diff --git a/.github/workflows/update_db.yaml b/.github/workflows/update_db.yaml index bfcb94a..104c427 100644 --- a/.github/workflows/update_db.yaml +++ b/.github/workflows/update_db.yaml @@ -69,3 +69,72 @@ jobs: git push env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + update_techniques_db: + runs-on: ubuntu-latest + needs: update_cwe_db + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + needs: update_cwe_db + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Pull latest changes + run: git pull + + - name: Update TECHNIQUES DB + run: python update_cwe_db.py + + - name: Commit and push changes + run: | + git config --global user.name "github-actions" + git config --global user.email "github-actions@users.noreply.github.com" + git diff --quiet && git diff --staged --quiet || git add resources/cwe_db.json + git diff --staged --quiet || git commit -m "Update CWE DB" + git push + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + update_techniques_db: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + needs: update_cwe_db + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Pull latest changes + run: git pull + + - name: Update TECHNIQUES DB + run: python update_cwe_db.py + + - name: Commit and push changes + run: | + git config --global user.name "github-actions" + git config --global user.email "github-actions@users.noreply.github.com" + git diff --quiet && git diff --staged --quiet || git add resources/cwe_db.json + git diff --staged --quiet || git commit -m "Update CWE DB" + git push + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index ee77111..65ca0ce 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ pip install -r requirements.txt ```sh python update_capec.py python update_cwe.py +python update_technique.py ``` ### Get new CVEs diff --git a/requirements.txt b/requirements.txt index aa1a7b1..d2e50ef 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,14 @@ certifi==2024.8.30 charset-normalizer==3.4.0 +et-xmlfile==1.1.0 idna==3.10 +numpy==2.1.2 +openpyxl==3.1.5 +pandas==2.2.3 +python-dateutil==2.9.0.post0 +pytz==2024.2 requests==2.32.3 +six==1.16.0 tqdm==4.66.5 +tzdata==2024.2 urllib3==2.2.3 \ No newline at end of file diff --git a/resources/techniques_db.json b/resources/techniques_db.json new file mode 100644 index 0000000..9501a60 --- /dev/null +++ b/resources/techniques_db.json @@ -0,0 +1,2106 @@ +{ + "T1548": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1548.002": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1548.004": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1548.001": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1548.003": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1548.006": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1548.005": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1134": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1134.002": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1134.003": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1134.004": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1134.005": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1134.001": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1531": [ + "Impact" + ], + "T1087": [ + "Discovery" + ], + "T1087.004": [ + "Discovery" + ], + "T1087.002": [ + "Discovery" + ], + "T1087.003": [ + "Discovery" + ], + "T1087.001": [ + "Discovery" + ], + "T1098": [ + "Persistence", + "Privilege Escalation" + ], + "T1098.001": [ + "Persistence", + "Privilege Escalation" + ], + "T1098.003": [ + "Persistence", + "Privilege Escalation" + ], + "T1098.006": [ + "Persistence", + "Privilege Escalation" + ], + "T1098.002": [ + "Persistence", + "Privilege Escalation" + ], + "T1098.005": [ + "Persistence", + "Privilege Escalation" + ], + "T1098.004": [ + "Persistence", + "Privilege Escalation" + ], + "T1650": [ + "Resource Development" + ], + "T1583": [ + "Resource Development" + ], + "T1583.005": [ + "Resource Development" + ], + "T1583.002": [ + "Resource Development" + ], + "T1583.001": [ + "Resource Development" + ], + "T1583.008": [ + "Resource Development" + ], + "T1583.004": [ + "Resource Development" + ], + "T1583.007": [ + "Resource Development" + ], + "T1583.003": [ + "Resource Development" + ], + "T1583.006": [ + "Resource Development" + ], + "T1595": [ + "Reconnaissance" + ], + "T1595.001": [ + "Reconnaissance" + ], + "T1595.002": [ + "Reconnaissance" + ], + "T1595.003": [ + "Reconnaissance" + ], + "T1557": [ + "Collection", + "Credential Access" + ], + "T1557.002": [ + "Collection", + "Credential Access" + ], + "T1557.003": [ + "Collection", + "Credential Access" + ], + "T1557.001": [ + "Collection", + "Credential Access" + ], + "T1071": [ + "Command and Control" + ], + "T1071.004": [ + "Command and Control" + ], + "T1071.002": [ + "Command and Control" + ], + "T1071.003": [ + "Command and Control" + ], + "T1071.001": [ + "Command and Control" + ], + "T1010": [ + "Discovery" + ], + "T1560": [ + "Collection" + ], + "T1560.003": [ + "Collection" + ], + "T1560.002": [ + "Collection" + ], + "T1560.001": [ + "Collection" + ], + "T1123": [ + "Collection" + ], + "T1119": [ + "Collection" + ], + "T1020": [ + "Exfiltration" + ], + "T1020.001": [ + "Exfiltration" + ], + "T1197": [ + "Defense Evasion", + "Persistence" + ], + "T1547": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.014": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.002": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.006": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.008": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.015": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.010": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.012": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.007": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.001": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.005": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.009": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.003": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.004": [ + "Persistence", + "Privilege Escalation" + ], + "T1547.013": [ + "Persistence", + "Privilege Escalation" + ], + "T1037": [ + "Persistence", + "Privilege Escalation" + ], + "T1037.002": [ + "Persistence", + "Privilege Escalation" + ], + "T1037.001": [ + "Persistence", + "Privilege Escalation" + ], + "T1037.003": [ + "Persistence", + "Privilege Escalation" + ], + "T1037.004": [ + "Persistence", + "Privilege Escalation" + ], + "T1037.005": [ + "Persistence", + "Privilege Escalation" + ], + "T1176": [ + "Persistence" + ], + "T1217": [ + "Discovery" + ], + "T1185": [ + "Collection" + ], + "T1110": [ + "Credential Access" + ], + "T1110.004": [ + "Credential Access" + ], + "T1110.002": [ + "Credential Access" + ], + "T1110.001": [ + "Credential Access" + ], + "T1110.003": [ + "Credential Access" + ], + "T1612": [ + "Defense Evasion" + ], + "T1115": [ + "Collection" + ], + "T1651": [ + "Execution" + ], + "T1580": [ + "Discovery" + ], + "T1538": [ + "Discovery" + ], + "T1526": [ + "Discovery" + ], + "T1619": [ + "Discovery" + ], + "T1059": [ + "Execution" + ], + "T1059.002": [ + "Execution" + ], + "T1059.010": [ + "Execution" + ], + "T1059.009": [ + "Execution" + ], + "T1059.007": [ + "Execution" + ], + "T1059.008": [ + "Execution" + ], + "T1059.001": [ + "Execution" + ], + "T1059.006": [ + "Execution" + ], + "T1059.004": [ + "Execution" + ], + "T1059.005": [ + "Execution" + ], + "T1059.003": [ + "Execution" + ], + "T1092": [ + "Command and Control" + ], + "T1586": [ + "Resource Development" + ], + "T1586.003": [ + "Resource Development" + ], + "T1586.002": [ + "Resource Development" + ], + "T1586.001": [ + "Resource Development" + ], + "T1554": [ + "Persistence" + ], + "T1584": [ + "Resource Development" + ], + "T1584.005": [ + "Resource Development" + ], + "T1584.002": [ + "Resource Development" + ], + "T1584.001": [ + "Resource Development" + ], + "T1584.008": [ + "Resource Development" + ], + "T1584.004": [ + "Resource Development" + ], + "T1584.007": [ + "Resource Development" + ], + "T1584.003": [ + "Resource Development" + ], + "T1584.006": [ + "Resource Development" + ], + "T1609": [ + "Execution" + ], + "T1613": [ + "Discovery" + ], + "T1659": [ + "Command and Control", + "Initial Access" + ], + "T1136": [ + "Persistence" + ], + "T1136.003": [ + "Persistence" + ], + "T1136.002": [ + "Persistence" + ], + "T1136.001": [ + "Persistence" + ], + "T1543": [ + "Persistence", + "Privilege Escalation" + ], + "T1543.005": [ + "Persistence", + "Privilege Escalation" + ], + "T1543.001": [ + "Persistence", + "Privilege Escalation" + ], + "T1543.004": [ + "Persistence", + "Privilege Escalation" + ], + "T1543.002": [ + "Persistence", + "Privilege Escalation" + ], + "T1543.003": [ + "Persistence", + "Privilege Escalation" + ], + "T1555": [ + "Credential Access" + ], + "T1555.006": [ + "Credential Access" + ], + "T1555.003": [ + "Credential Access" + ], + "T1555.001": [ + "Credential Access" + ], + "T1555.005": [ + "Credential Access" + ], + "T1555.002": [ + "Credential Access" + ], + "T1555.004": [ + "Credential Access" + ], + "T1485": [ + "Impact" + ], + "T1132": [ + "Command and Control" + ], + "T1132.002": [ + "Command and Control" + ], + "T1132.001": [ + "Command and Control" + ], + "T1486": [ + "Impact" + ], + "T1565": [ + "Impact" + ], + "T1565.003": [ + "Impact" + ], + "T1565.001": [ + "Impact" + ], + "T1565.002": [ + "Impact" + ], + "T1001": [ + "Command and Control" + ], + "T1001.001": [ + "Command and Control" + ], + "T1001.003": [ + "Command and Control" + ], + "T1001.002": [ + "Command and Control" + ], + "T1074": [ + "Collection" + ], + "T1074.001": [ + "Collection" + ], + "T1074.002": [ + "Collection" + ], + "T1030": [ + "Exfiltration" + ], + "T1530": [ + "Collection" + ], + "T1602": [ + "Collection" + ], + "T1602.002": [ + "Collection" + ], + "T1602.001": [ + "Collection" + ], + "T1213": [ + "Collection" + ], + "T1213.003": [ + "Collection" + ], + "T1213.001": [ + "Collection" + ], + "T1213.002": [ + "Collection" + ], + "T1005": [ + "Collection" + ], + "T1039": [ + "Collection" + ], + "T1025": [ + "Collection" + ], + "T1622": [ + "Defense Evasion", + "Discovery" + ], + "T1491": [ + "Impact" + ], + "T1491.002": [ + "Impact" + ], + "T1491.001": [ + "Impact" + ], + "T1140": [ + "Defense Evasion" + ], + "T1610": [ + "Defense Evasion", + "Execution" + ], + "T1587": [ + "Resource Development" + ], + "T1587.002": [ + "Resource Development" + ], + "T1587.003": [ + "Resource Development" + ], + "T1587.004": [ + "Resource Development" + ], + "T1587.001": [ + "Resource Development" + ], + "T1652": [ + "Discovery" + ], + "T1006": [ + "Defense Evasion" + ], + "T1561": [ + "Impact" + ], + "T1561.001": [ + "Impact" + ], + "T1561.002": [ + "Impact" + ], + "T1482": [ + "Discovery" + ], + "T1484": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1484.001": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1484.002": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1189": [ + "Initial Access" + ], + "T1568": [ + "Command and Control" + ], + "T1568.003": [ + "Command and Control" + ], + "T1568.002": [ + "Command and Control" + ], + "T1568.001": [ + "Command and Control" + ], + "T1114": [ + "Collection" + ], + "T1114.003": [ + "Collection" + ], + "T1114.001": [ + "Collection" + ], + "T1114.002": [ + "Collection" + ], + "T1573": [ + "Command and Control" + ], + "T1573.002": [ + "Command and Control" + ], + "T1573.001": [ + "Command and Control" + ], + "T1499": [ + "Impact" + ], + "T1499.003": [ + "Impact" + ], + "T1499.004": [ + "Impact" + ], + "T1499.001": [ + "Impact" + ], + "T1499.002": [ + "Impact" + ], + "T1611": [ + "Privilege Escalation" + ], + "T1585": [ + "Resource Development" + ], + "T1585.003": [ + "Resource Development" + ], + "T1585.002": [ + "Resource Development" + ], + "T1585.001": [ + "Resource Development" + ], + "T1546": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.008": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.009": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.010": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.011": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.001": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.015": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.014": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.012": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.016": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.006": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.007": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.013": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.002": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.005": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.004": [ + "Persistence", + "Privilege Escalation" + ], + "T1546.003": [ + "Persistence", + "Privilege Escalation" + ], + "T1480": [ + "Defense Evasion" + ], + "T1480.001": [ + "Defense Evasion" + ], + "T1048": [ + "Exfiltration" + ], + "T1048.002": [ + "Exfiltration" + ], + "T1048.001": [ + "Exfiltration" + ], + "T1048.003": [ + "Exfiltration" + ], + "T1041": [ + "Exfiltration" + ], + "T1011": [ + "Exfiltration" + ], + "T1011.001": [ + "Exfiltration" + ], + "T1052": [ + "Exfiltration" + ], + "T1052.001": [ + "Exfiltration" + ], + "T1567": [ + "Exfiltration" + ], + "T1567.004": [ + "Exfiltration" + ], + "T1567.002": [ + "Exfiltration" + ], + "T1567.001": [ + "Exfiltration" + ], + "T1567.003": [ + "Exfiltration" + ], + "T1190": [ + "Initial Access" + ], + "T1203": [ + "Execution" + ], + "T1212": [ + "Credential Access" + ], + "T1211": [ + "Defense Evasion" + ], + "T1068": [ + "Privilege Escalation" + ], + "T1210": [ + "Lateral Movement" + ], + "T1133": [ + "Initial Access", + "Persistence" + ], + "T1008": [ + "Command and Control" + ], + "T1083": [ + "Discovery" + ], + "T1222": [ + "Defense Evasion" + ], + "T1222.002": [ + "Defense Evasion" + ], + "T1222.001": [ + "Defense Evasion" + ], + "T1657": [ + "Impact" + ], + "T1495": [ + "Impact" + ], + "T1187": [ + "Credential Access" + ], + "T1606": [ + "Credential Access" + ], + "T1606.002": [ + "Credential Access" + ], + "T1606.001": [ + "Credential Access" + ], + "T1592": [ + "Reconnaissance" + ], + "T1592.004": [ + "Reconnaissance" + ], + "T1592.003": [ + "Reconnaissance" + ], + "T1592.001": [ + "Reconnaissance" + ], + "T1592.002": [ + "Reconnaissance" + ], + "T1589": [ + "Reconnaissance" + ], + "T1589.001": [ + "Reconnaissance" + ], + "T1589.002": [ + "Reconnaissance" + ], + "T1589.003": [ + "Reconnaissance" + ], + "T1590": [ + "Reconnaissance" + ], + "T1590.002": [ + "Reconnaissance" + ], + "T1590.001": [ + "Reconnaissance" + ], + "T1590.005": [ + "Reconnaissance" + ], + "T1590.006": [ + "Reconnaissance" + ], + "T1590.004": [ + "Reconnaissance" + ], + "T1590.003": [ + "Reconnaissance" + ], + "T1591": [ + "Reconnaissance" + ], + "T1591.002": [ + "Reconnaissance" + ], + "T1591.001": [ + "Reconnaissance" + ], + "T1591.003": [ + "Reconnaissance" + ], + "T1591.004": [ + "Reconnaissance" + ], + "T1615": [ + "Discovery" + ], + "T1200": [ + "Initial Access" + ], + "T1564": [ + "Defense Evasion" + ], + "T1564.008": [ + "Defense Evasion" + ], + "T1564.012": [ + "Defense Evasion" + ], + "T1564.005": [ + "Defense Evasion" + ], + "T1564.001": [ + "Defense Evasion" + ], + "T1564.002": [ + "Defense Evasion" + ], + "T1564.003": [ + "Defense Evasion" + ], + "T1564.011": [ + "Defense Evasion" + ], + "T1564.004": [ + "Defense Evasion" + ], + "T1564.010": [ + "Defense Evasion" + ], + "T1564.009": [ + "Defense Evasion" + ], + "T1564.006": [ + "Defense Evasion" + ], + "T1564.007": [ + "Defense Evasion" + ], + "T1665": [ + "Command and Control" + ], + "T1574": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.014": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.012": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.001": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.002": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.004": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.006": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.005": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.013": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.007": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.008": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.009": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.010": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1574.011": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ], + "T1562": [ + "Defense Evasion" + ], + "T1562.002": [ + "Defense Evasion" + ], + "T1562.007": [ + "Defense Evasion" + ], + "T1562.008": [ + "Defense Evasion" + ], + "T1562.012": [ + "Defense Evasion" + ], + "T1562.004": [ + "Defense Evasion" + ], + "T1562.001": [ + "Defense Evasion" + ], + "T1562.010": [ + "Defense Evasion" + ], + "T1562.003": [ + "Defense Evasion" + ], + "T1562.006": [ + "Defense Evasion" + ], + "T1562.009": [ + "Defense Evasion" + ], + "T1562.011": [ + "Defense Evasion" + ], + "T1656": [ + "Defense Evasion" + ], + "T1525": [ + "Persistence" + ], + "T1070": [ + "Defense Evasion" + ], + "T1070.003": [ + "Defense Evasion" + ], + "T1070.002": [ + "Defense Evasion" + ], + "T1070.008": [ + "Defense Evasion" + ], + "T1070.007": [ + "Defense Evasion" + ], + "T1070.009": [ + "Defense Evasion" + ], + "T1070.001": [ + "Defense Evasion" + ], + "T1070.004": [ + "Defense Evasion" + ], + "T1070.005": [ + "Defense Evasion" + ], + "T1070.006": [ + "Defense Evasion" + ], + "T1202": [ + "Defense Evasion" + ], + "T1105": [ + "Command and Control" + ], + "T1490": [ + "Impact" + ], + "T1056": [ + "Collection", + "Credential Access" + ], + "T1056.004": [ + "Collection", + "Credential Access" + ], + "T1056.002": [ + "Collection", + "Credential Access" + ], + "T1056.001": [ + "Collection", + "Credential Access" + ], + "T1056.003": [ + "Collection", + "Credential Access" + ], + "T1559": [ + "Execution" + ], + "T1559.001": [ + "Execution" + ], + "T1559.002": [ + "Execution" + ], + "T1559.003": [ + "Execution" + ], + "T1534": [ + "Lateral Movement" + ], + "T1570": [ + "Lateral Movement" + ], + "T1654": [ + "Discovery" + ], + "T1036": [ + "Defense Evasion" + ], + "T1036.009": [ + "Defense Evasion" + ], + "T1036.007": [ + "Defense Evasion" + ], + "T1036.001": [ + "Defense Evasion" + ], + "T1036.008": [ + "Defense Evasion" + ], + "T1036.004": [ + "Defense Evasion" + ], + "T1036.005": [ + "Defense Evasion" + ], + "T1036.003": [ + "Defense Evasion" + ], + "T1036.002": [ + "Defense Evasion" + ], + "T1036.006": [ + "Defense Evasion" + ], + "T1556": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.009": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.001": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.007": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.006": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.004": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.008": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.002": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.003": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1556.005": [ + "Credential Access", + "Defense Evasion", + "Persistence" + ], + "T1578": [ + "Defense Evasion" + ], + "T1578.002": [ + "Defense Evasion" + ], + "T1578.001": [ + "Defense Evasion" + ], + "T1578.003": [ + "Defense Evasion" + ], + "T1578.005": [ + "Defense Evasion" + ], + "T1578.004": [ + "Defense Evasion" + ], + "T1112": [ + "Defense Evasion" + ], + "T1601": [ + "Defense Evasion" + ], + "T1601.002": [ + "Defense Evasion" + ], + "T1601.001": [ + "Defense Evasion" + ], + "T1111": [ + "Credential Access" + ], + "T1621": [ + "Credential Access" + ], + "T1104": [ + "Command and Control" + ], + "T1106": [ + "Execution" + ], + "T1599": [ + "Defense Evasion" + ], + "T1599.001": [ + "Defense Evasion" + ], + "T1498": [ + "Impact" + ], + "T1498.001": [ + "Impact" + ], + "T1498.002": [ + "Impact" + ], + "T1046": [ + "Discovery" + ], + "T1135": [ + "Discovery" + ], + "T1040": [ + "Credential Access", + "Discovery" + ], + "T1095": [ + "Command and Control" + ], + "T1571": [ + "Command and Control" + ], + "T1003": [ + "Credential Access" + ], + "T1003.008": [ + "Credential Access" + ], + "T1003.005": [ + "Credential Access" + ], + "T1003.006": [ + "Credential Access" + ], + "T1003.004": [ + "Credential Access" + ], + "T1003.001": [ + "Credential Access" + ], + "T1003.003": [ + "Credential Access" + ], + "T1003.007": [ + "Credential Access" + ], + "T1003.002": [ + "Credential Access" + ], + "T1027": [ + "Defense Evasion" + ], + "T1027.001": [ + "Defense Evasion" + ], + "T1027.010": [ + "Defense Evasion" + ], + "T1027.004": [ + "Defense Evasion" + ], + "T1027.007": [ + "Defense Evasion" + ], + "T1027.009": [ + "Defense Evasion" + ], + "T1027.013": [ + "Defense Evasion" + ], + "T1027.011": [ + "Defense Evasion" + ], + "T1027.006": [ + "Defense Evasion" + ], + "T1027.005": [ + "Defense Evasion" + ], + "T1027.012": [ + "Defense Evasion" + ], + "T1027.002": [ + "Defense Evasion" + ], + "T1027.003": [ + "Defense Evasion" + ], + "T1027.008": [ + "Defense Evasion" + ], + "T1588": [ + "Resource Development" + ], + "T1588.007": [ + "Resource Development" + ], + "T1588.003": [ + "Resource Development" + ], + "T1588.004": [ + "Resource Development" + ], + "T1588.005": [ + "Resource Development" + ], + "T1588.001": [ + "Resource Development" + ], + "T1588.002": [ + "Resource Development" + ], + "T1588.006": [ + "Resource Development" + ], + "T1137": [ + "Persistence" + ], + "T1137.006": [ + "Persistence" + ], + "T1137.001": [ + "Persistence" + ], + "T1137.002": [ + "Persistence" + ], + "T1137.003": [ + "Persistence" + ], + "T1137.004": [ + "Persistence" + ], + "T1137.005": [ + "Persistence" + ], + "T1201": [ + "Discovery" + ], + "T1120": [ + "Discovery" + ], + "T1069": [ + "Discovery" + ], + "T1069.003": [ + "Discovery" + ], + "T1069.002": [ + "Discovery" + ], + "T1069.001": [ + "Discovery" + ], + "T1566": [ + "Initial Access" + ], + "T1598": [ + "Reconnaissance" + ], + "T1598.002": [ + "Reconnaissance" + ], + "T1598.003": [ + "Reconnaissance" + ], + "T1598.001": [ + "Reconnaissance" + ], + "T1598.004": [ + "Reconnaissance" + ], + "T1566.001": [ + "Initial Access" + ], + "T1566.002": [ + "Initial Access" + ], + "T1566.004": [ + "Initial Access" + ], + "T1566.003": [ + "Initial Access" + ], + "T1647": [ + "Defense Evasion" + ], + "T1653": [ + "Persistence" + ], + "T1542": [ + "Defense Evasion", + "Persistence" + ], + "T1542.003": [ + "Defense Evasion", + "Persistence" + ], + "T1542.002": [ + "Defense Evasion", + "Persistence" + ], + "T1542.004": [ + "Defense Evasion", + "Persistence" + ], + "T1542.001": [ + "Defense Evasion", + "Persistence" + ], + "T1542.005": [ + "Defense Evasion", + "Persistence" + ], + "T1057": [ + "Discovery" + ], + "T1055": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.004": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.001": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.011": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.015": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.002": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.009": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.013": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.012": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.008": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.003": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.005": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1055.014": [ + "Defense Evasion", + "Privilege Escalation" + ], + "T1572": [ + "Command and Control" + ], + "T1090": [ + "Command and Control" + ], + "T1090.004": [ + "Command and Control" + ], + "T1090.002": [ + "Command and Control" + ], + "T1090.001": [ + "Command and Control" + ], + "T1090.003": [ + "Command and Control" + ], + "T1012": [ + "Discovery" + ], + "T1620": [ + "Defense Evasion" + ], + "T1219": [ + "Command and Control" + ], + "T1563": [ + "Lateral Movement" + ], + "T1563.002": [ + "Lateral Movement" + ], + "T1563.001": [ + "Lateral Movement" + ], + "T1021": [ + "Lateral Movement" + ], + "T1021.007": [ + "Lateral Movement" + ], + "T1021.008": [ + "Lateral Movement" + ], + "T1021.003": [ + "Lateral Movement" + ], + "T1021.001": [ + "Lateral Movement" + ], + "T1021.002": [ + "Lateral Movement" + ], + "T1021.004": [ + "Lateral Movement" + ], + "T1021.005": [ + "Lateral Movement" + ], + "T1021.006": [ + "Lateral Movement" + ], + "T1018": [ + "Discovery" + ], + "T1091": [ + "Initial Access", + "Lateral Movement" + ], + "T1496": [ + "Impact" + ], + "T1207": [ + "Defense Evasion" + ], + "T1014": [ + "Defense Evasion" + ], + "T1053": [ + "Execution", + "Persistence", + "Privilege Escalation" + ], + "T1053.002": [ + "Execution", + "Persistence", + "Privilege Escalation" + ], + "T1053.007": [ + "Execution", + "Persistence", + "Privilege Escalation" + ], + "T1053.003": [ + "Execution", + "Persistence", + "Privilege Escalation" + ], + "T1053.005": [ + "Execution", + "Persistence", + "Privilege Escalation" + ], + "T1053.006": [ + "Execution", + "Persistence", + "Privilege Escalation" + ], + "T1029": [ + "Exfiltration" + ], + "T1113": [ + "Collection" + ], + "T1597": [ + "Reconnaissance" + ], + "T1597.002": [ + "Reconnaissance" + ], + "T1597.001": [ + "Reconnaissance" + ], + "T1596": [ + "Reconnaissance" + ], + "T1596.004": [ + "Reconnaissance" + ], + "T1596.001": [ + "Reconnaissance" + ], + "T1596.003": [ + "Reconnaissance" + ], + "T1596.005": [ + "Reconnaissance" + ], + "T1596.002": [ + "Reconnaissance" + ], + "T1593": [ + "Reconnaissance" + ], + "T1593.003": [ + "Reconnaissance" + ], + "T1593.002": [ + "Reconnaissance" + ], + "T1593.001": [ + "Reconnaissance" + ], + "T1594": [ + "Reconnaissance" + ], + "T1505": [ + "Persistence" + ], + "T1505.004": [ + "Persistence" + ], + "T1505.001": [ + "Persistence" + ], + "T1505.005": [ + "Persistence" + ], + "T1505.002": [ + "Persistence" + ], + "T1505.003": [ + "Persistence" + ], + "T1648": [ + "Execution" + ], + "T1489": [ + "Impact" + ], + "T1129": [ + "Execution" + ], + "T1072": [ + "Execution", + "Lateral Movement" + ], + "T1518": [ + "Discovery" + ], + "T1518.001": [ + "Discovery" + ], + "T1608": [ + "Resource Development" + ], + "T1608.004": [ + "Resource Development" + ], + "T1608.003": [ + "Resource Development" + ], + "T1608.005": [ + "Resource Development" + ], + "T1608.006": [ + "Resource Development" + ], + "T1608.001": [ + "Resource Development" + ], + "T1608.002": [ + "Resource Development" + ], + "T1528": [ + "Credential Access" + ], + "T1539": [ + "Credential Access" + ], + "T1649": [ + "Credential Access" + ], + "T1558": [ + "Credential Access" + ], + "T1558.004": [ + "Credential Access" + ], + "T1558.001": [ + "Credential Access" + ], + "T1558.003": [ + "Credential Access" + ], + "T1558.002": [ + "Credential Access" + ], + "T1553": [ + "Defense Evasion" + ], + "T1553.002": [ + "Defense Evasion" + ], + "T1553.006": [ + "Defense Evasion" + ], + "T1553.001": [ + "Defense Evasion" + ], + "T1553.004": [ + "Defense Evasion" + ], + "T1553.005": [ + "Defense Evasion" + ], + "T1553.003": [ + "Defense Evasion" + ], + "T1195": [ + "Initial Access" + ], + "T1195.003": [ + "Initial Access" + ], + "T1195.001": [ + "Initial Access" + ], + "T1195.002": [ + "Initial Access" + ], + "T1218": [ + "Defense Evasion" + ], + "T1218.003": [ + "Defense Evasion" + ], + "T1218.001": [ + "Defense Evasion" + ], + "T1218.002": [ + "Defense Evasion" + ], + "T1218.015": [ + "Defense Evasion" + ], + "T1218.004": [ + "Defense Evasion" + ], + "T1218.014": [ + "Defense Evasion" + ], + "T1218.013": [ + "Defense Evasion" + ], + "T1218.005": [ + "Defense Evasion" + ], + "T1218.007": [ + "Defense Evasion" + ], + "T1218.008": [ + "Defense Evasion" + ], + "T1218.009": [ + "Defense Evasion" + ], + "T1218.010": [ + "Defense Evasion" + ], + "T1218.011": [ + "Defense Evasion" + ], + "T1218.012": [ + "Defense Evasion" + ], + "T1082": [ + "Discovery" + ], + "T1614": [ + "Discovery" + ], + "T1614.001": [ + "Discovery" + ], + "T1016": [ + "Discovery" + ], + "T1016.001": [ + "Discovery" + ], + "T1016.002": [ + "Discovery" + ], + "T1049": [ + "Discovery" + ], + "T1033": [ + "Discovery" + ], + "T1216": [ + "Defense Evasion" + ], + "T1216.001": [ + "Defense Evasion" + ], + "T1216.002": [ + "Defense Evasion" + ], + "T1007": [ + "Discovery" + ], + "T1569": [ + "Execution" + ], + "T1569.001": [ + "Execution" + ], + "T1569.002": [ + "Execution" + ], + "T1529": [ + "Impact" + ], + "T1124": [ + "Discovery" + ], + "T1080": [ + "Lateral Movement" + ], + "T1221": [ + "Defense Evasion" + ], + "T1205": [ + "Command and Control", + "Defense Evasion", + "Persistence" + ], + "T1205.001": [ + "Command and Control", + "Defense Evasion", + "Persistence" + ], + "T1205.002": [ + "Command and Control", + "Defense Evasion", + "Persistence" + ], + "T1537": [ + "Exfiltration" + ], + "T1127": [ + "Defense Evasion" + ], + "T1127.001": [ + "Defense Evasion" + ], + "T1199": [ + "Initial Access" + ], + "T1552": [ + "Credential Access" + ], + "T1552.003": [ + "Credential Access" + ], + "T1552.008": [ + "Credential Access" + ], + "T1552.005": [ + "Credential Access" + ], + "T1552.007": [ + "Credential Access" + ], + "T1552.001": [ + "Credential Access" + ], + "T1552.002": [ + "Credential Access" + ], + "T1552.006": [ + "Credential Access" + ], + "T1552.004": [ + "Credential Access" + ], + "T1535": [ + "Defense Evasion" + ], + "T1550": [ + "Defense Evasion", + "Lateral Movement" + ], + "T1550.001": [ + "Defense Evasion", + "Lateral Movement" + ], + "T1550.002": [ + "Defense Evasion", + "Lateral Movement" + ], + "T1550.003": [ + "Defense Evasion", + "Lateral Movement" + ], + "T1550.004": [ + "Defense Evasion", + "Lateral Movement" + ], + "T1204": [ + "Execution" + ], + "T1204.002": [ + "Execution" + ], + "T1204.003": [ + "Execution" + ], + "T1204.001": [ + "Execution" + ], + "T1078": [ + "Defense Evasion", + "Initial Access", + "Persistence", + "Privilege Escalation" + ], + "T1078.004": [ + "Defense Evasion", + "Initial Access", + "Persistence", + "Privilege Escalation" + ], + "T1078.001": [ + "Defense Evasion", + "Initial Access", + "Persistence", + "Privilege Escalation" + ], + "T1078.002": [ + "Defense Evasion", + "Initial Access", + "Persistence", + "Privilege Escalation" + ], + "T1078.003": [ + "Defense Evasion", + "Initial Access", + "Persistence", + "Privilege Escalation" + ], + "T1125": [ + "Collection" + ], + "T1497": [ + "Defense Evasion", + "Discovery" + ], + "T1497.001": [ + "Defense Evasion", + "Discovery" + ], + "T1497.003": [ + "Defense Evasion", + "Discovery" + ], + "T1497.002": [ + "Defense Evasion", + "Discovery" + ], + "T1600": [ + "Defense Evasion" + ], + "T1600.002": [ + "Defense Evasion" + ], + "T1600.001": [ + "Defense Evasion" + ], + "T1102": [ + "Command and Control" + ], + "T1102.002": [ + "Command and Control" + ], + "T1102.001": [ + "Command and Control" + ], + "T1102.003": [ + "Command and Control" + ], + "T1047": [ + "Execution" + ], + "T1220": [ + "Defense Evasion" + ] +} \ No newline at end of file diff --git a/update_technique_db.py b/update_technique_db.py new file mode 100644 index 0000000..13b0d13 --- /dev/null +++ b/update_technique_db.py @@ -0,0 +1,33 @@ +import os +import requests +import json +import pandas as panda + +TECHNIQUES_FILE_URL = "https://attack.mitre.org/docs/enterprise-attack-v15.1/enterprise-attack-v15.1-techniques.xlsx" +TECHNIQUES_FILE = "resources/techniques_db.json" + +# Download the techniques data +def download_techniques(): + try: + data = panda.read_excel(TECHNIQUES_FILE_URL) + result = {} + for i in range(0, len(data)): + result[data.iloc[i, 0]] = data.iloc[i, 9].split(", ") + return result + except Exception as e: + print(f"Error downloading the data: {str(e)}") + return None + + +# Save the techniques data to a JSON file +def save_json(data): + with open(TECHNIQUES_FILE, 'w') as f: + json.dump(data, f, indent=4) + + +if __name__ == "__main__": + print("[!] Downloading techniques data...") + techniques_data = download_techniques() + if techniques_data: + print("[!] Saving techniques data...") + save_json(techniques_data) \ No newline at end of file