txt2stix 1.1.7__py3-none-any.whl → 1.1.9__py3-none-any.whl

txt2stix/includes/lookups/{mitre_attack_ics_aliases_v16_0.txt → mitre_attack_ics_aliases_v18_0.txt}

@@ -1,3 +1,4 @@
+FrostyGoop Incident
 Triton Safety Instrumented System Attack
 2015 Ukraine Electric Power Attack
 Maroochy Water Breach
@@ -55,6 +56,9 @@ Evasive Serpens
 Hazel Sandstorm
 EUROPIUM
 ITG13
+Earth Simnavaz
+Crambus
+TA452
 TEMP.Veles
 XENOTIME
 CyberAv3ngers
@@ -123,6 +127,8 @@ ACAD/Medre.A
 REvil
 Sodin
 Sodinokibi
+FrostyGoop
+BUSTLEBERM
 INCONTROLLER
 PIPEDREAM
 KillDisk
@@ -136,6 +142,4 @@ CRASHOVERRIDE
 Win32/Industroyer
 Flame
 Flamer
-sKyWIper
-Leafminer
-Raspite
+sKyWIper

txt2stix/includes/lookups/mitre_attack_ics_id_v18_0.txt

@@ -0,0 +1,410 @@
+A0001
+A0002
+A0003
+A0004
+A0005
+A0006
+A0007
+A0008
+A0009
+A0010
+A0011
+A0012
+A0013
+A0014
+A0015
+A0016
+A0017
+A0018
+AN1855
+AN1856
+AN1857
+AN1858
+AN1859
+AN1860
+AN1861
+AN1862
+AN1863
+AN1864
+AN1865
+AN1866
+AN1867
+AN1868
+AN1869
+AN1870
+AN1871
+AN1872
+AN1873
+AN1874
+AN1875
+AN1876
+AN1877
+AN1878
+AN1879
+AN1880
+AN1881
+AN1882
+AN1883
+AN1884
+AN1885
+AN1886
+AN1887
+AN1888
+AN1889
+AN1890
+AN1891
+AN1892
+AN1893
+AN1894
+AN1895
+AN1896
+AN1897
+AN1898
+AN1899
+AN1900
+AN1901
+AN1902
+AN1903
+AN1904
+AN1905
+AN1906
+AN1907
+AN1908
+AN1909
+AN1910
+AN1911
+AN1912
+AN1913
+AN1914
+AN1915
+AN1916
+AN1917
+AN1918
+AN1919
+AN1920
+AN1921
+AN1922
+AN1923
+AN1924
+AN1925
+AN1926
+AN1927
+AN1928
+AN1929
+AN1930
+AN1931
+AN1932
+AN1933
+AN1934
+AN1935
+AN1936
+C0020
+C0025
+C0028
+C0030
+C0031
+C0034
+C0041
+DC0001
+DC0002
+DC0004
+DC0005
+DC0012
+DC0016
+DC0021
+DC0029
+DC0032
+DC0033
+DC0034
+DC0038
+DC0039
+DC0040
+DC0041
+DC0042
+DC0045
+DC0046
+DC0055
+DC0059
+DC0060
+DC0061
+DC0063
+DC0064
+DC0065
+DC0067
+DC0078
+DC0082
+DC0085
+DC0088
+DC0102
+DC0107
+DC0108
+DC0109
+DC0110
+DC0111
+DET0722
+DET0723
+DET0724
+DET0725
+DET0726
+DET0727
+DET0728
+DET0729
+DET0730
+DET0731
+DET0732
+DET0733
+DET0734
+DET0735
+DET0736
+DET0737
+DET0738
+DET0739
+DET0740
+DET0741
+DET0742
+DET0743
+DET0744
+DET0745
+DET0746
+DET0747
+DET0748
+DET0749
+DET0750
+DET0751
+DET0752
+DET0753
+DET0754
+DET0755
+DET0756
+DET0757
+DET0758
+DET0759
+DET0760
+DET0761
+DET0762
+DET0763
+DET0764
+DET0765
+DET0766
+DET0767
+DET0768
+DET0769
+DET0770
+DET0771
+DET0772
+DET0773
+DET0774
+DET0775
+DET0776
+DET0777
+DET0778
+DET0779
+DET0780
+DET0781
+DET0782
+DET0783
+DET0784
+DET0785
+DET0786
+DET0787
+DET0788
+DET0789
+DET0790
+DET0791
+DET0792
+DET0793
+DET0794
+DET0795
+DET0796
+DET0797
+DET0798
+DET0799
+DET0800
+DET0801
+DET0802
+DET0803
+DET0804
+G0032
+G0034
+G0035
+G0037
+G0046
+G0049
+G0064
+G0082
+G0088
+G0102
+G0115
+G1000
+G1001
+G1027
+M0800
+M0801
+M0802
+M0803
+M0804
+M0805
+M0806
+M0807
+M0808
+M0809
+M0810
+M0811
+M0812
+M0813
+M0814
+M0815
+M0816
+M0817
+M0818
+M0913
+M0915
+M0916
+M0917
+M0918
+M0919
+M0920
+M0921
+M0922
+M0924
+M0926
+M0927
+M0928
+M0930
+M0931
+M0932
+M0934
+M0935
+M0936
+M0937
+M0938
+M0941
+M0942
+M0944
+M0945
+M0946
+M0947
+M0948
+M0949
+M0950
+M0951
+M0953
+M0954
+S0038
+S0089
+S0093
+S0143
+S0366
+S0368
+S0372
+S0446
+S0496
+S0603
+S0604
+S0605
+S0606
+S0607
+S0608
+S1000
+S1006
+S1009
+S1010
+S1045
+S1072
+S1157
+S1165
+T0800
+T0801
+T0802
+T0803
+T0804
+T0805
+T0806
+T0807
+T0809
+T0811
+T0812
+T0813
+T0814
+T0815
+T0816
+T0817
+T0819
+T0820
+T0821
+T0822
+T0823
+T0826
+T0827
+T0828
+T0829
+T0830
+T0831
+T0832
+T0834
+T0835
+T0836
+T0837
+T0838
+T0839
+T0840
+T0842
+T0843
+T0845
+T0846
+T0847
+T0848
+T0849
+T0851
+T0852
+T0853
+T0855
+T0856
+T0857
+T0858
+T0859
+T0860
+T0861
+T0862
+T0863
+T0864
+T0865
+T0866
+T0867
+T0868
+T0869
+T0871
+T0872
+T0873
+T0874
+T0877
+T0878
+T0879
+T0880
+T0881
+T0882
+T0883
+T0884
+T0885
+T0886
+T0887
+T0888
+T0889
+T0890
+T0891
+T0892
+T0893
+T0894
+T0895
+TA0100
+TA0101
+TA0102
+TA0103
+TA0104
+TA0105
+TA0106
+TA0107
+TA0108
+TA0109
+TA0110
+TA0111

txt2stix/includes/lookups/{mitre_attack_ics_name_v16_0.txt → mitre_attack_ics_name_v18_0.txt}

@@ -1,4 +1,3 @@
-ICS ATT&CK
 Block Command Message
 Service Stop
 Modify Parameter
@@ -82,6 +81,7 @@ Internet Accessible Device
 Data from Local System
 Change Credential
 Modify Program
+FrostyGoop Incident
 Triton Safety Instrumented System Attack
 2015 Ukraine Electric Power Attack
 Maroochy Water Breach
@@ -173,21 +173,108 @@ Fuxnet
 Ryuk
 ACAD/Medre.A
 REvil
+FrostyGoop
 INCONTROLLER
 KillDisk
 Industroyer
 Flame
 None
+Analytic 1881
+Analytic 1936
+Analytic 1855
+Analytic 1916
+Analytic 1886
+Analytic 1860
+Analytic 1895
+Analytic 1874
+Analytic 1859
+Analytic 1925
+Analytic 1926
+Analytic 1932
+Analytic 1907
+Analytic 1868
+Analytic 1872
+Analytic 1879
+Analytic 1914
+Analytic 1909
+Analytic 1929
+Analytic 1924
+Analytic 1880
+Analytic 1921
+Analytic 1893
+Analytic 1899
+Analytic 1864
+Analytic 1920
+Analytic 1908
+Analytic 1882
+Analytic 1913
+Analytic 1894
+Analytic 1883
+Analytic 1901
+Analytic 1897
+Analytic 1898
+Analytic 1892
+Analytic 1870
+Analytic 1905
+Analytic 1887
+Analytic 1858
+Analytic 1902
+Analytic 1918
+Analytic 1862
+Analytic 1928
+Analytic 1922
+Analytic 1915
+Analytic 1863
+Analytic 1900
+Analytic 1889
+Analytic 1911
+Analytic 1935
+Analytic 1877
+Analytic 1878
+Analytic 1934
+Analytic 1869
+Analytic 1866
+Analytic 1885
+Analytic 1896
+Analytic 1930
+Analytic 1871
+Analytic 1884
+Analytic 1876
+Analytic 1906
+Analytic 1910
+Analytic 1865
+Analytic 1856
+Analytic 1931
+Analytic 1903
+Analytic 1917
+Analytic 1923
+Analytic 1904
+Analytic 1873
+Analytic 1857
+Analytic 1867
+Analytic 1875
+Analytic 1912
+Analytic 1891
+Analytic 1861
+Analytic 1919
+Analytic 1888
+Analytic 1890
+Analytic 1927
+Analytic 1933
 Virtual Private Network (VPN) Server
 Jump Host
 Remote Terminal Unit (RTU)
 Field I/O
 Human-Machine Interface (HMI)
+Programmable Automation Controller (PAC)
 Data Gateway
 Safety Controller
 Intelligent Electronic Device (IED)
+Distributed Control System (DCS) Controller
 Application Server
 Programmable Logic Controller (PLC)
+Firewall
+Switch
 Routers
 Data Historian
 Control Server
@@ -228,23 +315,89 @@ Process Metadata
 Scheduled Job Creation
 Network Share Access
 Scheduled Job Modification
-User Account
-Windows Registry
-Script
-Operational Databases
-Application Log
-Logon Session
-File
-Drive
-Command
-Asset
-Network Share
-Network Traffic
-Scheduled Job
-Firmware
-Service
-Process
-Module
+Detection of Rootkit
+Detection of Block Reporting Message
+Detection of Masquerading
+Detection of Denial of Service
+Detection of Project File Infection
+Detection of System Firmware
+Detection of Exploitation for Privilege Escalation
+Detection of Alarm Suppression
+Detection of Denial of View
+Detection of Device Restart/Shutdown
+Detection of Denial of Control
+Detection of Theft of Operational Information
+Detection of Block Command Message
+Detection of Change Credential
+Detection of Commonly Used Port
+Detection of Loss of Control
+Detection of Data from Local System
+Detection of Screen Capture
+Detection of Brute Force I/O
+Detection of Network Connection Enumeration
+Detection of Automated Collection
+Detection of Modify Parameter
+Detection of Manipulation of View
+Detection of Block Serial COM
+Detection of System Binary Proxy Execution
+Detection of Point & Tag Identification
+Detection of Supply Chain Compromise
+Detection of Native API
+Detection of Monitor Process State
+Detection of Lateral Tool Transfer
+Detection of Remote System Information Discovery
+Detection of Exploitation of Remote Services
+Detection of Activate Firmware Update Mode
+Detection of Program Upload
+Detection of Program Download
+Detection of Standard Application Layer Protocol
+Detection of Remote Services
+Detection of Wireless Compromise
+Detection of Modify Program
+Detection of Modify Alarm Settings
+Detection of Graphical User Interface
+Detection of Connection Proxy
+Detection of Drive-by Compromise
+Detection of Transient Cyber Asset
+Detection of Autorun Image
+Detection of Exploitation for Evasion
+Detection of Rogue Master
+Detection of Hooking
+Detection of Data from Information Repositories
+Detection of Loss of View
+Detection of Exploit Public-Facing Application
+Detection of Manipulate I/O Image
+Detection of Manipulation of Control
+Detection of Default Credentials
+Detection of Service Stop
+Detection of Adversary-in-the-Middle
+Detection of Spearphishing Attachment
+Detection of Wireless Sniffing
+Detection of Command-Line Interface
+Detection of Spoof Reporting Message
+Detection of Loss of Protection
+Detection of Loss of Productivity and Revenue
+Detection of Internet Accessible Device
+Detection of I/O Image
+Detection of Replication Through Removable Media
+Detection of Unauthorized Command Message
+Detection of Loss of Availability
+Detection of Hardcoded Credentials
+Detection of Module Firmware
+Detection of Detect Operating Mode
+Detection of Indicator Removal on Host
+Detection of External Remote Services
+Detection of User Execution
+Detection of Remote System Discovery
+Detection of Data Destruction
+Detection of Execution through API
+Detection of Network Sniffing
+Detection of Damage to Property
+Detection of Scripting
+Detection of Loss of Safety
+Detection of Change Operating Mode
+Detection of Modify Controller Tasking
+Detection of Valid Accounts
 Inhibit Response Function
 Privilege Escalation
 Lateral Movement
@@ -256,38 +409,4 @@ Execution
 Command and Control
 Collection
 Evasion
-Impair Process Control
-Network Intrusion Prevention
-Vulnerability Scanning
-Limit Access to Resource Over Network
-Filter Network Traffic
-Restrict Web-Based Content
-Application Developer Guidance
-Limit Hardware Installation
-User Training
-Operating System Configuration
-Data Backup
-Execution Prevention
-Code Signing
-SSL/TLS Inspection
-Boot Integrity
-Network Segmentation
-Threat Intelligence Program
-Password Policies
-User Account Management
-Restrict File and Directory Permissions
-Privileged Account Management
-Restrict Registry Permissions
-Antivirus/Antimalware
-Multi-factor Authentication
-Software Configuration
-Application Isolation and Sandboxing
-Audit
-Exploit Protection
-Active Directory Configuration
-Update Software
-Restrict Library Loading
-Disable or Remove Feature or Program
-Account Use Policies
-Encrypt Sensitive Information
-Leafminer
+Impair Process Control