ATLAS Navigator Data 1.3.0 - ATLAS STIX includes ATT&CK Enterprise v1…

…2, new case study, new technique

CHANGELOG.md

@@ -1,5 +1,11 @@
 # ATLAS Navigator Data Changelog
 
+## [1.3.0]() (2023-01-20)
+
+- ATLAS STIX now also includes ATT&CK Enterprise v12 for comparison purposes
+  + Any ATLAS techniques adapted from ATT&CK are additionally denoted with "(ATLAS)" to distinguish the names
+- Updated to use ATLAS Data 4.2.0
+
 ## [1.2.0]() (2022-10-28)
 
 - Updated ATLAS STIX and Navigator layer files for added technique and refreshed case studies
@@ -12,7 +18,6 @@
   + Import the outputted STIX as a new collection in the Workbench
 - Supports ATT&CK Navigator 4.6.4
 
-
 ## [1.0.0]() (2022-03-23)
 
 - Moved ATLAS Navigator scripts and docs into their own repository separate from [ATLAS Data](https://github.com/mitre-atlas/atlas-data)

README.md

@@ -14,6 +14,7 @@ Located the `dist` directory:
     + Viewable by default on the [ATLAS Navigator](https://mitre-atlas.github.io/atlas-navigator/).
 - `stix-atlas.json`
     + ATLAS matrix expressed as a STIX 2.1 bundle following the [ATT&CK data model](https://github.com/mitre/cti/blob/master/USAGE.md#the-attck-data-model).
+        - Also includes ATT&CK Enterprise data
     + Used as domain data for the ATLAS Navigator.
     + Can also be imported into the [ATT&CK Workbench](https://github.com/center-for-threat-informed-defense/attack-workbench-frontend) as a collection.
 
@@ -43,7 +44,7 @@ python tools/generate_navigator_layer.py --layer case_study
 
 When tactics and techniques update in `atlas-data`, run
 ```
-python tools/generate_stix.py
+python tools/generate_stix.py --include-attack
 python tools/generate_navigator_layer.py --layer matrix
 ```
 Omit the `--layer` option above to generate all outputs.

dist/case-study-navigator-layers/AML.CS0000.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Evasion of Deep Learning Detector for Malware C&C Traffic",

dist/case-study-navigator-layers/AML.CS0001.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Botnet Domain Generation Algorithm (DGA) Detection Evasion",

dist/case-study-navigator-layers/AML.CS0002.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "VirusTotal Poisoning",

dist/case-study-navigator-layers/AML.CS0003.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Bypassing Cylance's AI Malware Detection",

dist/case-study-navigator-layers/AML.CS0004.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Camera Hijack Attack on Facial Recognition System",

dist/case-study-navigator-layers/AML.CS0005.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate",

dist/case-study-navigator-layers/AML.CS0006.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "ClearviewAI Misconfiguration",

dist/case-study-navigator-layers/AML.CS0007.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "GPT-2 Model Replication",

dist/case-study-navigator-layers/AML.CS0008.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "ProofPoint Evasion",

dist/case-study-navigator-layers/AML.CS0009.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Tay Poisoning",

dist/case-study-navigator-layers/AML.CS0010.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Microsoft Azure Service Disruption",

dist/case-study-navigator-layers/AML.CS0011.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Microsoft Edge AI Evasion",

dist/case-study-navigator-layers/AML.CS0012.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Face Identification System Evasion via Physical Countermeasures",

dist/case-study-navigator-layers/AML.CS0013.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Backdoor Attack on Deep Learning Models in Mobile Apps",

dist/case-study-navigator-layers/AML.CS0014.json

@@ -11,11 +11,11 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.1.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-10-28"
+            "value": "2023-01-23"
         }
     ],
     "name": "Confusing Antimalware Neural Networks",

dist/case-study-navigator-layers/AML.CS0015.json

@@ -11,86 +11,35 @@
         },
         {
             "name": "atlas_data_version",
-            "value": "4.0.0"
+            "value": "4.2.0"
         },
         {
             "name": "generated_on",
-            "value": "2022-07-27"
+            "value": "2023-01-23"
         }
     ],
-    "name": "Tesla Auto Wiper and Enhanced Autopilot Attack",
-    "description": "Tesla Auto Wipers and Enhanced Autopilot driving mode both make use of computer vision machine learning models to determine the vehicle's corresponding functions. These functions can be exploited by physical adversarial machine learning attacks that affect the operation and the safety of the vehicle. While exploits to gain root access to the Tesla firmware had since been patched, the vulnerabilities to the underlying machine learning systems discovered by this research were still exploitable.",
+    "name": "Compromised PyTorch Dependency Chain",
+    "description": "Linux packages for PyTorch's pre-release version, called Pytorch-nightly, were compromised from December 25 to 30, 2022 by a malicious binary uploaded to the Python Package Index (PyPI) code repository.  The malicious binary had the same name as a PyTorch dependency and the PyPI package manager (pip) installed this malicious package instead of the legitimate one.\n\nThis supply chain attack, also known as \"dependency confusion,\" exposed sensitive information of Linux machines with the affected pip-installed versions of PyTorch-nightly. On December 30, 2022, PyTorch announced the incident and initial steps towards mitigation, including the rename and removal of `torchtriton` dependencies.",
     "techniques": [
         {
-            "techniqueID": "AML.T0012",
-            "showSubtechniques": false,
-            "tactic": "initial-access",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0013",
-            "showSubtechniques": false,
-            "tactic": "discovery",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0047",
-            "showSubtechniques": false,
-            "tactic": "ml-model-access",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0040",
-            "showSubtechniques": false,
-            "tactic": "ml-model-access",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0043.001",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0043",
-            "showSubtechniques": true,
-            "tactic": "ml-attack-staging"
-        },
-        {
-            "techniqueID": "AML.T0041",
-            "showSubtechniques": false,
-            "tactic": "ml-model-access",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0042",
-            "showSubtechniques": false,
-            "tactic": "ml-attack-staging",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0015",
-            "showSubtechniques": false,
-            "tactic": "impact",
-            "color": "#C8E6C9"
-        },
-        {
-            "techniqueID": "AML.T0043.001",
+            "techniqueID": "AML.T0010.001",
             "color": "#C8E6C9"
         },
         {
-            "techniqueID": "AML.T0043",
+            "techniqueID": "AML.T0010",
             "showSubtechniques": true,
-            "tactic": "ml-attack-staging"
+            "tactic": "initial-access"
         },
         {
-            "techniqueID": "AML.T0042",
+            "techniqueID": "AML.T0037",
             "showSubtechniques": false,
-            "tactic": "ml-attack-staging",
+            "tactic": "collection",
             "color": "#C8E6C9"
         },
         {
-            "techniqueID": "AML.T0015",
+            "techniqueID": "AML.T0025",
             "showSubtechniques": false,
-            "tactic": "impact",
+            "tactic": "exfiltration",
             "color": "#C8E6C9"
         }
     ],