welcome to my older one less than seven groups and software.
In this lesson, we will define and explore what our attack groups in software
identify the information provided by attack about these groups and software,
and finally build appreciation for how these groups and software fit into the attack model.
As you recall from lesson for attack techniques and subject, niks have a wealth of metadata,
and in this lesson we'll use the Procedure Examples section
to pivot to groups and software.
attack breaks down the tactics, techniques and procedures of adversaries
and define these procedures as specific implementations or ways that adversaries have executed techniques or some techniques.
These procedures examples are populated on each page of our technique, as well as on the page of groups and software, which will explore later in this lesson.
As you can see from the example below.
These procedure examples described the groups or software specifically how they executed a specific technique or sub technique.
All these procedures are populated
on a technique page.
We can also view these from the perspective of a whole group or software
attack. Defined groups as related intrusion activity tracked by a common name.
Anyone who's read publicly available intelligence knows that there's various terms related to groups such as intrusion sets, threat actors or campaigns.
An attack rolls all these together into what we call groups.
Groups are objects in the attack model and are assigned a unique identifier,
As you can see from example below. Each group has a name, a short description as well as other other. Various metadata, such as aliases,
defined software as the tools arm our used by an adversary during an intrusion
similar to groups. These software are objects in the attack model and have their own unique identifier as well.
Attack software pages also have their own name, a short description and various other metadata, including aliases.
Here's an example of a group page. In this case, we're looking at the Group A P. T. 38.
From here. This view we can see the short description,
but we scroll down that page. We can also see the techniques and subject next map to a P 38
as well as the software used by this group
based on publicly available reporting already mapped within the attack framework.
And with that, we've reached our knowledge check for less than seven.
True or false, there are potentially many procedures for a given technique.
Please positive video and take a second to think of the correct answer before proceeding.
In this case, the answer is true.
As we saw from the example from the technique, there are potentially many procedures for how each given technique can be implemented by a specific group or software.
In summary, attack groups represent the name clusters of intrusion activity,
whereas software represents the tools or Mauer's used by these actors.
For both groups and software, Attack provides descriptions and aliases as well as to what techniques and some techniques have been mapped based on publicly reported intelligence. From these threats.
And finally, techniques are mapped to groups in software via procedure examples or the specific ways that techniques have been performed by these adversaries.