A typo error in ATT&CK technique (defense bypassed)

Question

A typo error in ATT&CK technique (defense bypassed)

sycho1987 opened this issue 3 years ago · 1 comments

sycho1987 commented 3 years ago

There might be some typo errors in ATT&CK attack-pattern.

First, in 'T1553.005' ('id': 'attack-pattern--7e7c2fba-7cca-486c-9582-4c1bb2851961'),
during analysis of individual technique,
in 'x_mitre_defense_bypassed',

'x_mitre_defense_bypassed': ['Anti-virus, Application control']

It has two elements in this attribute, as 'Anti-virus' and 'Application control', but these two are combined in an element.
It should be

'x_mitre_defense_bypassed': ['Anti-virus', 'Application control']

Second, in 'x_mitre_defense_bypassed', 'Anti-Virus' and 'Anti Virus' are shown.
It makes me to add some additional code to postprocess these.

In a future, in 'x_mitre_defense_bypassed', unified terms should be proposed.

Answer 1 · 2023-10-19T18:47:39.000Z

Apparently we addressed this in May 2022, but thank you for writing in with the issue - you can see the change in the STIX file here.

https://github.com/mitre/cti/blob/master/enterprise-attack/attack-pattern/attack-pattern--7e7c2fba-7cca-486c-9582-4c1bb2851961.json#L33-L36