chore: update ATT&CK heatmap

phantinuss · github-actions[bot] · commit de08f4e2989b · 2026-01-01T02:01:52.000Z
diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json
@@ -96,7 +96,7 @@
     {
       "techniqueID": "T1190",
       "tactic": "initial-access",
-      "score": 143,
+      "score": 145,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -305,7 +305,7 @@
     {
       "techniqueID": "T1003",
       "tactic": "credential-access",
-      "score": 34,
+      "score": 35,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -404,7 +404,7 @@
     {
       "techniqueID": "T1562.001",
       "tactic": "defense-evasion",
-      "score": 114,
+      "score": 118,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -800,7 +800,7 @@
     {
       "techniqueID": "T1059",
       "tactic": "execution",
-      "score": 91,
+      "score": 93,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -1053,7 +1053,7 @@
     {
       "techniqueID": "T1105",
       "tactic": "command-and-control",
-      "score": 71,
+      "score": 74,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -1196,7 +1196,7 @@
     {
       "techniqueID": "T1102.002",
       "tactic": "command-and-control",
-      "score": 3,
+      "score": 4,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -1350,7 +1350,7 @@
     {
       "techniqueID": "T1003.001",
       "tactic": "credential-access",
-      "score": 77,
+      "score": 78,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -2439,7 +2439,7 @@
     {
       "techniqueID": "T1036.003",
       "tactic": "defense-evasion",
-      "score": 27,
+      "score": 28,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -2846,7 +2846,7 @@
     {
       "techniqueID": "T1566.001",
       "tactic": "initial-access",
-      "score": 22,
+      "score": 23,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -2945,7 +2945,7 @@
     {
       "techniqueID": "T1087",
       "tactic": "discovery",
-      "score": 15,
+      "score": 16,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -3638,7 +3638,7 @@
     {
       "techniqueID": "T1071",
       "tactic": "command-and-control",
-      "score": 6,
+      "score": 7,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5297,9 +5297,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1546.004",
-      "tactic": "privilege-escalation",
-      "score": 1,
+      "techniqueID": "T1574.006",
+      "tactic": "persistence",
+      "score": 2,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5308,9 +5308,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1546.004",
-      "tactic": "persistence",
-      "score": 1,
+      "techniqueID": "T1574.006",
+      "tactic": "privilege-escalation",
+      "score": 2,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5319,8 +5319,8 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1543.002",
-      "tactic": "persistence",
+      "techniqueID": "T1574.006",
+      "tactic": "defense-evasion",
       "score": 2,
       "color": "",
       "comment": "",
@@ -5330,9 +5330,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1543.002",
+      "techniqueID": "T1546.004",
       "tactic": "privilege-escalation",
-      "score": 2,
+      "score": 1,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5341,9 +5341,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1030",
-      "tactic": "exfiltration",
-      "score": 2,
+      "techniqueID": "T1546.004",
+      "tactic": "persistence",
+      "score": 1,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5352,9 +5352,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1547.006",
+      "techniqueID": "T1543.002",
       "tactic": "persistence",
-      "score": 1,
+      "score": 2,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5363,9 +5363,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1547.006",
+      "techniqueID": "T1543.002",
       "tactic": "privilege-escalation",
-      "score": 1,
+      "score": 2,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5374,8 +5374,8 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1574.006",
-      "tactic": "persistence",
+      "techniqueID": "T1499",
+      "tactic": "impact",
       "score": 2,
       "color": "",
       "comment": "",
@@ -5385,8 +5385,8 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1574.006",
-      "tactic": "privilege-escalation",
+      "techniqueID": "T1030",
+      "tactic": "exfiltration",
       "score": 2,
       "color": "",
       "comment": "",
@@ -5396,9 +5396,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1574.006",
-      "tactic": "defense-evasion",
-      "score": 2,
+      "techniqueID": "T1547.006",
+      "tactic": "persistence",
+      "score": 1,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5407,9 +5407,9 @@
       "showSubtechniques": false
     },
     {
-      "techniqueID": "T1499",
-      "tactic": "impact",
-      "score": 2,
+      "techniqueID": "T1547.006",
+      "tactic": "privilege-escalation",
+      "score": 1,
       "color": "",
       "comment": "",
       "enabled": true,
@@ -5626,6 +5626,17 @@
       "links": [],
       "showSubtechniques": false
     },
+    {
+      "techniqueID": "T1598.002",
+      "tactic": "reconnaissance",
+      "score": 1,
+      "color": "",
+      "comment": "",
+      "enabled": true,
+      "metadata": [],
+      "links": [],
+      "showSubtechniques": false
+    },
     {
       "techniqueID": "T1090.004",
       "tactic": "command-and-control",
