misp-galaxy icon indicating copy to clipboard operation
misp-galaxy copied to clipboard
verified publisher icon MISP

Mitre ATT&CK Upgrade

Open rshar135 opened this issue 5 years ago • 4 comments

Is there is any way to update the Mitre ATT&CK to version 7, as the attack pattern (att&ck matrics) inside the Galaxy is showing the old one.

rshar135 avatar Jul 15 '20 12:07 rshar135

It could be also nice to add the version of the MITRE in the link in the refs field.

nyx0 avatar Jun 17 '21 02:06 nyx0

The ATT&CK version was updated some time ago. It should be up to date to the latest MITRE version. (v9)

@nyx0 : I'm not sure to understand. You would want us to add a refs to each entry in the att&ck clusters?

cvandeplas avatar Jun 23 '21 18:06 cvandeplas

@cvandeplas if I'm not mistaken right now there is no way to determine the version of MITRE used. It could be handy to have this information either way by adding a field or maybe adding such link https://attack.mitre.org/versions/v9/techniques/T1429/ to the refs.

nyx0 avatar Jun 25 '21 04:06 nyx0

Bumping this as it still requires an update (or an update again). I would like to add T1218.014 (System Binary Proxy Execution: MMC) to an event but it's not available in MISP. Probably due to an old version of the framework being used as my MISP instance is up-to-date (v2.4.159). This sub-technique was added in September 2021.

https://attack.mitre.org/techniques/T1218/014/

StefC93 avatar Jul 12 '22 13:07 StefC93

As mentioned in #773 there is a script to generate the MITRE ATT&CK clusters based on MITRE's github repository. I have moved the gen_mitre.py script to the tools folder. Feel free to raise a pull-requests or issue whenever there is an update that I did not notice.

cvandeplas avatar Sep 27 '22 07:09 cvandeplas