Skip to content

Instantly share code, notes, and snippets.

@duzvik

duzvik/2022-02-01-certua_case.json

Last active June 2, 2022 17:21
Show Gist options
  • Save duzvik/13da8efb7e6623da0c0aec4652a5f76b to your computer and use it in GitHub Desktop.
Save duzvik/13da8efb7e6623da0c0aec4652a5f76b to your computer and use it in GitHub Desktop.
Download ZIP
certua cases
Raw
2022-02-01-certua_case.json
{
"name": "CERT-UA#3787",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1082",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "System Information Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053.005",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Scheduled Task/Job: Scheduled Task",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "Account Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-02-02-certua_case.json
{
"name": "CERT-UA#3799",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1059.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: PowerShell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.007",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: JavaScript",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1571",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Non-Standard Port",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-02-21-certua_case.json
{
"name": "CERT-UA#3967",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1071.004",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: DNS",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1047",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Windows Management Instrumentation",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003.003",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "OS Credential Dumping: NTDS",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053.005",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Scheduled Task/Job: Scheduled Task",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1090",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Proxy",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1588.004",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "Obtain Capabilities: Digital Certificates",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1588",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1021.001",
"tactic": "lateral-movement",
"score": 1,
"color": "#e60d0d",
"comment": "Remote Services: Remote Desktop Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1021",
"tactic": "lateral-movement",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1082",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "System Information Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087.001",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "Account Discovery: Local Account",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1571",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Non-Standard Port",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-07-certua_case.json
{
"name": "CERT-UA#4109",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1218.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Signed Binary Proxy Execution: Mshta",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087.001",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "Account Discovery: Local Account",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1018",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "Remote System Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel: Symmetric Cryptography",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087.002",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "Account Discovery: Domain Account",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1087",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1113",
"tactic": "collection",
"score": 1,
"color": "#e60d0d",
"comment": "Screen Capture",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.003",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Windows Command Shell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.001",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Signed Binary Proxy Execution: Compiled HTML File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1571",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Non-Standard Port",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1140",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Deobfuscate/Decode Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.009",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Signed Binary Proxy Execution: Regsvcs/Regasm",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-09-certua_case.json
{
"name": "CERT-UA#4125",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1095",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Non-Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562.001",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Impair Defenses: Disable or Modify Tools",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-16-certua_case.json
{
"name": "CERT-UA#4193",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1598.003",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing for Information: Spearphishing Link",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1598",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-17-certua_case.json
{
"name": "CERT-UA#4207",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1036.007",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Double File Extension",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Scheduled Task/Job",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1055",
"tactic": "defense-evasion,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Process Injection",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1112",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Modify Registry",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1102",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Web Service",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-18-certua_case.json
{
"name": "CERT-UA#4213",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1059.007",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: JavaScript",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.011",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Signed Binary Proxy Execution: Rundll32",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1571",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Non-Standard Port",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1047",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Windows Management Instrumentation",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547.001",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-22-1-certua_case.json
{
"name": "CERT-UA#4244",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1571",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Non-Standard Port",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.011",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Signed Binary Proxy Execution: Rundll32",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547.001",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-22-certua_case.json
{
"name": "CERT-UA#4243",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1485",
"tactic": "impact",
"score": 1,
"color": "#e60d0d",
"comment": "Data Destruction",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-23-certua_case.json
{
"name": "CERT-UA#4227",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Match Legitimate Name or Location",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1106",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Native API",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562.001",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Impair Defenses: Disable or Modify Tools",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573.002",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel: Asymmetric Cryptography",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1140",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Deobfuscate/Decode Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Impair Defenses",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036.002",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Right-to-Left Override",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-28-certua_case.json
{
"name": "CERT-UA#4293",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1140",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Deobfuscate/Decode Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-03-30-certua_case.json
{
"name": "CERT-UA#4315",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1203",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Exploitation for Client Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1555.005",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "Credentials from Password Stores: Password Managers",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1555",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1555",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "Credentials from Password Stores",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1129",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Shared Modules",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1552",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "Unsecured Credentials",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Match Legitimate Name or Location",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-04-1-certua_case.json
{
"name": "CERT-UA#4334",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-04-certua_case.json
{
"name": "CERT-UA#4378",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1204.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious Link",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1592",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "Gather Victim Host Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1592.004",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "Gather Victim Host Information: Client Configurations",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1592",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.002",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Link",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-05-certua_case.json
{
"name": "CERT-UA#4360",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.002",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Link",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-07-certua_case.json
{
"name": "CERT-UA#4434",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1140",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Deobfuscate/Decode Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027.006",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Obfuscated Files or Information: HTML Smuggling",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1568",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Dynamic Resolution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1008",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Fallback Channels",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Obfuscated Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution: Mshta",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-12-certua_case.json
{
"name": "CERT-UA#4435",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053.005",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Scheduled Task/Job: Scheduled Task",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1484.001",
"tactic": "defense-evasion,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Domain Policy Modification: Group Policy Modification",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1484",
"tactic": "defense-evasion,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1564",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Hide Artifacts",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "OS Credential Dumping",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.004",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Unix Shell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1484",
"tactic": "defense-evasion,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Domain Policy Modification",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1561",
"tactic": "impact",
"score": 1,
"color": "#e60d0d",
"comment": "Disk Wipe",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1039",
"tactic": "collection",
"score": 1,
"color": "#e60d0d",
"comment": "Data from Network Shared Drive",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Scheduled Task/Job",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1222.002",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1222",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1222",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "File and Directory Permissions Modification",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003.001",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "OS Credential Dumping: LSASS Memory",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053.003",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Scheduled Task/Job: Cron",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1053",
"tactic": "execution,-persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.011",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution: Rundll32",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.003",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Windows Command Shell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003.004",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "OS Credential Dumping: LSA Secrets",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1003",
"tactic": "credential-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1572",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Protocol Tunneling",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1561.001",
"tactic": "impact",
"score": 1,
"color": "#e60d0d",
"comment": "Disk Wipe: Disk Content Wipe",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1561",
"tactic": "impact",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: PowerShell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-14-1-certua_case.json
{
"name": "CERT-UA#4464",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1185",
"tactic": "collection",
"score": 1,
"color": "#e60d0d",
"comment": "Browser Session Hijacking",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1082",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "System Information Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-14-certua_case.json
{
"name": "CERT-UA#4461",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.007",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: JavaScript",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.003",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Mail Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Match Legitimate Name or Location",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-18-certua_case.json
{
"name": "CERT-UA#4490",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-19-certua_case.json
{
"name": "CERT-UA#4492",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.003",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing via Service",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-26-certua_case.json
{
"name": "CERT-UA#4545",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1573.002",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel: Asymmetric Cryptography",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: PowerShell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.003",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Windows Command Shell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1132",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Data Encoding",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Impair Defenses",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1586",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "Compromise Accounts",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1041",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "Exfiltration Over C2 Channel",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1033",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "System Owner/User Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Encrypted Channel: Symmetric Cryptography",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1573",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1082",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "System Information Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1586.002",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "Compromise Accounts: Email Accounts",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1586",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562.001",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Impair Defenses: Disable or Modify Tools",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1562",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1132.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Data Encoding: Standard Encoding",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1132",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Boot or Logon Autostart Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1564",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Hide Artifacts",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Obfuscated Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1016",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "System Network Configuration Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547.001",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1547",
"tactic": "persistence,-privilege-escalation",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Match Legitimate Name or Location",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-28-1-certua_case.json
{
"name": "CERT-UA#4560",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Match Legitimate Name or Location",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: PowerShell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1553",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Subvert Trust Controls",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1553.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Subvert Trust Controls: Mark-of-the-Web Bypass",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1553",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-04-28-certua_case.json
{
"name": "CERT-UA#4553",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1564",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Hide Artifacts",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution: Mshta",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1113",
"tactic": "collection",
"score": 1,
"color": "#e60d0d",
"comment": "Screen Capture",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-05-06-certua_case.json
{
"name": "CERT-UA#4622",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1589.001",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "Gather Victim Identity Information: Credentials",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1589",
"tactic": "reconnaissance",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1048.003",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1048",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1048",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "Exfiltration Over Alternative Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-05-07-certua_case.json
{
"name": "CERT-UA#4625",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Masquerading: Match Legitimate Name or Location",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1036",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1587.001",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "Develop Capabilities: Malware",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1587",
"tactic": "resource-development",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1048.002",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1048",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-05-12-certua_case.json
{
"name": "CERT-UA#4634,4648",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1070",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Indicator Removal on Host",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1008",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Fallback Channels",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1119",
"tactic": "collection",
"score": 1,
"color": "#e60d0d",
"comment": "Automated Collection",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1140",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Deobfuscate/Decode Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1008",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Fallback Channels",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1120",
"tactic": "discovery",
"score": 1,
"color": "#e60d0d",
"comment": "Peripheral Device Discovery",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027.006",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Obfuscated Files or Information: HTML Smuggling",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1070.004",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Indicator Removal on Host: File Deletion",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1070",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1020",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "Automated Exfiltration",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.005",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Visual Basic",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1102",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Web Service",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: PowerShell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.003",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: Windows Command Shell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.001",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing Attachment",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1027",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "Obfuscated Files or Information",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1113",
"tactic": "collection",
"score": 1,
"color": "#e60d0d",
"comment": "Screen Capture",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1041",
"tactic": "exfiltration",
"score": 1,
"color": "#e60d0d",
"comment": "Exfiltration Over C2 Channel",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218.005",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "System Binary Proxy Execution: Mshta",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1568.002",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Dynamic Resolution: Domain Generation Algorithms",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1568",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-05-14-certua_case.json
{
"name": "CERT-UA#4657",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.003",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing via Service",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
2022-06-02-certua_case_4753.json
{
"name": "CERT-UA#4753",
"versions": {
"attack": "10",
"navigator": "4.5.5",
"layer": "4.3"
},
"domain": "mitre-enterprise",
"description": "",
"filters": {
"stages": [
"act"
],
"platforms": [
"Windows",
"Linux",
"macOS"
]
},
"sorting": 0,
"viewMode": 0,
"hideDisabled": false,
"techniques": [
{
"techniqueID": "T1204.002",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "User Execution: Malicious File",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1204",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059.001",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "Command and Scripting Interpreter: PowerShell",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1059",
"tactic": "execution",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071.001",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Application Layer Protocol: Web Protocols",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1071",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566.003",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "Phishing: Spearphishing via Service",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1566",
"tactic": "initial-access",
"score": 1,
"color": "#e60d0d",
"comment": "",
"enabled": true,
"metadata": []
},
{
"techniqueID": "T1105",
"tactic": "command-and-control",
"score": 1,
"color": "#e60d0d",
"comment": "Ingress Tool Transfer",
"enabled": true,
"metadata": []
}
],
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true
}
Raw
README.txt
CertUA Cases
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment