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1543.003",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1078.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1204.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1587.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.004",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1587.003",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1036.005",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1553.002",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/heatmaps/country/Ukraine (Base).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Ukraine (Base)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for adversaries based in Ukraine (Base). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1078",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1218.011",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1036.004",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1543.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1562.004",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1102.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1219",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1036.005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1588.002",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/country/United States of America (USA) (Base).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "United States of America (USA) (Base)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for adversaries based in United States of America (USA) (Base). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1556.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1090.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1564.005",
21 | "score": 1
22 | }
23 | ],
24 | "layout": {
25 | "layout": "side",
26 | "aggregateFunction": "max",
27 | "showID": false,
28 | "showName": true,
29 | "showAggregateScores": true,
30 | "countUnscored": false
31 | },
32 | "gradient": {
33 | "colors": [
34 | "#ffffff",
35 | "#ff6666"
36 | ],
37 | "minValue": 0,
38 | "maxValue": 1
39 | }
40 | }
--------------------------------------------------------------------------------
/docs/heatmaps/industries/Aerospace.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/industries/Aerospace.png
--------------------------------------------------------------------------------
/docs/heatmaps/industries/Pharmaceutical.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/industries/Pharmaceutical.png
--------------------------------------------------------------------------------
/docs/heatmaps/motivations/Financial_crime.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/motivations/Financial_crime.png
--------------------------------------------------------------------------------
/docs/heatmaps/motivations/Information_theft_and_espionage.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/heatmaps/motivations/Information_theft_and_espionage.png
--------------------------------------------------------------------------------
/docs/heatmaps/motivations/README.md:
--------------------------------------------------------------------------------
1 | #### View live heatmap visualizations - directly within ATT&CK Navigator - using the links below:
2 | * [Financial Crime](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2FtropChaud%2FCategorized-Adversary-TTPs%2Fmain%2Fdocs%2Fheatmaps%2Fmotivations%2FFinancial%20Crime.json)
3 | * [Financial Gain](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2FtropChaud%2FCategorized-Adversary-TTPs%2Fmain%2Fdocs%2Fheatmaps%2Fmotivations%2FFinancial%20Gain.json)
4 | * [Information Theft & Espionage](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2FtropChaud%2FCategorized-Adversary-TTPs%2Fmain%2Fdocs%2Fheatmaps%2Fmotivations%2FInformation%20Theft%20&%20Espionage.json)
5 | * [Sabotage & Destruction](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2FtropChaud%2FCategorized-Adversary-TTPs%2Fmain%2Fdocs%2Fheatmaps%2Fmotivations%2FSabotage%20&%20Destruction.json)
6 |
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Angola (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Angola (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Angola (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1027",
13 | "score": 1
14 | }
15 | ],
16 | "layout": {
17 | "layout": "side",
18 | "aggregateFunction": "max",
19 | "showID": false,
20 | "showName": true,
21 | "showAggregateScores": true,
22 | "countUnscored": false
23 | },
24 | "gradient": {
25 | "colors": [
26 | "#ffffff",
27 | "#ff6666"
28 | ],
29 | "minValue": 0,
30 | "maxValue": 1
31 | }
32 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Bahamas (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Bahamas (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Bahamas (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1588.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1053.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1572",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1046",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1090.003",
29 | "score": 1
30 | }
31 | ],
32 | "layout": {
33 | "layout": "side",
34 | "aggregateFunction": "max",
35 | "showID": false,
36 | "showName": true,
37 | "showAggregateScores": true,
38 | "countUnscored": false
39 | },
40 | "gradient": {
41 | "colors": [
42 | "#ffffff",
43 | "#ff6666"
44 | ],
45 | "minValue": 0,
46 | "maxValue": 1
47 | }
48 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Cote d'Ivoire (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Cote d'Ivoire (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Cote d'Ivoire (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1547.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1205.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1543.003",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1078.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1204.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1587.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.004",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1587.003",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1036.005",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1553.002",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Cuba (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Cuba (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Cuba (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1218.007",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1036.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1059.006",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1032",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1566.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1053.005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1204.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1059.003",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1059.005",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Iceland (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Iceland (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Iceland (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1078",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1218.011",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1036.004",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1543.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1562.004",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1102.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1219",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1036.005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1588.002",
45 | "score": 1
46 | }
47 | ],
48 | "layout": {
49 | "layout": "side",
50 | "aggregateFunction": "max",
51 | "showID": false,
52 | "showName": true,
53 | "showAggregateScores": true,
54 | "countUnscored": false
55 | },
56 | "gradient": {
57 | "colors": [
58 | "#ffffff",
59 | "#ff6666"
60 | ],
61 | "minValue": 0,
62 | "maxValue": 1
63 | }
64 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Macao (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Macao (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Macao (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1048.003",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1059.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1588.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1219",
25 | "score": 1
26 | }
27 | ],
28 | "layout": {
29 | "layout": "side",
30 | "aggregateFunction": "max",
31 | "showID": false,
32 | "showName": true,
33 | "showAggregateScores": true,
34 | "countUnscored": false
35 | },
36 | "gradient": {
37 | "colors": [
38 | "#ffffff",
39 | "#ff6666"
40 | ],
41 | "minValue": 0,
42 | "maxValue": 1
43 | }
44 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Nicaragua (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Nicaragua (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Nicaragua (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1218.007",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1036.005",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1204.002",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1059.006",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1566.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1032",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1566.001",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1053.005",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1204.001",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1059.003",
53 | "score": 1
54 | },
55 | {
56 | "techniqueID": "T1059.005",
57 | "score": 1
58 | }
59 | ],
60 | "layout": {
61 | "layout": "side",
62 | "aggregateFunction": "max",
63 | "showID": false,
64 | "showName": true,
65 | "showAggregateScores": true,
66 | "countUnscored": false
67 | },
68 | "gradient": {
69 | "colors": [
70 | "#ffffff",
71 | "#ff6666"
72 | ],
73 | "minValue": 0,
74 | "maxValue": 1
75 | }
76 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Rwanda (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Rwanda (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Rwanda (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1556.002",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1090.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1564.005",
21 | "score": 1
22 | }
23 | ],
24 | "layout": {
25 | "layout": "side",
26 | "aggregateFunction": "max",
27 | "showID": false,
28 | "showName": true,
29 | "showAggregateScores": true,
30 | "countUnscored": false
31 | },
32 | "gradient": {
33 | "colors": [
34 | "#ffffff",
35 | "#ff6666"
36 | ],
37 | "minValue": 0,
38 | "maxValue": 1
39 | }
40 | }
--------------------------------------------------------------------------------
/docs/heatmaps/victim-country/Senegal (Victim Country).json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Senegal (Victim Country)",
3 | "versions": {
4 | "attack": "11",
5 | "navigator": "4.6.1",
6 | "layer": "4.3"
7 | },
8 | "domain": "enterprise-attack",
9 | "description": "Heatmap of (sub)techniques for cyber threat activity involving entities located in Senegal (Victim Country). Source datasets can be found here: https://github.com/tropChaud/Categorized-Adversary-TTPs\n\nSources:\n\nMITRE ATT&CK: https://attack.mitre.org/\n\nThaiCERT/ETDA: https://apt.etda.or.th/cgi-bin/aptgroups.cgi",
10 | "techniques": [
11 | {
12 | "techniqueID": "T1547.001",
13 | "score": 1
14 | },
15 | {
16 | "techniqueID": "T1205.001",
17 | "score": 1
18 | },
19 | {
20 | "techniqueID": "T1543.003",
21 | "score": 1
22 | },
23 | {
24 | "techniqueID": "T1078.003",
25 | "score": 1
26 | },
27 | {
28 | "techniqueID": "T1204.002",
29 | "score": 1
30 | },
31 | {
32 | "techniqueID": "T1587.002",
33 | "score": 1
34 | },
35 | {
36 | "techniqueID": "T1036.004",
37 | "score": 1
38 | },
39 | {
40 | "techniqueID": "T1587.003",
41 | "score": 1
42 | },
43 | {
44 | "techniqueID": "T1189",
45 | "score": 1
46 | },
47 | {
48 | "techniqueID": "T1036.005",
49 | "score": 1
50 | },
51 | {
52 | "techniqueID": "T1553.002",
53 | "score": 1
54 | }
55 | ],
56 | "layout": {
57 | "layout": "side",
58 | "aggregateFunction": "max",
59 | "showID": false,
60 | "showName": true,
61 | "showAggregateScores": true,
62 | "countUnscored": false
63 | },
64 | "gradient": {
65 | "colors": [
66 | "#ffffff",
67 | "#ff6666"
68 | ],
69 | "minValue": 0,
70 | "maxValue": 1
71 | }
72 | }
--------------------------------------------------------------------------------
/docs/ttpCategories.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/ttpCategories.png
--------------------------------------------------------------------------------
/docs/ttpCategories_wide.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tropChaud/Categorized-Adversary-TTPs/e063ebfd4e49d7a32a8f38c6f28f4f824adfee83/docs/ttpCategories_wide.png
--------------------------------------------------------------------------------