Updates - October 2021

From attackics
Jump to navigation Jump to search

Data Sources

  • Data sources across all ICS techniques have been redesigned to align with the rest of ATT&CK following the format [Data]: {Data Source Name}, in example; Network Traffic: Network Traffic Content.
  • For ICS, we leverage the same enterprise data source YAML files along with two additional YAML files which include OT specific considerations
    • Asset:
      • Asset Inventory
      • Software/Firmware
      • Device Configurations/Parameters
    • Operational Databases:
      • Process History/Live Data
      • Process/Event Alarm
      • Device Alarm


New Techniques:

Technique Changes:

Minor Technique Changes:

Technique Revocations: No changes

Technique Deprecations:

  • Engineering Workstation Compromise
  • Data Historian Compromise


New Software: No changes

Software Changes:

Minor Software Changes:

  • Updated Stuxnet References

Software Revocations: No changes

Software Deprecations: No changes


New Groups: No changes

Group Changes:

Minor Group Changes: No changes

Group Revocations: No changes

Group Deprecations: No changes


New Tactic: No changes

Tactic Changes: No changes

Minor Tactic Changes:

Tactic Revocations: No changes

Tactic Deprecations: No changes