From 207233da1c43d098138dda2d92b2b51cae483f86 Mon Sep 17 00:00:00 2001 From: Jayson Grace Date: Thu, 24 Aug 2023 20:34:43 -0600 Subject: [PATCH 01/35] Add PoC ART code Add initial ART parse logic with tests --- magefiles/go.mod | 47 ++++ magefiles/go.sum | 597 +++++++++++++++++++++++++++++++++++++++++ magefiles/translate.go | 248 +++++++++++++++++ pkg/art/README.md | 233 ++++++++++++++++ pkg/art/parse.go | 333 +++++++++++++++++++++++ pkg/art/parse_test.go | 143 ++++++++++ 6 files changed, 1601 insertions(+) create mode 100755 magefiles/go.mod create mode 100755 magefiles/go.sum create mode 100644 magefiles/translate.go create mode 100644 pkg/art/README.md create mode 100644 pkg/art/parse.go create mode 100644 pkg/art/parse_test.go diff --git a/magefiles/go.mod b/magefiles/go.mod new file mode 100755 index 00000000..447592f3 --- /dev/null +++ b/magefiles/go.mod @@ -0,0 +1,47 @@ +module magefile + +go 1.21 + +toolchain go1.21.1 + +require ( + github.com/facebookincubator/ttpforge v1.0.7 + github.com/l50/goutils/v2 v2.1.0 + github.com/magefile/mage v1.15.0 + github.com/spf13/afero v1.9.5 + gopkg.in/yaml.v3 v3.0.1 +) + +require ( + dario.cat/mergo v1.0.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect + github.com/acomagu/bufpipe v1.0.4 // indirect + github.com/bitfield/script v0.22.0 // indirect + github.com/cloudflare/circl v1.3.3 // indirect + github.com/emirpasic/gods v1.18.1 // indirect + github.com/fatih/color v1.15.0 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.4.1 // indirect + github.com/go-git/go-git/v5 v5.8.1 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/itchyny/gojq v0.12.13 // indirect + github.com/itchyny/timefmt-go v0.1.5 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/otiai10/copy v1.12.0 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/skeema/knownhosts v1.2.0 // indirect + github.com/xanzy/ssh-agent v0.3.3 // indirect + golang.org/x/crypto v0.12.0 // indirect + golang.org/x/mod v0.12.0 // indirect + golang.org/x/net v0.14.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect + golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect + gopkg.in/warnings.v0 v0.1.2 // indirect + mvdan.cc/sh/v3 v3.6.0 // indirect +) diff --git a/magefiles/go.sum b/magefiles/go.sum new file mode 100755 index 00000000..526441e5 --- /dev/null +++ b/magefiles/go.sum @@ -0,0 +1,597 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= +github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= +github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= +github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/bitfield/script v0.22.0 h1:LA7QHuEsXMPD52YLtxWrlqCCy+9FOpzNYfsRHC5Gsrc= +github.com/bitfield/script v0.22.0/go.mod h1:ms4w+9B8f2/W0mbsgWDVTtl7K94bYuZc3AunnJC4Ebs= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= +github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= +github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= +github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/facebookincubator/ttpforge v1.0.7 h1:qrLKCYY4aS9LPPywGYso15Phxt1vVlLFiX+z8tBbHFQ= +github.com/facebookincubator/ttpforge v1.0.7/go.mod h1:AIilkLrCgcdyjWglSffm6U+7l+tSwd9GBj7GQmDYKIM= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= +github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= +github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= +github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= +github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A= +github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/itchyny/gojq v0.12.12/go.mod h1:j+3sVkjxwd7A7Z5jrbKibgOLn0ZfLWkV+Awxr/pyzJE= +github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= +github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= +github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= +github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= +github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/l50/goutils/v2 v2.1.0 h1:o6DYjCtPevU5Uq1OjB8mtdsS00KxZHFQKVb9Hgo+KzI= +github.com/l50/goutils/v2 v2.1.0/go.mod h1:UwkfE7TaT3x9pzK7iAbiwQj+gkRVEi0GETasQqwE8uk= +github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= +github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= +github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY= +github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= +github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= +github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= +github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= +github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= +golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +mvdan.cc/editorconfig v0.2.0/go.mod h1:lvnnD3BNdBYkhq+B4uBuFFKatfp02eB6HixDvEz91C0= +mvdan.cc/sh/v3 v3.6.0 h1:gtva4EXJ0dFNvl5bHjcUEvws+KRcDslT8VKheTYkbGU= +mvdan.cc/sh/v3 v3.6.0/go.mod h1:U4mhtBLZ32iWhif5/lD+ygy1zrgaQhUu+XFy7C8+TTA= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/magefiles/translate.go b/magefiles/translate.go new file mode 100644 index 00000000..29ebdc67 --- /dev/null +++ b/magefiles/translate.go @@ -0,0 +1,248 @@ +/* +Copyright © 2023-present, Meta Platforms, Inc. and affiliates +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +/* +Copyright © 2023-present, Meta Platforms, Inc. and affiliates +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +package main + +import ( + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/facebookincubator/ttpforge/pkg/args" + "gopkg.in/yaml.v3" +) + +type AtomicSchema struct { + AttackTechnique string `yaml:"attack_technique"` + DisplayName string `yaml:"display_name"` + AtomicTests []Test `yaml:"atomic_tests"` +} + +// TTP represents the top-level structure for a TTP +// (Tactics, Techniques, and Procedures) object. +type TTP struct { + Name string `yaml:"name,omitempty"` + Description string `yaml:"description"` + Environment map[string]string `yaml:"env,flow,omitempty"` + Steps []Step `yaml:"steps,omitempty,flow"` + ArgSpecs []args.Spec `yaml:"args,omitempty,flow"` + // Omit WorkDir, but expose for testing. + WorkDir string `yaml:"-"` +} + +type Test struct { + Name string `yaml:"name"` + Description string `yaml:"description"` + SupportedPlatforms []string `yaml:"supported_platforms"` + Executor Executor `yaml:"executor"` + InputArguments map[string]InputArgument + DependencyExecutorName string `yaml:"dependency_executor_name"` + Dependencies []Dependency +} + +type Executor struct { + Name string + Command string + Steps string + CleanupCommand string `yaml:"cleanup_command"` +} + +type InputArgument struct { + Description string + Type string + Default interface{} +} + +type Dependency struct { + Description string + PrereqCommand string `yaml:"prereq_command"` + GetPrereqCommand string `yaml:"get_prereq_command"` +} + +type Mitre struct { + Tactics []string + Techniques []string + Subtechniques []string +} + +type Step struct { + Name string + Inline string + Cleanup CleanupAct + Args []Spec +} + +type CleanupAct struct { + Inline string +} + +type Spec struct { + Name string + Type string + Default string + Description string +} + +func ConvertSchema(atomic AtomicSchema) TTP { + var ttp TTP + ttp.Name = formatStepName(atomic.DisplayName) + ttp.Description = atomic.DisplayName + ttp.Mitre.Techniques = append(ttp.Mitre.Techniques, atomic.AttackTechnique) + + for _, test := range atomic.AtomicTests { + step := Step{ + Name: formatStepName(test.Name), + Inline: test.Executor.Command, + Cleanup: CleanupAct{ + Inline: test.Executor.CleanupCommand, + }, + } + + // Populate Args for each step from the test's InputArguments + for argName, inputArg := range test.InputArguments { + spec := Spec{ + Name: argName, + Type: inputArg.Type, + Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string + Description: inputArg.Description, + } + step.Args = append(step.Args, spec) + } + + ttp.Steps = append(ttp.Steps, step) + } + + return ttp +} + +// copyDir copies a whole directory recursively +func copyDir(src string, dst string) error { + return filepath.Walk(src, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + // Generate new destination path + relativePath, _ := filepath.Rel(src, path) + destPath := filepath.Join(dst, relativePath) + + if info.IsDir() { + // Create a new directory + return os.MkdirAll(destPath, info.Mode()) + } + + // Copy the file + fileData, err := os.ReadFile(path) + if err != nil { + return err + } + return os.WriteFile(destPath, fileData, info.Mode()) + }) +} + +// formatStepName formats the given step name by converting it to lowercase +// and replacing spaces with dashes. +func formatStepName(name string) string { + // Convert to lowercase + name = strings.ToLower(name) + + // Replace spaces with dashes + name = strings.ReplaceAll(name, " ", "-") + + // Additional cleanup can be added if needed + + return name +} + +// ConvertYAMLSchema reads from a provided TTP path, converts its schema, and writes the result to the specified output path +func ConvertYAMLSchema(ttpPath string) error { + if ttpPath == "" { + return fmt.Errorf("a valid TTP path must be provided") + } + + // Read the original YAML + originalYAMLPath := filepath.Join(ttpPath, filepath.Base(ttpPath)+".yaml") + data, err := os.ReadFile(originalYAMLPath) + if err != nil { + return err + } + + var atomic AtomicSchema + err = yaml.Unmarshal(data, &atomic) + if err != nil { + return err + } + + target := ConvertSchema(atomic) + + // Convert to YAML + result, err := yaml.Marshal(&target) + if err != nil { + return err + } + + // Write to the specified output path + outputDir := filepath.Join(os.Getenv("HOME"), ".ttpforge", "repos", "forgearmory", "ttps", "art", filepath.Base(ttpPath)) + outputFilePath := filepath.Join(outputDir, filepath.Base(ttpPath)+".yaml") + + // Ensure the directory exists + err = os.MkdirAll(outputDir, os.ModePerm) + if err != nil { + return err + } + + err = os.WriteFile(outputFilePath, result, os.ModePerm) + if err != nil { + return err + } + + // Check if "src" directory exists in the original location and copy it to the destination if it does + srcPath := filepath.Join(ttpPath, "src") + _, err = os.Stat(srcPath) + if err == nil { + // Directory exists, copy it + destSrcPath := filepath.Join(outputDir, "src") + err = copyDir(srcPath, destSrcPath) + if err != nil { + return err + } + } + + return nil +} diff --git a/pkg/art/README.md b/pkg/art/README.md new file mode 100644 index 00000000..00988cb0 --- /dev/null +++ b/pkg/art/README.md @@ -0,0 +1,233 @@ +# TTPForge/art + +The `art` package is a part of the TTPForge. + +--- + +## Table of contents + +- [Functions](#functions) +- [Installation](#installation) +- [Usage](#usage) +- [Tests](#tests) +- [Contributing](#contributing) +- [License](#license) + +--- + +## Functions + +### Ability.EncodeCommand() + +```go +EncodeCommand() +``` + +EncodeCommand encodes the command of an Ability using base64 encoding. + +**Parameters:** + +a: A pointer to the Ability structure. + +--- + +### Atomic.GenerateArtVarsAndAbilities() + +```go +GenerateArtVarsAndAbilities() +``` + +GenerateArtVarsAndAbilities generates the ArtInputVars and ArtAbilities for an Atomic structure. + +**Parameters:** + +a: A pointer to the Atomic structure. + +--- + +### Atomic.LoadArtYAML(string) + +```go +LoadArtYAML(string) error +``` + +LoadArtYAML loads the ART YAML from a given path into the Atomic structure. + +**Parameters:** + +path: Path to the ART YAML file. + +**Returns:** + +error: An error if any issue occurs while loading the ART YAML. + +--- + +### Atomic.LoadAtomic(string) + +```go +LoadAtomic(string) error +``` + +LoadAtomic loads a JSON file into the Atomic structure. + +**Parameters:** + +path: Path to the JSON file. + +**Returns:** + +error: An error if any issue occurs while loading the JSON into Atomic. + +--- + +### Config.Load(string) + +```go +Load(string) error +``` + +Load reads a YAML file and loads it into the Config structure. + +**Parameters:** + +path: Path to the YAML file. + +**Returns:** + +error: An error if any issue occurs while loading the YAML into Config. + +--- + +### NewAbility(int64, string) + +```go +NewAbility(int64, string) *Ability +``` + +NewAbility initializes a new Ability and encodes its command. + +**Parameters:** + +id: Identifier for the new ability. +command: The command for the new ability. + +**Returns:** + +*Ability: A pointer to the newly created Ability. + +--- + +### NewAtomic() + +```go +NewAtomic() *Atomic +``` + +NewAtomic initializes a new Atomic structure. + +**Returns:** + +*Atomic: A pointer to the newly created Atomic structure. + +--- + +### NewConfig(string) + +```go +NewConfig(string) *Config, error +``` + +NewConfig initializes a new Config. + +**Parameters:** + +path: Path to the configuration file. + +**Returns:** + +*Config: A pointer to the newly created Config. +error: An error if any issue occurs while initializing the Config. + +--- + +### NewVar(int64, string) + +```go +NewVar(int64, string) *Var +``` + +NewVar initializes a new Var and encodes its value. + +**Parameters:** + +id: Identifier for the ability the variable belongs to. +name: Name of the variable. +value: Value of the variable. + +**Returns:** + +*Var: A pointer to the newly created Var. + +--- + +### Var.EncodeValue() + +```go +EncodeValue() +``` + +EncodeValue encodes the value of the Var structure. + +**Parameters:** + +v: A pointer to the Var structure. + +--- + +## Installation + +To use the TTPForge/art package, you first need to install it. +Follow the steps below to install via go get. + +```bash +go get github.com/facebookincubator/ttpforge/art +``` + +--- + +## Usage + +After installation, you can import the package in your Go project +using the following import statement: + +```go +import "github.com/facebookincubator/ttpforge/art" +``` + +--- + +## Tests + +To ensure the package is working correctly, run the following +command to execute the tests for `TTPForge/art`: + +```bash +go test -v +``` + +--- + +## Contributing + +Pull requests are welcome. For major changes, +please open an issue first to discuss what +you would like to change. + +--- + +## License + +This project is licensed under the MIT +License - see the [LICENSE](https://github.com/facebookincubator/TTPForge/blob/main/LICENSE) +file for details. diff --git a/pkg/art/parse.go b/pkg/art/parse.go new file mode 100644 index 00000000..01d63e7e --- /dev/null +++ b/pkg/art/parse.go @@ -0,0 +1,333 @@ +/* +Copyright © 2023-present, Meta Platforms, Inc. and affiliates +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +package art + +import ( + "encoding/base64" + "encoding/json" + "os" + "strings" + + "gopkg.in/yaml.v3" +) + +// Config represents the configuration details for ART. +// +// **Attributes:** +// +// ArtPath: Path to ART files. +// CtiPath: Path to CTI files. +type Config struct { + ArtPath string `yaml:"art_path"` + CtiPath string `yaml:"cti_path"` +} + +// Ability represents the details of an ability. +// +// **Attributes:** +// +// AbilityID: Identifier for the ability. +// Command: The command to be executed for this ability. +type Ability struct { + AbilityID int64 + Command string +} + +// Var represents a variable tied to an ability. +// +// **Attributes:** +// +// AbilityID: Identifier for the ability the variable belongs to. +// VarName: Name of the variable. +// Value: Value of the variable. +type Var struct { + AbilityID int64 + VarName string + Value string +} + +// Atomic represents the structure of an atomic test. +// +// **Attributes:** +// +// AbilityID: Identifier for the atomic test. +// Platform: Platform on which the atomic test runs. +// Executor: Executor name. +// Command: The command to be executed. +// InputArguments: Arguments passed to the atomic test. +// Encoder: List of encoders used. +// ArtAbilities: List of art abilities tied to this atomic. +// ArtInputVars: List of variables tied to this atomic. +type Atomic struct { + AbilityID int64 `json:"ability_id"` + Platform string `json:"platform"` + Executor string `json:"executor"` + Command string `json:"command"` + InputArguments map[string]Argument + Encoder []string `json:"encoder"` + ArtAbilities []*Ability + ArtInputVars []*Var +} + +// Argument represents the input arguments for an atomic test. +// +// **Attributes:** +// +// ID: Identifier for the argument. +// Name: Name of the argument. +// Default: Default value for the argument. +type Argument struct { + ID int `json:"id"` + Name string `json:"name"` + Default string `json:"default"` +} + +// AtomicRedTeamYAML represents the structure of an ART TTP. +// +// **Attributes:** +// +// AttackTechnique: The attack technique. +// AtomicTests: List of atomic tests. +type AtomicRedTeamYAML struct { + AttackTechnique string `yaml:"attack_technique"` + AtomicTests []AtomicTest `yaml:"atomic_tests"` +} + +// AtomicTest represents an atomic test in ART YAML. +// +// **Attributes:** +// +// Name: Name of the atomic test. +// SupportedPlatforms: List of platforms this test supports. +// InputArguments: Input arguments for the atomic test. +// Executor: Executor for the atomic test. +type AtomicTest struct { + Name string `yaml:"name"` + SupportedPlatforms []string `yaml:"supported_platforms"` + InputArguments map[string]InputArg `yaml:"input_arguments"` + Executor Executor `yaml:"executor"` +} + +// Executor represents the executor details for an atomic test. +// +// **Attributes:** +// +// Name: Name of the executor. +// Command: Command associated with the executor. +type Executor struct { + Name string `yaml:"name"` + Command string `yaml:"command"` +} + +// InputArg represents an input argument in an AtomicTest. +// +// **Attributes:** +// +// Default: Default value for the input argument. +type InputArg struct { + Default string `yaml:"default"` +} + +// Helper function to process character replacements +func replaceSpecialChars(str string) string { + // Replacing "\x07" with "a" for specific reasons (you can elaborate based on real reasons). + str = strings.ReplaceAll(str, "\x07", "a") + // Replacing "\\\\" with "\\" to correct potential escape sequence errors. + str = strings.ReplaceAll(str, "\\\\", "\\") + return str +} + +// ProcessAtomicTest processes an individual Atomic Test from the +// provided AtomicTest structure, filters supported platforms, and +// creates abilities and variables from the atomic test. +// +// **Parameters:** +// +// atomicTest: The AtomicTest structure containing details of +// the test like supported platforms, executor commands, etc. +func (a *Atomic) ProcessAtomicTest(atomicTest AtomicTest) { + for _, platform := range atomicTest.SupportedPlatforms { + platform = strings.ToLower(platform) + if platform != "windows" && platform != "linux" && platform != "macos" { + continue + } + command := replaceSpecialChars(atomicTest.Executor.Command) + + artAbility := NewAbility(a.AbilityID, command) + a.ArtAbilities = append(a.ArtAbilities, artAbility) + + for varName, varVal := range atomicTest.InputArguments { + value := replaceSpecialChars(varVal.Default) + artVar := NewVar(a.AbilityID, varName, value) + a.ArtInputVars = append(a.ArtInputVars, artVar) + } + } +} + +// NewConfig initializes a new Config. +// +// **Parameters:** +// +// path: Path to the configuration file. +// +// **Returns:** +// +// *Config: A pointer to the newly created Config. +// error: An error if any issue occurs while initializing the Config. +func NewConfig(path string) (*Config, error) { + cfg := &Config{} + err := cfg.LoadArtYAML(path) + if err != nil { + return nil, err + } + return cfg, nil +} + +// LoadArtYAML reads an ART YAML file and loads it into the Config structure. +// +// **Parameters:** +// +// path: Path to the YAML file. +// +// **Returns:** +// +// error: An error if any issue occurs while loading the YAML into Config. +func (c *Config) LoadArtYAML(path string) error { + yamlFile, err := os.ReadFile(path) + if err != nil { + return err + } + + err = yaml.Unmarshal(yamlFile, c) + if err != nil { + return err + } + + return nil +} + +// NewAbility initializes a new Ability and encodes its command. +// +// **Parameters:** +// +// id: Identifier for the new ability. +// command: The command for the new ability. +// +// **Returns:** +// +// *Ability: A pointer to the newly created Ability. +func NewAbility(id int64, command string) *Ability { + ab := &Ability{ + AbilityID: id, + Command: command, + } + ab.EncodeCommand() + return ab +} + +// EncodeCommand encodes the command of an Ability using base64 encoding. +// +// **Parameters:** +// +// a: A pointer to the Ability structure. +func (a *Ability) EncodeCommand() { + a.Command = base64.StdEncoding.EncodeToString([]byte(a.Command)) +} + +// NewVar initializes a new Var and encodes its value. +// +// **Parameters:** +// +// id: Identifier for the ability the variable belongs to. +// name: Name of the variable. +// value: Value of the variable. +// +// **Returns:** +// +// *Var: A pointer to the newly created Var. +func NewVar(id int64, name, value string) *Var { + v := &Var{ + AbilityID: id, + VarName: name, + Value: value, + } + v.EncodeValue() + return v +} + +// EncodeValue encodes the value of the Var structure. +// +// **Parameters:** +// +// v: A pointer to the Var structure. +func (v *Var) EncodeValue() { + v.Value = base64.StdEncoding.EncodeToString([]byte(v.Value)) +} + +// NewAtomic initializes a new Atomic structure. +// +// **Returns:** +// +// *Atomic: A pointer to the newly created Atomic structure. +func NewAtomic() *Atomic { + return &Atomic{ + InputArguments: make(map[string]Argument), + ArtAbilities: make([]*Ability, 0), + ArtInputVars: make([]*Var, 0), + } +} + +// LoadAtomic loads a JSON file into the Atomic structure. +// +// **Parameters:** +// +// path: Path to the JSON file. +// +// **Returns:** +// +// error: An error if any issue occurs while loading the JSON into Atomic. +func (a *Atomic) LoadAtomic(path string) error { + jsonFile, err := os.ReadFile(path) + if err != nil { + return err + } + + err = json.Unmarshal(jsonFile, a) + if err != nil { + return err + } + + return nil +} + +// GenerateArtVarsAndAbilities generates the ArtInputVars and ArtAbilities for an Atomic structure. +// +// **Parameters:** +// +// a: A pointer to the Atomic structure. +func (a *Atomic) GenerateArtVarsAndAbilities() { + for varName, varVal := range a.InputArguments { + value := replaceSpecialChars(varVal.Default) + artVar := NewVar(a.AbilityID, varName, value) + a.ArtInputVars = append(a.ArtInputVars, artVar) + } + + a.ArtAbilities = append(a.ArtAbilities, NewAbility(a.AbilityID, a.Command)) +} diff --git a/pkg/art/parse_test.go b/pkg/art/parse_test.go new file mode 100644 index 00000000..473d3464 --- /dev/null +++ b/pkg/art/parse_test.go @@ -0,0 +1,143 @@ +/* +Copyright © 2023-present, Meta Platforms, Inc. and affiliates +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +package art_test + +import ( + "encoding/base64" + "testing" + + "github.com/facebookincubator/ttpforge/pkg/art" +) + +func TestNewConfig(t *testing.T) { + // This test assumes you have an actual YAML file. If you don't, this will fail. + tests := []struct { + name string + input string + expected art.Config + hasError bool + }{ + { + name: "Valid path", + input: "path_to_valid_yaml.yaml", + expected: art.Config{ArtPath: "some_path", CtiPath: "another_path"}, + hasError: false, + }, + { + name: "Invalid path", + input: "invalid_path.yaml", + expected: art.Config{}, + hasError: true, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + cfg, err := art.NewConfig(tc.input) + if (err != nil) != tc.hasError { + t.Fatalf("expected error status %v; got %v", tc.hasError, (err != nil)) + } + if *cfg != tc.expected { + t.Fatalf("expected config %v; got %v", tc.expected, cfg) + } + }) + } +} + +func TestLoadArtYAML(t *testing.T) { + tests := []struct { + name string + path string + expect *art.Atomic + err error + }{ + // TODO: Add test cases here + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + atomic := art.NewAtomic() + err := atomic.LoadArtYAML(tc.path) + if err != tc.err { + t.Errorf("Expected error %v, but got %v", tc.err, err) + } + // Add more assertions + }) + } +} + +func TestNewAbility(t *testing.T) { + tests := []struct { + name string + id int64 + command string + expected *art.Ability + }{ + { + name: "base64 encoding", + id: 1, + command: "ls", + expected: &art.Ability{ + AbilityID: 1, + Command: base64.StdEncoding.EncodeToString([]byte("ls")), + }, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + ab := art.NewAbility(tc.id, tc.command) + if *ab != *tc.expected { + t.Fatalf("expected %v; got %v", tc.expected, ab) + } + }) + } +} + +func TestNewVar(t *testing.T) { + tests := []struct { + name string + id int64 + varName string + value string + expected *art.Var + }{ + { + name: "base64 encoding", + id: 1, + varName: "VAR1", + value: "value1", + expected: &art.Var{ + AbilityID: 1, + VarName: "VAR1", + Value: base64.StdEncoding.EncodeToString([]byte("value1")), + }, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + v := art.NewVar(tc.id, tc.varName, tc.value) + if *v != *tc.expected { + t.Fatalf("expected %v; got %v", tc.expected, v) + } + }) + } +} From e83486cc3a1e87cfcac0dc7043528fc3acfba1bc Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Tue, 22 Oct 2024 11:00:26 +0100 Subject: [PATCH 02/35] Added Mitre field to TTP struct --- magefiles/translate.go | 1 + 1 file changed, 1 insertion(+) diff --git a/magefiles/translate.go b/magefiles/translate.go index 29ebdc67..24982869 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -59,6 +59,7 @@ type AtomicSchema struct { type TTP struct { Name string `yaml:"name,omitempty"` Description string `yaml:"description"` + Mitre Mitre Environment map[string]string `yaml:"env,flow,omitempty"` Steps []Step `yaml:"steps,omitempty,flow"` ArgSpecs []args.Spec `yaml:"args,omitempty,flow"` From 4d956b6d116cb0ee582c38bd3b6cf0764cbdba92 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Tue, 22 Oct 2024 11:02:37 +0100 Subject: [PATCH 03/35] added dockerfile to build ttpforge binary for windows --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..f6abc157 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 + +ADD . /src +WORKDIR /src +RUN go build -o /ttpforge main.go +WORKDIR / + +ENTRYPOINT [ "/ttpforge" ] From fa858cc6930c85f295dd620b2c84155efc948fe5 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Tue, 22 Oct 2024 13:44:13 +0100 Subject: [PATCH 04/35] Allow loose Mitre tags --- magefiles/translate.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 24982869..40024943 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -57,9 +57,9 @@ type AtomicSchema struct { // TTP represents the top-level structure for a TTP // (Tactics, Techniques, and Procedures) object. type TTP struct { - Name string `yaml:"name,omitempty"` - Description string `yaml:"description"` - Mitre Mitre + Name string `yaml:"name,omitempty"` + Description string `yaml:"description"` + Mitre Mitre Environment map[string]string `yaml:"env,flow,omitempty"` Steps []Step `yaml:"steps,omitempty,flow"` ArgSpecs []args.Spec `yaml:"args,omitempty,flow"` @@ -97,9 +97,9 @@ type Dependency struct { } type Mitre struct { - Tactics []string + Tactics *[]string Techniques []string - Subtechniques []string + Subtechniques *[]string } type Step struct { @@ -219,8 +219,8 @@ func ConvertYAMLSchema(ttpPath string) error { } // Write to the specified output path - outputDir := filepath.Join(os.Getenv("HOME"), ".ttpforge", "repos", "forgearmory", "ttps", "art", filepath.Base(ttpPath)) - outputFilePath := filepath.Join(outputDir, filepath.Base(ttpPath)+".yaml") + outputDir := ttpPath + outputFilePath := filepath.Join(outputDir, "output.yaml") // Ensure the directory exists err = os.MkdirAll(outputDir, os.ModePerm) From 5a2fca6e64256e2b85fd48d2683edae9e26e6da6 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Tue, 22 Oct 2024 18:08:05 +0100 Subject: [PATCH 05/35] Adjust struct names and yaml tags to ensure valid serialization --- magefiles/translate.go | 72 ++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 40024943..0da3b045 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -49,38 +49,37 @@ import ( ) type AtomicSchema struct { - AttackTechnique string `yaml:"attack_technique"` - DisplayName string `yaml:"display_name"` - AtomicTests []Test `yaml:"atomic_tests"` + AttackTechnique string `yaml:"attack_technique"` + DisplayName string `yaml:"display_name"` + AtomicTests []AtomicTest `yaml:"atomic_tests"` } // TTP represents the top-level structure for a TTP // (Tactics, Techniques, and Procedures) object. type TTP struct { - Name string `yaml:"name,omitempty"` - Description string `yaml:"description"` - Mitre Mitre - Environment map[string]string `yaml:"env,flow,omitempty"` - Steps []Step `yaml:"steps,omitempty,flow"` + Name string + Description string `yaml:"description,omitempty"` + Environment map[string]string `yaml:"env,omitempty,flow"` ArgSpecs []args.Spec `yaml:"args,omitempty,flow"` + Mitre Mitre + Steps []Step // Omit WorkDir, but expose for testing. WorkDir string `yaml:"-"` } -type Test struct { - Name string `yaml:"name"` - Description string `yaml:"description"` - SupportedPlatforms []string `yaml:"supported_platforms"` - Executor Executor `yaml:"executor"` - InputArguments map[string]InputArgument - DependencyExecutorName string `yaml:"dependency_executor_name"` +type AtomicTest struct { + Name string `yaml:"name"` + Description string `yaml:"description"` + SupportedPlatforms []string `yaml:"supported_platforms"` + Executor AtomicTestExecutor `yaml:"executor"` + DependencyExecutorName string `yaml:"dependency_executor_name"` Dependencies []Dependency + InputArguments map[string]InputArgument } -type Executor struct { - Name string +type AtomicTestExecutor struct { + Name string `yaml:"name,omitempty"` Command string - Steps string CleanupCommand string `yaml:"cleanup_command"` } @@ -97,27 +96,29 @@ type Dependency struct { } type Mitre struct { - Tactics *[]string - Techniques []string - Subtechniques *[]string + // TODO: Find tactics by technique from Mitre data + Tactics []string `yaml:"tactics,omitempty"` + Techniques []string `yaml:"techniques,omitempty"` + Subtechniques []string `yaml:"subtechniques,omitempty"` } type Step struct { - Name string - Inline string - Cleanup CleanupAct - Args []Spec + Name string `yaml:"name"` + Inline string `yaml:"inline,omitempty"` + Executor string `yaml:"executor,omitempty"` + Cleanup CleanupAction `yaml:"cleanup,omitempty"` + Args []ArgumentSpec `yaml:"args,omitempty,flow"` } -type CleanupAct struct { +type CleanupAction struct { Inline string } -type Spec struct { - Name string - Type string - Default string - Description string +type ArgumentSpec struct { + Name string `yaml:"name"` + Type string `yaml:"type,omitempty"` + Default string `yaml:"default,omitempty"` + Description string `yaml:"description,omitempty"` } func ConvertSchema(atomic AtomicSchema) TTP { @@ -128,16 +129,17 @@ func ConvertSchema(atomic AtomicSchema) TTP { for _, test := range atomic.AtomicTests { step := Step{ - Name: formatStepName(test.Name), - Inline: test.Executor.Command, - Cleanup: CleanupAct{ + Name: formatStepName(test.Name), + Inline: test.Executor.Command, + Executor: test.Executor.Name, + Cleanup: CleanupAction{ Inline: test.Executor.CleanupCommand, }, } // Populate Args for each step from the test's InputArguments for argName, inputArg := range test.InputArguments { - spec := Spec{ + spec := ArgumentSpec{ Name: argName, Type: inputArg.Type, Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string From 093823098c36fa583b79357bee6a6a4640dc9568 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 08:35:57 +0100 Subject: [PATCH 06/35] Produce many resulting TTPForge files from one Atomic YAML --- magefiles/translate.go | 131 ++++++++++++++++++++--------------------- 1 file changed, 65 insertions(+), 66 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 0da3b045..1669ada4 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -17,25 +17,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/* -Copyright © 2023-present, Meta Platforms, Inc. and affiliates -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. -*/ - package main import ( @@ -56,11 +37,12 @@ type AtomicSchema struct { // TTP represents the top-level structure for a TTP // (Tactics, Techniques, and Procedures) object. +// TODO: Replace with existing TTP struct type TTP struct { Name string Description string `yaml:"description,omitempty"` Environment map[string]string `yaml:"env,omitempty,flow"` - ArgSpecs []args.Spec `yaml:"args,omitempty,flow"` + Args []args.Spec `yaml:"args,omitempty,flow"` Mitre Mitre Steps []Step // Omit WorkDir, but expose for testing. @@ -68,16 +50,18 @@ type TTP struct { } type AtomicTest struct { - Name string `yaml:"name"` - Description string `yaml:"description"` - SupportedPlatforms []string `yaml:"supported_platforms"` - Executor AtomicTestExecutor `yaml:"executor"` - DependencyExecutorName string `yaml:"dependency_executor_name"` - Dependencies []Dependency - InputArguments map[string]InputArgument + Name string `yaml:"name"` + Description string `yaml:"description,omitempty"` + SupportedPlatforms []string `yaml:"supported_platforms,omitempty"` + Executor AtomicTestExecutor `yaml:"executor"` + Dependencies []Dependency + // TODO: Ignore it completely? + DependencyExecutorName string `yaml:"dependency_executor_name"` + InputArguments map[string]InputArgument `yaml:"input_arguments,omitempty,flow"` } type AtomicTestExecutor struct { + // TODO: Use existing Executor Enum Name string `yaml:"name,omitempty"` Command string CleanupCommand string `yaml:"cleanup_command"` @@ -97,17 +81,16 @@ type Dependency struct { type Mitre struct { // TODO: Find tactics by technique from Mitre data - Tactics []string `yaml:"tactics,omitempty"` + Tactics []string `yaml:"tactics"` Techniques []string `yaml:"techniques,omitempty"` Subtechniques []string `yaml:"subtechniques,omitempty"` } type Step struct { - Name string `yaml:"name"` - Inline string `yaml:"inline,omitempty"` - Executor string `yaml:"executor,omitempty"` - Cleanup CleanupAction `yaml:"cleanup,omitempty"` - Args []ArgumentSpec `yaml:"args,omitempty,flow"` + Name string `yaml:"name"` + Inline string `yaml:"inline,omitempty"` + Executor string `yaml:"executor,omitempty"` + Cleanup CleanupAction `yaml:"cleanup,omitempty"` } type CleanupAction struct { @@ -121,37 +104,45 @@ type ArgumentSpec struct { Description string `yaml:"description,omitempty"` } -func ConvertSchema(atomic AtomicSchema) TTP { - var ttp TTP - ttp.Name = formatStepName(atomic.DisplayName) - ttp.Description = atomic.DisplayName - ttp.Mitre.Techniques = append(ttp.Mitre.Techniques, atomic.AttackTechnique) +func ConvertSchema(atomic AtomicSchema) []TTP { + result := make([]TTP, len(atomic.AtomicTests)) for _, test := range atomic.AtomicTests { + ttp := TTP{ + Name: test.Name, + Description: test.Description, + Mitre: Mitre{ + Techniques: []string{atomic.AttackTechnique}, + Tactics: []string{}, + Subtechniques: []string{}, + }, + } step := Step{ Name: formatStepName(test.Name), - Inline: test.Executor.Command, + Inline: replaceArgumentPlaceholders(test.Executor.Command), Executor: test.Executor.Name, Cleanup: CleanupAction{ Inline: test.Executor.CleanupCommand, }, } + ttp.Steps = append(ttp.Steps, step) // Populate Args for each step from the test's InputArguments for argName, inputArg := range test.InputArguments { - spec := ArgumentSpec{ - Name: argName, - Type: inputArg.Type, - Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string - Description: inputArg.Description, + spec := args.Spec{ + Name: argName, + Type: inputArg.Type, + Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string + // Description: inputArg.Description, } - step.Args = append(step.Args, spec) + ttp.Args = append(ttp.Args, spec) } - ttp.Steps = append(ttp.Steps, step) + // TODO: Each atomic test is a separate file in TTPForge world + result = append(result, ttp) } - return ttp + return result } // copyDir copies a whole directory recursively @@ -193,6 +184,12 @@ func formatStepName(name string) string { return name } +func replaceArgumentPlaceholders(inline string) string { + result := strings.ReplaceAll(inline, "#{", "{{") + result = strings.ReplaceAll(result, "}", "}}") + return result +} + // ConvertYAMLSchema reads from a provided TTP path, converts its schema, and writes the result to the specified output path func ConvertYAMLSchema(ttpPath string) error { if ttpPath == "" { @@ -212,17 +209,10 @@ func ConvertYAMLSchema(ttpPath string) error { return err } - target := ConvertSchema(atomic) - - // Convert to YAML - result, err := yaml.Marshal(&target) - if err != nil { - return err - } + targetTtpList := ConvertSchema(atomic) // Write to the specified output path outputDir := ttpPath - outputFilePath := filepath.Join(outputDir, "output.yaml") // Ensure the directory exists err = os.MkdirAll(outputDir, os.ModePerm) @@ -230,21 +220,30 @@ func ConvertYAMLSchema(ttpPath string) error { return err } - err = os.WriteFile(outputFilePath, result, os.ModePerm) - if err != nil { - return err - } + // Convert to YAML files all tests + for _, target := range targetTtpList { + result, err := yaml.Marshal(&target) + if err != nil { + return err + } + outputFilePath := filepath.Join(outputDir, fmt.Sprintf("%v.yaml", target.Name)) - // Check if "src" directory exists in the original location and copy it to the destination if it does - srcPath := filepath.Join(ttpPath, "src") - _, err = os.Stat(srcPath) - if err == nil { - // Directory exists, copy it - destSrcPath := filepath.Join(outputDir, "src") - err = copyDir(srcPath, destSrcPath) + err = os.WriteFile(outputFilePath, result, os.ModePerm) if err != nil { return err } + + // Check if "src" directory exists in the original location and copy it to the destination if it does + srcPath := filepath.Join(ttpPath, "src") + _, err = os.Stat(srcPath) + if err == nil { + // Directory exists, copy it + destSrcPath := filepath.Join(outputDir, "src") + err = copyDir(srcPath, destSrcPath) + if err != nil { + return err + } + } } return nil From f054c5fcd0fa0a44fd607b23e8d136f5a17567fa Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 09:22:14 +0100 Subject: [PATCH 07/35] Take care of arguments in clean up instructions; Properly serialize Args --- magefiles/translate.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 1669ada4..268d4ce0 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -42,7 +42,7 @@ type TTP struct { Name string Description string `yaml:"description,omitempty"` Environment map[string]string `yaml:"env,omitempty,flow"` - Args []args.Spec `yaml:"args,omitempty,flow"` + Args []args.Spec `yaml:"args,omitempty"` Mitre Mitre Steps []Step // Omit WorkDir, but expose for testing. @@ -122,7 +122,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { Inline: replaceArgumentPlaceholders(test.Executor.Command), Executor: test.Executor.Name, Cleanup: CleanupAction{ - Inline: test.Executor.CleanupCommand, + Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand), }, } ttp.Steps = append(ttp.Steps, step) From 3c29a97f1058b762d4dc2d8ca8889026e2961b2c Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 11:33:20 +0100 Subject: [PATCH 08/35] Convert argument placeholders to TTPForge format --- magefiles/translate.go | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 268d4ce0..206f2f16 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -81,7 +81,7 @@ type Dependency struct { type Mitre struct { // TODO: Find tactics by technique from Mitre data - Tactics []string `yaml:"tactics"` + Tactics []string `yaml:"tactics,omitempty"` Techniques []string `yaml:"techniques,omitempty"` Subtechniques []string `yaml:"subtechniques,omitempty"` } @@ -117,17 +117,9 @@ func ConvertSchema(atomic AtomicSchema) []TTP { Subtechniques: []string{}, }, } - step := Step{ - Name: formatStepName(test.Name), - Inline: replaceArgumentPlaceholders(test.Executor.Command), - Executor: test.Executor.Name, - Cleanup: CleanupAction{ - Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand), - }, - } - ttp.Steps = append(ttp.Steps, step) // Populate Args for each step from the test's InputArguments + argumentReplacements := make(map[string]string, len(test.InputArguments)) for argName, inputArg := range test.InputArguments { spec := args.Spec{ Name: argName, @@ -136,8 +128,20 @@ func ConvertSchema(atomic AtomicSchema) []TTP { // Description: inputArg.Description, } ttp.Args = append(ttp.Args, spec) + argPlaceholder := fmt.Sprintf("#{%v}", argName) + argumentReplacements[argPlaceholder] = fmt.Sprintf("{{.Args.%v}}", argName) } + step := Step{ + Name: formatStepName(test.Name), + Inline: replaceArgumentPlaceholders(test.Executor.Command, argumentReplacements), + Executor: test.Executor.Name, + Cleanup: CleanupAction{ + Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements), + }, + } + ttp.Steps = append(ttp.Steps, step) + // TODO: Each atomic test is a separate file in TTPForge world result = append(result, ttp) } @@ -184,10 +188,11 @@ func formatStepName(name string) string { return name } -func replaceArgumentPlaceholders(inline string) string { - result := strings.ReplaceAll(inline, "#{", "{{") - result = strings.ReplaceAll(result, "}", "}}") - return result +func replaceArgumentPlaceholders(inline string, replacements map[string]string) string { + for old, new := range replacements { + inline = strings.ReplaceAll(inline, old, new) + } + return inline } // ConvertYAMLSchema reads from a provided TTP path, converts its schema, and writes the result to the specified output path From 4791fa7c988584f058f392488a84ba2b1f15def2 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 13:51:09 +0100 Subject: [PATCH 09/35] Added a map of Mitre Techniques to Tactics --- magefiles/ttp_map.json | 2550 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2550 insertions(+) create mode 100644 magefiles/ttp_map.json diff --git a/magefiles/ttp_map.json b/magefiles/ttp_map.json new file mode 100644 index 00000000..0a4cd57e --- /dev/null +++ b/magefiles/ttp_map.json @@ -0,0 +1,2550 @@ +{ + "T1001": { + "full_name": "T1001: Data Obfuscation", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1001.001": { + "full_name": "T1001.001: Junk Data", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1001.002": { + "full_name": "T1001.002: Steganography", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1001.003": { + "full_name": "T1001.003: Protocol Impersonation", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1003": { + "full_name": "T1003: OS Credential Dumping", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.001": { + "full_name": "T1003.001: LSASS Memory", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.002": { + "full_name": "T1003.002: Security Account Manager", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.003": { + "full_name": "T1003.003: NTDS", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.004": { + "full_name": "T1003.004: LSA Secrets", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.005": { + "full_name": "T1003.005: Cached Domain Credentials", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.006": { + "full_name": "T1003.006: DCSync", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.007": { + "full_name": "T1003.007: Proc Filesystem", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.008": { + "full_name": "T1003.008: /etc/passwd and /etc/shadow", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1005": { + "full_name": "T1005: Data from Local System", + "tactic_full_name": "TA0009: Collection" + }, + "T1006": { + "full_name": "T1006: Direct Volume Access", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1007": { + "full_name": "T1007: System Service Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1008": { + "full_name": "T1008: Fallback Channels", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1010": { + "full_name": "T1010: Application Window Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1011": { + "full_name": "T1011: Exfiltration Over Other Network Medium", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1011.001": { + "full_name": "T1011.001: Exfiltration Over Bluetooth", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1012": { + "full_name": "T1012: Query Registry", + "tactic_full_name": "TA0007: Discovery" + }, + "T1014": { + "full_name": "T1014: Rootkit", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1016": { + "full_name": "T1016: System Network Configuration Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1016.001": { + "full_name": "T1016.001: Internet Connection Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1016.002": { + "full_name": "T1016.002: Wi-Fi Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1018": { + "full_name": "T1018: Remote System Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1020": { + "full_name": "T1020: Automated Exfiltration", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1020.001": { + "full_name": "T1020.001: Traffic Duplication", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1021": { + "full_name": "T1021: Remote Services", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.001": { + "full_name": "T1021.001: Remote Desktop Protocol", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.002": { + "full_name": "T1021.002: SMB/Windows Admin Shares", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.003": { + "full_name": "T1021.003: Distributed Component Object Model", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.004": { + "full_name": "T1021.004: SSH", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.005": { + "full_name": "T1021.005: VNC", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.006": { + "full_name": "T1021.006: Windows Remote Management", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.007": { + "full_name": "T1021.007: Cloud Services", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.008": { + "full_name": "T1021.008: Direct Cloud VM Connections", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1025": { + "full_name": "T1025: Data from Removable Media", + "tactic_full_name": "TA0009: Collection" + }, + "T1027": { + "full_name": "T1027: Obfuscated Files or Information", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.001": { + "full_name": "T1027.001: Binary Padding", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.002": { + "full_name": "T1027.002: Software Packing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.003": { + "full_name": "T1027.003: Steganography", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.004": { + "full_name": "T1027.004: Compile After Delivery", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.005": { + "full_name": "T1027.005: Indicator Removal from Tools", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.006": { + "full_name": "T1027.006: HTML Smuggling", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.007": { + "full_name": "T1027.007: Dynamic API Resolution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.008": { + "full_name": "T1027.008: Stripped Payloads", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.009": { + "full_name": "T1027.009: Embedded Payloads", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.010": { + "full_name": "T1027.010: Command Obfuscation", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.011": { + "full_name": "T1027.011: Fileless Storage", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.012": { + "full_name": "T1027.012: LNK Icon Smuggling", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.013": { + "full_name": "T1027.013: Encrypted/Encoded File", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1029": { + "full_name": "T1029: Scheduled Transfer", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1030": { + "full_name": "T1030: Data Transfer Size Limits", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1033": { + "full_name": "T1033: System Owner/User Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1036": { + "full_name": "T1036: Masquerading", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.001": { + "full_name": "T1036.001: Invalid Code Signature", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.002": { + "full_name": "T1036.002: Right-to-Left Override", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.003": { + "full_name": "T1036.003: Rename System Utilities", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.004": { + "full_name": "T1036.004: Masquerade Task or Service", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.005": { + "full_name": "T1036.005: Match Legitimate Name or Location", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.006": { + "full_name": "T1036.006: Space after Filename", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.007": { + "full_name": "T1036.007: Double File Extension", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.008": { + "full_name": "T1036.008: Masquerade File Type", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.009": { + "full_name": "T1036.009: Break Process Trees", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1037": { + "full_name": "T1037: Boot or Logon Initialization Scripts", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.001": { + "full_name": "T1037.001: Logon Script (Windows)", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.002": { + "full_name": "T1037.002: Login Hook", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.003": { + "full_name": "T1037.003: Network Logon Script", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.004": { + "full_name": "T1037.004: RC Scripts", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.005": { + "full_name": "T1037.005: Startup Items", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1039": { + "full_name": "T1039: Data from Network Shared Drive", + "tactic_full_name": "TA0009: Collection" + }, + "T1040": { + "full_name": "T1040: Network Sniffing", + "tactic_full_name": "TA0006: Credential Access, TA0007: Discovery" + }, + "T1041": { + "full_name": "T1041: Exfiltration Over C2 Channel", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1046": { + "full_name": "T1046: Network Service Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1047": { + "full_name": "T1047: Windows Management Instrumentation", + "tactic_full_name": "TA0002: Execution" + }, + "T1048": { + "full_name": "T1048: Exfiltration Over Alternative Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1048.001": { + "full_name": "T1048.001: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1048.002": { + "full_name": "T1048.002: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1048.003": { + "full_name": "T1048.003: Exfiltration Over Unencrypted Non-C2 Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1049": { + "full_name": "T1049: System Network Connections Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1052": { + "full_name": "T1052: Exfiltration Over Physical Medium", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1052.001": { + "full_name": "T1052.001: Exfiltration over USB", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1053": { + "full_name": "T1053: Scheduled Task/Job", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.002": { + "full_name": "T1053.002: At", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.003": { + "full_name": "T1053.003: Cron", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.005": { + "full_name": "T1053.005: Scheduled Task", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.006": { + "full_name": "T1053.006: Systemd Timers", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.007": { + "full_name": "T1053.007: Container Orchestration Job", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1055": { + "full_name": "T1055: Process Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.001": { + "full_name": "T1055.001: Dynamic-link Library Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.002": { + "full_name": "T1055.002: Portable Executable Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.003": { + "full_name": "T1055.003: Thread Execution Hijacking", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.004": { + "full_name": "T1055.004: Asynchronous Procedure Call", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.005": { + "full_name": "T1055.005: Thread Local Storage", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.008": { + "full_name": "T1055.008: Ptrace System Calls", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.009": { + "full_name": "T1055.009: Proc Memory", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.011": { + "full_name": "T1055.011: Extra Window Memory Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.012": { + "full_name": "T1055.012: Process Hollowing", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.013": { + "full_name": "T1055.013: Process Doppelg\u00e4nging", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.014": { + "full_name": "T1055.014: VDSO Hijacking", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.015": { + "full_name": "T1055.015: ListPlanting", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1056": { + "full_name": "T1056: Input Capture", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.001": { + "full_name": "T1056.001: Keylogging", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.002": { + "full_name": "T1056.002: GUI Input Capture", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.003": { + "full_name": "T1056.003: Web Portal Capture", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.004": { + "full_name": "T1056.004: Credential API Hooking", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1057": { + "full_name": "T1057: Process Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1059": { + "full_name": "T1059: Command and Scripting Interpreter", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.001": { + "full_name": "T1059.001: PowerShell", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.002": { + "full_name": "T1059.002: AppleScript", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.003": { + "full_name": "T1059.003: Windows Command Shell", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.004": { + "full_name": "T1059.004: Unix Shell", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.005": { + "full_name": "T1059.005: Visual Basic", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.006": { + "full_name": "T1059.006: Python", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.007": { + "full_name": "T1059.007: JavaScript", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.008": { + "full_name": "T1059.008: Network Device CLI", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.009": { + "full_name": "T1059.009: Cloud API", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.010": { + "full_name": "T1059.010: AutoHotKey & AutoIT", + "tactic_full_name": "TA0002: Execution" + }, + "T1068": { + "full_name": "T1068: Exploitation for Privilege Escalation", + "tactic_full_name": "TA0004: Privilege Escalation" + }, + "T1069": { + "full_name": "T1069: Permission Groups Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1069.001": { + "full_name": "T1069.001: Local Groups", + "tactic_full_name": "TA0007: Discovery" + }, + "T1069.002": { + "full_name": "T1069.002: Domain Groups", + "tactic_full_name": "TA0007: Discovery" + }, + "T1069.003": { + "full_name": "T1069.003: Cloud Groups", + "tactic_full_name": "TA0007: Discovery" + }, + "T1070": { + "full_name": "T1070: Indicator Removal", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.001": { + "full_name": "T1070.001: Clear Windows Event Logs", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.002": { + "full_name": "T1070.002: Clear Linux or Mac System Logs", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.003": { + "full_name": "T1070.003: Clear Command History", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.004": { + "full_name": "T1070.004: File Deletion", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.005": { + "full_name": "T1070.005: Network Share Connection Removal", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.006": { + "full_name": "T1070.006: Timestomp", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.007": { + "full_name": "T1070.007: Clear Network Connection History and Configurations", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.008": { + "full_name": "T1070.008: Clear Mailbox Data", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.009": { + "full_name": "T1070.009: Clear Persistence", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1071": { + "full_name": "T1071: Application Layer Protocol", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.001": { + "full_name": "T1071.001: Web Protocols", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.002": { + "full_name": "T1071.002: File Transfer Protocols", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.003": { + "full_name": "T1071.003: Mail Protocols", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.004": { + "full_name": "T1071.004: DNS", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1072": { + "full_name": "T1072: Software Deployment Tools", + "tactic_full_name": "TA0002: Execution, TA0008: Lateral Movement" + }, + "T1074": { + "full_name": "T1074: Data Staged", + "tactic_full_name": "TA0009: Collection" + }, + "T1074.001": { + "full_name": "T1074.001: Local Data Staging", + "tactic_full_name": "TA0009: Collection" + }, + "T1074.002": { + "full_name": "T1074.002: Remote Data Staging", + "tactic_full_name": "TA0009: Collection" + }, + "T1078": { + "full_name": "T1078: Valid Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.001": { + "full_name": "T1078.001: Default Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.002": { + "full_name": "T1078.002: Domain Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.003": { + "full_name": "T1078.003: Local Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.004": { + "full_name": "T1078.004: Cloud Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1080": { + "full_name": "T1080: Taint Shared Content", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1082": { + "full_name": "T1082: System Information Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1083": { + "full_name": "T1083: File and Directory Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087": { + "full_name": "T1087: Account Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.001": { + "full_name": "T1087.001: Local Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.002": { + "full_name": "T1087.002: Domain Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.003": { + "full_name": "T1087.003: Email Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.004": { + "full_name": "T1087.004: Cloud Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1090": { + "full_name": "T1090: Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.001": { + "full_name": "T1090.001: Internal Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.002": { + "full_name": "T1090.002: External Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.003": { + "full_name": "T1090.003: Multi-hop Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.004": { + "full_name": "T1090.004: Domain Fronting", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1091": { + "full_name": "T1091: Replication Through Removable Media", + "tactic_full_name": "TA0008: Lateral Movement, TA0001: Initial Access" + }, + "T1092": { + "full_name": "T1092: Communication Through Removable Media", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1095": { + "full_name": "T1095: Non-Application Layer Protocol", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1098": { + "full_name": "T1098: Account Manipulation", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.001": { + "full_name": "T1098.001: Additional Cloud Credentials", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.002": { + "full_name": "T1098.002: Additional Email Delegate Permissions", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.003": { + "full_name": "T1098.003: Additional Cloud Roles", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.004": { + "full_name": "T1098.004: SSH Authorized Keys", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.005": { + "full_name": "T1098.005: Device Registration", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.006": { + "full_name": "T1098.006: Additional Container Cluster Roles", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1102": { + "full_name": "T1102: Web Service", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1102.001": { + "full_name": "T1102.001: Dead Drop Resolver", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1102.002": { + "full_name": "T1102.002: Bidirectional Communication", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1102.003": { + "full_name": "T1102.003: One-Way Communication", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1104": { + "full_name": "T1104: Multi-Stage Channels", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1105": { + "full_name": "T1105: Ingress Tool Transfer", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1106": { + "full_name": "T1106: Native API", + "tactic_full_name": "TA0002: Execution" + }, + "T1110": { + "full_name": "T1110: Brute Force", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.001": { + "full_name": "T1110.001: Password Guessing", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.002": { + "full_name": "T1110.002: Password Cracking", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.003": { + "full_name": "T1110.003: Password Spraying", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.004": { + "full_name": "T1110.004: Credential Stuffing", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1111": { + "full_name": "T1111: Multi-Factor Authentication Interception", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1112": { + "full_name": "T1112: Modify Registry", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1113": { + "full_name": "T1113: Screen Capture", + "tactic_full_name": "TA0009: Collection" + }, + "T1114": { + "full_name": "T1114: Email Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1114.001": { + "full_name": "T1114.001: Local Email Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1114.002": { + "full_name": "T1114.002: Remote Email Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1114.003": { + "full_name": "T1114.003: Email Forwarding Rule", + "tactic_full_name": "TA0009: Collection" + }, + "T1115": { + "full_name": "T1115: Clipboard Data", + "tactic_full_name": "TA0009: Collection" + }, + "T1119": { + "full_name": "T1119: Automated Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1120": { + "full_name": "T1120: Peripheral Device Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1123": { + "full_name": "T1123: Audio Capture", + "tactic_full_name": "TA0009: Collection" + }, + "T1124": { + "full_name": "T1124: System Time Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1125": { + "full_name": "T1125: Video Capture", + "tactic_full_name": "TA0009: Collection" + }, + "T1127": { + "full_name": "T1127: Trusted Developer Utilities Proxy Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1127.001": { + "full_name": "T1127.001: MSBuild", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1129": { + "full_name": "T1129: Shared Modules", + "tactic_full_name": "TA0002: Execution" + }, + "T1132": { + "full_name": "T1132: Data Encoding", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1132.001": { + "full_name": "T1132.001: Standard Encoding", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1132.002": { + "full_name": "T1132.002: Non-Standard Encoding", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1133": { + "full_name": "T1133: External Remote Services", + "tactic_full_name": "TA0003: Persistence, TA0001: Initial Access" + }, + "T1134": { + "full_name": "T1134: Access Token Manipulation", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.001": { + "full_name": "T1134.001: Token Impersonation/Theft", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.002": { + "full_name": "T1134.002: Create Process with Token", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.003": { + "full_name": "T1134.003: Make and Impersonate Token", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.004": { + "full_name": "T1134.004: Parent PID Spoofing", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.005": { + "full_name": "T1134.005: SID-History Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1135": { + "full_name": "T1135: Network Share Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1136": { + "full_name": "T1136: Create Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1136.001": { + "full_name": "T1136.001: Local Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1136.002": { + "full_name": "T1136.002: Domain Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1136.003": { + "full_name": "T1136.003: Cloud Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137": { + "full_name": "T1137: Office Application Startup", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.001": { + "full_name": "T1137.001: Office Template Macros", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.002": { + "full_name": "T1137.002: Office Test", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.003": { + "full_name": "T1137.003: Outlook Forms", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.004": { + "full_name": "T1137.004: Outlook Home Page", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.005": { + "full_name": "T1137.005: Outlook Rules", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.006": { + "full_name": "T1137.006: Add-ins", + "tactic_full_name": "TA0003: Persistence" + }, + "T1140": { + "full_name": "T1140: Deobfuscate/Decode Files or Information", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1176": { + "full_name": "T1176: Browser Extensions", + "tactic_full_name": "TA0003: Persistence" + }, + "T1185": { + "full_name": "T1185: Browser Session Hijacking", + "tactic_full_name": "TA0009: Collection" + }, + "T1187": { + "full_name": "T1187: Forced Authentication", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1189": { + "full_name": "T1189: Drive-by Compromise", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1190": { + "full_name": "T1190: Exploit Public-Facing Application", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195": { + "full_name": "T1195: Supply Chain Compromise", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195.001": { + "full_name": "T1195.001: Compromise Software Dependencies and Development Tools", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195.002": { + "full_name": "T1195.002: Compromise Software Supply Chain", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195.003": { + "full_name": "T1195.003: Compromise Hardware Supply Chain", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1197": { + "full_name": "T1197: BITS Jobs", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1199": { + "full_name": "T1199: Trusted Relationship", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1200": { + "full_name": "T1200: Hardware Additions", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1201": { + "full_name": "T1201: Password Policy Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1202": { + "full_name": "T1202: Indirect Command Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1203": { + "full_name": "T1203: Exploitation for Client Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1204": { + "full_name": "T1204: User Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1204.001": { + "full_name": "T1204.001: Malicious Link", + "tactic_full_name": "TA0002: Execution" + }, + "T1204.002": { + "full_name": "T1204.002: Malicious File", + "tactic_full_name": "TA0002: Execution" + }, + "T1204.003": { + "full_name": "T1204.003: Malicious Image", + "tactic_full_name": "TA0002: Execution" + }, + "T1205": { + "full_name": "T1205: Traffic Signaling", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" + }, + "T1205.001": { + "full_name": "T1205.001: Port Knocking", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" + }, + "T1205.002": { + "full_name": "T1205.002: Socket Filters", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" + }, + "T1207": { + "full_name": "T1207: Rogue Domain Controller", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1210": { + "full_name": "T1210: Exploitation of Remote Services", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1211": { + "full_name": "T1211: Exploitation for Defense Evasion", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1212": { + "full_name": "T1212: Exploitation for Credential Access", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1213": { + "full_name": "T1213: Data from Information Repositories", + "tactic_full_name": "TA0009: Collection" + }, + "T1213.001": { + "full_name": "T1213.001: Confluence", + "tactic_full_name": "TA0009: Collection" + }, + "T1213.002": { + "full_name": "T1213.002: Sharepoint", + "tactic_full_name": "TA0009: Collection" + }, + "T1213.003": { + "full_name": "T1213.003: Code Repositories", + "tactic_full_name": "TA0009: Collection" + }, + "T1216": { + "full_name": "T1216: System Script Proxy Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1216.001": { + "full_name": "T1216.001: PubPrn", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1216.002": { + "full_name": "T1216.002: SyncAppvPublishingServer", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1217": { + "full_name": "T1217: Browser Information Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1218": { + "full_name": "T1218: System Binary Proxy Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.001": { + "full_name": "T1218.001: Compiled HTML File", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.002": { + "full_name": "T1218.002: Control Panel", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.003": { + "full_name": "T1218.003: CMSTP", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.004": { + "full_name": "T1218.004: InstallUtil", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.005": { + "full_name": "T1218.005: Mshta", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.007": { + "full_name": "T1218.007: Msiexec", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.008": { + "full_name": "T1218.008: Odbcconf", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.009": { + "full_name": "T1218.009: Regsvcs/Regasm", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.010": { + "full_name": "T1218.010: Regsvr32", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.011": { + "full_name": "T1218.011: Rundll32", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.012": { + "full_name": "T1218.012: Verclsid", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.013": { + "full_name": "T1218.013: Mavinject", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.014": { + "full_name": "T1218.014: MMC", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.015": { + "full_name": "T1218.015: Electron Applications", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1219": { + "full_name": "T1219: Remote Access Software", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1220": { + "full_name": "T1220: XSL Script Processing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1221": { + "full_name": "T1221: Template Injection", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1222": { + "full_name": "T1222: File and Directory Permissions Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1222.001": { + "full_name": "T1222.001: Windows File and Directory Permissions Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1222.002": { + "full_name": "T1222.002: Linux and Mac File and Directory Permissions Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1480": { + "full_name": "T1480: Execution Guardrails", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1480.001": { + "full_name": "T1480.001: Environmental Keying", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1482": { + "full_name": "T1482: Domain Trust Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1484": { + "full_name": "T1484: Domain or Tenant Policy Modification", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1484.001": { + "full_name": "T1484.001: Group Policy Modification", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1484.002": { + "full_name": "T1484.002: Trust Modification", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1485": { + "full_name": "T1485: Data Destruction", + "tactic_full_name": "TA0040: Impact" + }, + "T1486": { + "full_name": "T1486: Data Encrypted for Impact", + "tactic_full_name": "TA0040: Impact" + }, + "T1489": { + "full_name": "T1489: Service Stop", + "tactic_full_name": "TA0040: Impact" + }, + "T1490": { + "full_name": "T1490: Inhibit System Recovery", + "tactic_full_name": "TA0040: Impact" + }, + "T1491": { + "full_name": "T1491: Defacement", + "tactic_full_name": "TA0040: Impact" + }, + "T1491.001": { + "full_name": "T1491.001: Internal Defacement", + "tactic_full_name": "TA0040: Impact" + }, + "T1491.002": { + "full_name": "T1491.002: External Defacement", + "tactic_full_name": "TA0040: Impact" + }, + "T1495": { + "full_name": "T1495: Firmware Corruption", + "tactic_full_name": "TA0040: Impact" + }, + "T1496": { + "full_name": "T1496: Resource Hijacking", + "tactic_full_name": "TA0040: Impact" + }, + "T1497": { + "full_name": "T1497: Virtualization/Sandbox Evasion", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1497.001": { + "full_name": "T1497.001: System Checks", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1497.002": { + "full_name": "T1497.002: User Activity Based Checks", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1497.003": { + "full_name": "T1497.003: Time Based Evasion", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1498": { + "full_name": "T1498: Network Denial of Service", + "tactic_full_name": "TA0040: Impact" + }, + "T1498.001": { + "full_name": "T1498.001: Direct Network Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1498.002": { + "full_name": "T1498.002: Reflection Amplification", + "tactic_full_name": "TA0040: Impact" + }, + "T1499": { + "full_name": "T1499: Endpoint Denial of Service", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.001": { + "full_name": "T1499.001: OS Exhaustion Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.002": { + "full_name": "T1499.002: Service Exhaustion Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.003": { + "full_name": "T1499.003: Application Exhaustion Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.004": { + "full_name": "T1499.004: Application or System Exploitation", + "tactic_full_name": "TA0040: Impact" + }, + "T1505": { + "full_name": "T1505: Server Software Component", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.001": { + "full_name": "T1505.001: SQL Stored Procedures", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.002": { + "full_name": "T1505.002: Transport Agent", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.003": { + "full_name": "T1505.003: Web Shell", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.004": { + "full_name": "T1505.004: IIS Components", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.005": { + "full_name": "T1505.005: Terminal Services DLL", + "tactic_full_name": "TA0003: Persistence" + }, + "T1518": { + "full_name": "T1518: Software Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1518.001": { + "full_name": "T1518.001: Security Software Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1525": { + "full_name": "T1525: Implant Internal Image", + "tactic_full_name": "TA0003: Persistence" + }, + "T1526": { + "full_name": "T1526: Cloud Service Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1528": { + "full_name": "T1528: Steal Application Access Token", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1529": { + "full_name": "T1529: System Shutdown/Reboot", + "tactic_full_name": "TA0040: Impact" + }, + "T1530": { + "full_name": "T1530: Data from Cloud Storage", + "tactic_full_name": "TA0009: Collection" + }, + "T1531": { + "full_name": "T1531: Account Access Removal", + "tactic_full_name": "TA0040: Impact" + }, + "T1534": { + "full_name": "T1534: Internal Spearphishing", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1535": { + "full_name": "T1535: Unused/Unsupported Cloud Regions", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1537": { + "full_name": "T1537: Transfer Data to Cloud Account", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1538": { + "full_name": "T1538: Cloud Service Dashboard", + "tactic_full_name": "TA0007: Discovery" + }, + "T1539": { + "full_name": "T1539: Steal Web Session Cookie", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1542": { + "full_name": "T1542: Pre-OS Boot", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1542.001": { + "full_name": "T1542.001: System Firmware", + "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" + }, + "T1542.002": { + "full_name": "T1542.002: Component Firmware", + "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" + }, + "T1542.003": { + "full_name": "T1542.003: Bootkit", + "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" + }, + "T1542.004": { + "full_name": "T1542.004: ROMMONkit", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1542.005": { + "full_name": "T1542.005: TFTP Boot", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1543": { + "full_name": "T1543: Create or Modify System Process", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.001": { + "full_name": "T1543.001: Launch Agent", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.002": { + "full_name": "T1543.002: Systemd Service", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.003": { + "full_name": "T1543.003: Windows Service", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.004": { + "full_name": "T1543.004: Launch Daemon", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.005": { + "full_name": "T1543.005: Container Service", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1546": { + "full_name": "T1546: Event Triggered Execution", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.001": { + "full_name": "T1546.001: Change Default File Association", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.002": { + "full_name": "T1546.002: Screensaver", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.003": { + "full_name": "T1546.003: Windows Management Instrumentation Event Subscription", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.004": { + "full_name": "T1546.004: Unix Shell Configuration Modification", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.005": { + "full_name": "T1546.005: Trap", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.006": { + "full_name": "T1546.006: LC_LOAD_DYLIB Addition", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.007": { + "full_name": "T1546.007: Netsh Helper DLL", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.008": { + "full_name": "T1546.008: Accessibility Features", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.009": { + "full_name": "T1546.009: AppCert DLLs", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.010": { + "full_name": "T1546.010: AppInit DLLs", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.011": { + "full_name": "T1546.011: Application Shimming", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.012": { + "full_name": "T1546.012: Image File Execution Options Injection", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.013": { + "full_name": "T1546.013: PowerShell Profile", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.014": { + "full_name": "T1546.014: Emond", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.015": { + "full_name": "T1546.015: Component Object Model Hijacking", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.016": { + "full_name": "T1546.016: Installer Packages", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1547": { + "full_name": "T1547: Boot or Logon Autostart Execution", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.001": { + "full_name": "T1547.001: Registry Run Keys / Startup Folder", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.002": { + "full_name": "T1547.002: Authentication Package", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.003": { + "full_name": "T1547.003: Time Providers", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.004": { + "full_name": "T1547.004: Winlogon Helper DLL", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.005": { + "full_name": "T1547.005: Security Support Provider", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.006": { + "full_name": "T1547.006: Kernel Modules and Extensions", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.007": { + "full_name": "T1547.007: Re-opened Applications", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.008": { + "full_name": "T1547.008: LSASS Driver", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.009": { + "full_name": "T1547.009: Shortcut Modification", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.010": { + "full_name": "T1547.010: Port Monitors", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.012": { + "full_name": "T1547.012: Print Processors", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.013": { + "full_name": "T1547.013: XDG Autostart Entries", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.014": { + "full_name": "T1547.014: Active Setup", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.015": { + "full_name": "T1547.015: Login Items", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1548": { + "full_name": "T1548: Abuse Elevation Control Mechanism", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.001": { + "full_name": "T1548.001: Setuid and Setgid", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.002": { + "full_name": "T1548.002: Bypass User Account Control", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.003": { + "full_name": "T1548.003: Sudo and Sudo Caching", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.004": { + "full_name": "T1548.004: Elevated Execution with Prompt", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.005": { + "full_name": "T1548.005: Temporary Elevated Cloud Access", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.006": { + "full_name": "T1548.006: TCC Manipulation", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1550": { + "full_name": "T1550: Use Alternate Authentication Material", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.001": { + "full_name": "T1550.001: Application Access Token", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.002": { + "full_name": "T1550.002: Pass the Hash", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.003": { + "full_name": "T1550.003: Pass the Ticket", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.004": { + "full_name": "T1550.004: Web Session Cookie", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1552": { + "full_name": "T1552: Unsecured Credentials", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.001": { + "full_name": "T1552.001: Credentials In Files", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.002": { + "full_name": "T1552.002: Credentials in Registry", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.003": { + "full_name": "T1552.003: Bash History", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.004": { + "full_name": "T1552.004: Private Keys", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.005": { + "full_name": "T1552.005: Cloud Instance Metadata API", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.006": { + "full_name": "T1552.006: Group Policy Preferences", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.007": { + "full_name": "T1552.007: Container API", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.008": { + "full_name": "T1552.008: Chat Messages", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1553": { + "full_name": "T1553: Subvert Trust Controls", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.001": { + "full_name": "T1553.001: Gatekeeper Bypass", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.002": { + "full_name": "T1553.002: Code Signing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.003": { + "full_name": "T1553.003: SIP and Trust Provider Hijacking", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.004": { + "full_name": "T1553.004: Install Root Certificate", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.005": { + "full_name": "T1553.005: Mark-of-the-Web Bypass", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.006": { + "full_name": "T1553.006: Code Signing Policy Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1554": { + "full_name": "T1554: Compromise Host Software Binary", + "tactic_full_name": "TA0003: Persistence" + }, + "T1555": { + "full_name": "T1555: Credentials from Password Stores", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.001": { + "full_name": "T1555.001: Keychain", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.002": { + "full_name": "T1555.002: Securityd Memory", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.003": { + "full_name": "T1555.003: Credentials from Web Browsers", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.004": { + "full_name": "T1555.004: Windows Credential Manager", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.005": { + "full_name": "T1555.005: Password Managers", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.006": { + "full_name": "T1555.006: Cloud Secrets Management Stores", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1556": { + "full_name": "T1556: Modify Authentication Process", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.001": { + "full_name": "T1556.001: Domain Controller Authentication", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.002": { + "full_name": "T1556.002: Password Filter DLL", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.003": { + "full_name": "T1556.003: Pluggable Authentication Modules", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.004": { + "full_name": "T1556.004: Network Device Authentication", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.005": { + "full_name": "T1556.005: Reversible Encryption", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.006": { + "full_name": "T1556.006: Multi-Factor Authentication", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.007": { + "full_name": "T1556.007: Hybrid Identity", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.008": { + "full_name": "T1556.008: Network Provider DLL", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.009": { + "full_name": "T1556.009: Conditional Access Policies", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1557": { + "full_name": "T1557: Adversary-in-the-Middle", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1557.001": { + "full_name": "T1557.001: LLMNR/NBT-NS Poisoning and SMB Relay", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1557.002": { + "full_name": "T1557.002: ARP Cache Poisoning", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1557.003": { + "full_name": "T1557.003: DHCP Spoofing", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1558": { + "full_name": "T1558: Steal or Forge Kerberos Tickets", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.001": { + "full_name": "T1558.001: Golden Ticket", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.002": { + "full_name": "T1558.002: Silver Ticket", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.003": { + "full_name": "T1558.003: Kerberoasting", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.004": { + "full_name": "T1558.004: AS-REP Roasting", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1559": { + "full_name": "T1559: Inter-Process Communication", + "tactic_full_name": "TA0002: Execution" + }, + "T1559.001": { + "full_name": "T1559.001: Component Object Model", + "tactic_full_name": "TA0002: Execution" + }, + "T1559.002": { + "full_name": "T1559.002: Dynamic Data Exchange", + "tactic_full_name": "TA0002: Execution" + }, + "T1559.003": { + "full_name": "T1559.003: XPC Services", + "tactic_full_name": "TA0002: Execution" + }, + "T1560": { + "full_name": "T1560: Archive Collected Data", + "tactic_full_name": "TA0009: Collection" + }, + "T1560.001": { + "full_name": "T1560.001: Archive via Utility", + "tactic_full_name": "TA0009: Collection" + }, + "T1560.002": { + "full_name": "T1560.002: Archive via Library", + "tactic_full_name": "TA0009: Collection" + }, + "T1560.003": { + "full_name": "T1560.003: Archive via Custom Method", + "tactic_full_name": "TA0009: Collection" + }, + "T1561": { + "full_name": "T1561: Disk Wipe", + "tactic_full_name": "TA0040: Impact" + }, + "T1561.001": { + "full_name": "T1561.001: Disk Content Wipe", + "tactic_full_name": "TA0040: Impact" + }, + "T1561.002": { + "full_name": "T1561.002: Disk Structure Wipe", + "tactic_full_name": "TA0040: Impact" + }, + "T1562": { + "full_name": "T1562: Impair Defenses", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.001": { + "full_name": "T1562.001: Disable or Modify Tools", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.002": { + "full_name": "T1562.002: Disable Windows Event Logging", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.003": { + "full_name": "T1562.003: Impair Command History Logging", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.004": { + "full_name": "T1562.004: Disable or Modify System Firewall", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.006": { + "full_name": "T1562.006: Indicator Blocking", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.007": { + "full_name": "T1562.007: Disable or Modify Cloud Firewall", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.008": { + "full_name": "T1562.008: Disable or Modify Cloud Logs", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.009": { + "full_name": "T1562.009: Safe Mode Boot", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.010": { + "full_name": "T1562.010: Downgrade Attack", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.011": { + "full_name": "T1562.011: Spoof Security Alerting", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.012": { + "full_name": "T1562.012: Disable or Modify Linux Audit System", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1563": { + "full_name": "T1563: Remote Service Session Hijacking", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1563.001": { + "full_name": "T1563.001: SSH Hijacking", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1563.002": { + "full_name": "T1563.002: RDP Hijacking", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1564": { + "full_name": "T1564: Hide Artifacts", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.001": { + "full_name": "T1564.001: Hidden Files and Directories", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.002": { + "full_name": "T1564.002: Hidden Users", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.003": { + "full_name": "T1564.003: Hidden Window", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.004": { + "full_name": "T1564.004: NTFS File Attributes", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.005": { + "full_name": "T1564.005: Hidden File System", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.006": { + "full_name": "T1564.006: Run Virtual Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.007": { + "full_name": "T1564.007: VBA Stomping", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.008": { + "full_name": "T1564.008: Email Hiding Rules", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.009": { + "full_name": "T1564.009: Resource Forking", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.010": { + "full_name": "T1564.010: Process Argument Spoofing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.011": { + "full_name": "T1564.011: Ignore Process Interrupts", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.012": { + "full_name": "T1564.012: File/Path Exclusions", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1565": { + "full_name": "T1565: Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1565.001": { + "full_name": "T1565.001: Stored Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1565.002": { + "full_name": "T1565.002: Transmitted Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1565.003": { + "full_name": "T1565.003: Runtime Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1566": { + "full_name": "T1566: Phishing", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.001": { + "full_name": "T1566.001: Spearphishing Attachment", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.002": { + "full_name": "T1566.002: Spearphishing Link", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.003": { + "full_name": "T1566.003: Spearphishing via Service", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.004": { + "full_name": "T1566.004: Spearphishing Voice", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1567": { + "full_name": "T1567: Exfiltration Over Web Service", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.001": { + "full_name": "T1567.001: Exfiltration to Code Repository", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.002": { + "full_name": "T1567.002: Exfiltration to Cloud Storage", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.003": { + "full_name": "T1567.003: Exfiltration to Text Storage Sites", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.004": { + "full_name": "T1567.004: Exfiltration Over Webhook", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1568": { + "full_name": "T1568: Dynamic Resolution", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1568.001": { + "full_name": "T1568.001: Fast Flux DNS", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1568.002": { + "full_name": "T1568.002: Domain Generation Algorithms", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1568.003": { + "full_name": "T1568.003: DNS Calculation", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1569": { + "full_name": "T1569: System Services", + "tactic_full_name": "TA0002: Execution" + }, + "T1569.001": { + "full_name": "T1569.001: Launchctl", + "tactic_full_name": "TA0002: Execution" + }, + "T1569.002": { + "full_name": "T1569.002: Service Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1570": { + "full_name": "T1570: Lateral Tool Transfer", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1571": { + "full_name": "T1571: Non-Standard Port", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1572": { + "full_name": "T1572: Protocol Tunneling", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1573": { + "full_name": "T1573: Encrypted Channel", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1573.001": { + "full_name": "T1573.001: Symmetric Cryptography", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1573.002": { + "full_name": "T1573.002: Asymmetric Cryptography", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1574": { + "full_name": "T1574: Hijack Execution Flow", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.001": { + "full_name": "T1574.001: DLL Search Order Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.002": { + "full_name": "T1574.002: DLL Side-Loading", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.004": { + "full_name": "T1574.004: Dylib Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.005": { + "full_name": "T1574.005: Executable Installer File Permissions Weakness", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.006": { + "full_name": "T1574.006: Dynamic Linker Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.007": { + "full_name": "T1574.007: Path Interception by PATH Environment Variable", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.008": { + "full_name": "T1574.008: Path Interception by Search Order Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.009": { + "full_name": "T1574.009: Path Interception by Unquoted Path", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.010": { + "full_name": "T1574.010: Services File Permissions Weakness", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.011": { + "full_name": "T1574.011: Services Registry Permissions Weakness", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.012": { + "full_name": "T1574.012: COR_PROFILER", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.013": { + "full_name": "T1574.013: KernelCallbackTable", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.014": { + "full_name": "T1574.014: AppDomainManager", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1578": { + "full_name": "T1578: Modify Cloud Compute Infrastructure", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.001": { + "full_name": "T1578.001: Create Snapshot", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.002": { + "full_name": "T1578.002: Create Cloud Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.003": { + "full_name": "T1578.003: Delete Cloud Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.004": { + "full_name": "T1578.004: Revert Cloud Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.005": { + "full_name": "T1578.005: Modify Cloud Compute Configurations", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1580": { + "full_name": "T1580: Cloud Infrastructure Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1583": { + "full_name": "T1583: Acquire Infrastructure", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.001": { + "full_name": "T1583.001: Domains", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.002": { + "full_name": "T1583.002: DNS Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.003": { + "full_name": "T1583.003: Virtual Private Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.004": { + "full_name": "T1583.004: Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.005": { + "full_name": "T1583.005: Botnet", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.006": { + "full_name": "T1583.006: Web Services", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.007": { + "full_name": "T1583.007: Serverless", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.008": { + "full_name": "T1583.008: Malvertising", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584": { + "full_name": "T1584: Compromise Infrastructure", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.001": { + "full_name": "T1584.001: Domains", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.002": { + "full_name": "T1584.002: DNS Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.003": { + "full_name": "T1584.003: Virtual Private Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.004": { + "full_name": "T1584.004: Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.005": { + "full_name": "T1584.005: Botnet", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.006": { + "full_name": "T1584.006: Web Services", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.007": { + "full_name": "T1584.007: Serverless", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.008": { + "full_name": "T1584.008: Network Devices", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585": { + "full_name": "T1585: Establish Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585.001": { + "full_name": "T1585.001: Social Media Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585.002": { + "full_name": "T1585.002: Email Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585.003": { + "full_name": "T1585.003: Cloud Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586": { + "full_name": "T1586: Compromise Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586.001": { + "full_name": "T1586.001: Social Media Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586.002": { + "full_name": "T1586.002: Email Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586.003": { + "full_name": "T1586.003: Cloud Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587": { + "full_name": "T1587: Develop Capabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.001": { + "full_name": "T1587.001: Malware", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.002": { + "full_name": "T1587.002: Code Signing Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.003": { + "full_name": "T1587.003: Digital Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.004": { + "full_name": "T1587.004: Exploits", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588": { + "full_name": "T1588: Obtain Capabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.001": { + "full_name": "T1588.001: Malware", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.002": { + "full_name": "T1588.002: Tool", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.003": { + "full_name": "T1588.003: Code Signing Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.004": { + "full_name": "T1588.004: Digital Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.005": { + "full_name": "T1588.005: Exploits", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.006": { + "full_name": "T1588.006: Vulnerabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.007": { + "full_name": "T1588.007: Artificial Intelligence", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1589": { + "full_name": "T1589: Gather Victim Identity Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1589.001": { + "full_name": "T1589.001: Credentials", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1589.002": { + "full_name": "T1589.002: Email Addresses", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1589.003": { + "full_name": "T1589.003: Employee Names", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590": { + "full_name": "T1590: Gather Victim Network Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.001": { + "full_name": "T1590.001: Domain Properties", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.002": { + "full_name": "T1590.002: DNS", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.003": { + "full_name": "T1590.003: Network Trust Dependencies", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.004": { + "full_name": "T1590.004: Network Topology", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.005": { + "full_name": "T1590.005: IP Addresses", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.006": { + "full_name": "T1590.006: Network Security Appliances", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591": { + "full_name": "T1591: Gather Victim Org Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.001": { + "full_name": "T1591.001: Determine Physical Locations", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.002": { + "full_name": "T1591.002: Business Relationships", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.003": { + "full_name": "T1591.003: Identify Business Tempo", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.004": { + "full_name": "T1591.004: Identify Roles", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592": { + "full_name": "T1592: Gather Victim Host Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.001": { + "full_name": "T1592.001: Hardware", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.002": { + "full_name": "T1592.002: Software", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.003": { + "full_name": "T1592.003: Firmware", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.004": { + "full_name": "T1592.004: Client Configurations", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593": { + "full_name": "T1593: Search Open Websites/Domains", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593.001": { + "full_name": "T1593.001: Social Media", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593.002": { + "full_name": "T1593.002: Search Engines", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593.003": { + "full_name": "T1593.003: Code Repositories", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1594": { + "full_name": "T1594: Search Victim-Owned Websites", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595": { + "full_name": "T1595: Active Scanning", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595.001": { + "full_name": "T1595.001: Scanning IP Blocks", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595.002": { + "full_name": "T1595.002: Vulnerability Scanning", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595.003": { + "full_name": "T1595.003: Wordlist Scanning", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596": { + "full_name": "T1596: Search Open Technical Databases", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.001": { + "full_name": "T1596.001: DNS/Passive DNS", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.002": { + "full_name": "T1596.002: WHOIS", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.003": { + "full_name": "T1596.003: Digital Certificates", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.004": { + "full_name": "T1596.004: CDNs", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.005": { + "full_name": "T1596.005: Scan Databases", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1597": { + "full_name": "T1597: Search Closed Sources", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1597.001": { + "full_name": "T1597.001: Threat Intel Vendors", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1597.002": { + "full_name": "T1597.002: Purchase Technical Data", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598": { + "full_name": "T1598: Phishing for Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.001": { + "full_name": "T1598.001: Spearphishing Service", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.002": { + "full_name": "T1598.002: Spearphishing Attachment", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.003": { + "full_name": "T1598.003: Spearphishing Link", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.004": { + "full_name": "T1598.004: Spearphishing Voice", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1599": { + "full_name": "T1599: Network Boundary Bridging", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1599.001": { + "full_name": "T1599.001: Network Address Translation Traversal", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1600": { + "full_name": "T1600: Weaken Encryption", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1600.001": { + "full_name": "T1600.001: Reduce Key Space", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1600.002": { + "full_name": "T1600.002: Disable Crypto Hardware", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1601": { + "full_name": "T1601: Modify System Image", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1601.001": { + "full_name": "T1601.001: Patch System Image", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1601.002": { + "full_name": "T1601.002: Downgrade System Image", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1602": { + "full_name": "T1602: Data from Configuration Repository", + "tactic_full_name": "TA0009: Collection" + }, + "T1602.001": { + "full_name": "T1602.001: SNMP (MIB Dump)", + "tactic_full_name": "TA0009: Collection" + }, + "T1602.002": { + "full_name": "T1602.002: Network Device Configuration Dump", + "tactic_full_name": "TA0009: Collection" + }, + "T1606": { + "full_name": "T1606: Forge Web Credentials", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1606.001": { + "full_name": "T1606.001: Web Cookies", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1606.002": { + "full_name": "T1606.002: SAML Tokens", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1608": { + "full_name": "T1608: Stage Capabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.001": { + "full_name": "T1608.001: Upload Malware", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.002": { + "full_name": "T1608.002: Upload Tool", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.003": { + "full_name": "T1608.003: Install Digital Certificate", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.004": { + "full_name": "T1608.004: Drive-by Target", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.005": { + "full_name": "T1608.005: Link Target", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.006": { + "full_name": "T1608.006: SEO Poisoning", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1609": { + "full_name": "T1609: Container Administration Command", + "tactic_full_name": "TA0002: Execution" + }, + "T1610": { + "full_name": "T1610: Deploy Container", + "tactic_full_name": "TA0005: Defense Evasion, TA0002: Execution" + }, + "T1611": { + "full_name": "T1611: Escape to Host", + "tactic_full_name": "TA0004: Privilege Escalation" + }, + "T1612": { + "full_name": "T1612: Build Image on Host", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1613": { + "full_name": "T1613: Container and Resource Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1614": { + "full_name": "T1614: System Location Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1614.001": { + "full_name": "T1614.001: System Language Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1615": { + "full_name": "T1615: Group Policy Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1619": { + "full_name": "T1619: Cloud Storage Object Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1620": { + "full_name": "T1620: Reflective Code Loading", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1621": { + "full_name": "T1621: Multi-Factor Authentication Request Generation", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1622": { + "full_name": "T1622: Debugger Evasion", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1647": { + "full_name": "T1647: Plist File Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1648": { + "full_name": "T1648: Serverless Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1649": { + "full_name": "T1649: Steal or Forge Authentication Certificates", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1650": { + "full_name": "T1650: Acquire Access", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1651": { + "full_name": "T1651: Cloud Administration Command", + "tactic_full_name": "TA0002: Execution" + }, + "T1652": { + "full_name": "T1652: Device Driver Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1653": { + "full_name": "T1653: Power Settings", + "tactic_full_name": "TA0003: Persistence" + }, + "T1654": { + "full_name": "T1654: Log Enumeration", + "tactic_full_name": "TA0007: Discovery" + }, + "T1656": { + "full_name": "T1656: Impersonation", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1657": { + "full_name": "T1657: Financial Theft", + "tactic_full_name": "TA0040: Impact" + }, + "T1659": { + "full_name": "T1659: Content Injection", + "tactic_full_name": "TA0001: Initial Access, TA0011: Command and Control" + }, + "T1665": { + "full_name": "T1665: Hide Infrastructure", + "tactic_full_name": "TA0011: Command and Control" + } +} \ No newline at end of file From 0a23699b65e664127f9416e9a3039dbb981cb1be Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 15:26:36 +0100 Subject: [PATCH 10/35] Read Mitre map JSON to enrich Mitre tags, properly build list of resulting TTPs --- magefiles/translate.go | 61 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 6 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 206f2f16..498de33b 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -20,6 +20,7 @@ THE SOFTWARE. package main import ( + "encoding/json" "fmt" "os" "path/filepath" @@ -80,12 +81,20 @@ type Dependency struct { } type Mitre struct { - // TODO: Find tactics by technique from Mitre data Tactics []string `yaml:"tactics,omitempty"` Techniques []string `yaml:"techniques,omitempty"` Subtechniques []string `yaml:"subtechniques,omitempty"` } +type MitreTechniqueInfo struct { + FullName string `json:"full_name"` + TacticFullNames string `json:"tactic_full_name"` +} + +type MitreMap struct { + Map map[string]MitreTechniqueInfo `json:"techniques"` +} + type Step struct { Name string `yaml:"name"` Inline string `yaml:"inline,omitempty"` @@ -107,7 +116,7 @@ type ArgumentSpec struct { func ConvertSchema(atomic AtomicSchema) []TTP { result := make([]TTP, len(atomic.AtomicTests)) - for _, test := range atomic.AtomicTests { + for i, test := range atomic.AtomicTests { ttp := TTP{ Name: test.Name, Description: test.Description, @@ -125,10 +134,11 @@ func ConvertSchema(atomic AtomicSchema) []TTP { Name: argName, Type: inputArg.Type, Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string + // TODO: bump ttpforge dependency to support description field // Description: inputArg.Description, } ttp.Args = append(ttp.Args, spec) - argPlaceholder := fmt.Sprintf("#{%v}", argName) + argPlaceholder := fmt.Sprintf("#{%s}", argName) // TODO: consider spaces argumentReplacements[argPlaceholder] = fmt.Sprintf("{{.Args.%v}}", argName) } @@ -142,8 +152,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { } ttp.Steps = append(ttp.Steps, step) - // TODO: Each atomic test is a separate file in TTPForge world - result = append(result, ttp) + result[i] = ttp } return result @@ -195,13 +204,30 @@ func replaceArgumentPlaceholders(inline string, replacements map[string]string) return inline } +// Loads local JSON file with all known Mitre tags to build a map from Technique ID to Tactic IDs +func NewMitreMap(filename string) (*MitreMap, error) { + data, err := os.ReadFile(filename) + if err != nil { + return nil, err + } + mitreMap := MitreMap{ + Map: make(map[string]MitreTechniqueInfo), + } + err = json.Unmarshal(data, &mitreMap) + if err != nil { + return nil, err + } + + return &mitreMap, nil +} + // ConvertYAMLSchema reads from a provided TTP path, converts its schema, and writes the result to the specified output path func ConvertYAMLSchema(ttpPath string) error { if ttpPath == "" { return fmt.Errorf("a valid TTP path must be provided") } - // Read the original YAML + // Read the original YAML file following the naming convention originalYAMLPath := filepath.Join(ttpPath, filepath.Base(ttpPath)+".yaml") data, err := os.ReadFile(originalYAMLPath) if err != nil { @@ -216,6 +242,29 @@ func ConvertYAMLSchema(ttpPath string) error { targetTtpList := ConvertSchema(atomic) + // Load Mitre TTP map + // TODO: figure out why the map is empty + mitreMap, err := NewMitreMap("magefiles/ttp_map.json") + if err != nil { + return err + } + fmt.Printf("Build Mitre map: %+v\n", mitreMap) + + // Populating Mitre Tactics + for _, ttp := range targetTtpList { + fmt.Printf("Processing TTP %s: %s\n", ttp.Name, ttp.Mitre.Techniques) + if len(ttp.Mitre.Techniques) != 1 { + continue + } + key := ttp.Mitre.Techniques[0] + info, ok := mitreMap.Map[key] + if ok { + fmt.Printf("Found info for %s: %+v\n", key, info) + ttp.Mitre.Tactics = strings.Split(info.TacticFullNames, ", ") + ttp.Mitre.Techniques = []string{info.FullName} + } + } + // Write to the specified output path outputDir := ttpPath From c643a5e91684d4d3d51204ba7cdaf00fbf2d1052 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 15:58:56 +0100 Subject: [PATCH 11/35] Update the mitre map JSON, populate Mitre tags --- magefiles/translate.go | 9 +- magefiles/ttp_map.json | 5096 ++++++++++++++++++++-------------------- 2 files changed, 2551 insertions(+), 2554 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 498de33b..5376fa16 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -138,7 +138,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { // Description: inputArg.Description, } ttp.Args = append(ttp.Args, spec) - argPlaceholder := fmt.Sprintf("#{%s}", argName) // TODO: consider spaces + argPlaceholder := fmt.Sprintf("#{%v}", argName) // TODO: consider spaces argumentReplacements[argPlaceholder] = fmt.Sprintf("{{.Args.%v}}", argName) } @@ -210,9 +210,7 @@ func NewMitreMap(filename string) (*MitreMap, error) { if err != nil { return nil, err } - mitreMap := MitreMap{ - Map: make(map[string]MitreTechniqueInfo), - } + var mitreMap MitreMap err = json.Unmarshal(data, &mitreMap) if err != nil { return nil, err @@ -248,18 +246,15 @@ func ConvertYAMLSchema(ttpPath string) error { if err != nil { return err } - fmt.Printf("Build Mitre map: %+v\n", mitreMap) // Populating Mitre Tactics for _, ttp := range targetTtpList { - fmt.Printf("Processing TTP %s: %s\n", ttp.Name, ttp.Mitre.Techniques) if len(ttp.Mitre.Techniques) != 1 { continue } key := ttp.Mitre.Techniques[0] info, ok := mitreMap.Map[key] if ok { - fmt.Printf("Found info for %s: %+v\n", key, info) ttp.Mitre.Tactics = strings.Split(info.TacticFullNames, ", ") ttp.Mitre.Techniques = []string{info.FullName} } diff --git a/magefiles/ttp_map.json b/magefiles/ttp_map.json index 0a4cd57e..b7ffcca7 100644 --- a/magefiles/ttp_map.json +++ b/magefiles/ttp_map.json @@ -1,2550 +1,2552 @@ { - "T1001": { - "full_name": "T1001: Data Obfuscation", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1001.001": { - "full_name": "T1001.001: Junk Data", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1001.002": { - "full_name": "T1001.002: Steganography", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1001.003": { - "full_name": "T1001.003: Protocol Impersonation", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1003": { - "full_name": "T1003: OS Credential Dumping", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.001": { - "full_name": "T1003.001: LSASS Memory", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.002": { - "full_name": "T1003.002: Security Account Manager", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.003": { - "full_name": "T1003.003: NTDS", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.004": { - "full_name": "T1003.004: LSA Secrets", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.005": { - "full_name": "T1003.005: Cached Domain Credentials", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.006": { - "full_name": "T1003.006: DCSync", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.007": { - "full_name": "T1003.007: Proc Filesystem", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1003.008": { - "full_name": "T1003.008: /etc/passwd and /etc/shadow", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1005": { - "full_name": "T1005: Data from Local System", - "tactic_full_name": "TA0009: Collection" - }, - "T1006": { - "full_name": "T1006: Direct Volume Access", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1007": { - "full_name": "T1007: System Service Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1008": { - "full_name": "T1008: Fallback Channels", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1010": { - "full_name": "T1010: Application Window Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1011": { - "full_name": "T1011: Exfiltration Over Other Network Medium", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1011.001": { - "full_name": "T1011.001: Exfiltration Over Bluetooth", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1012": { - "full_name": "T1012: Query Registry", - "tactic_full_name": "TA0007: Discovery" - }, - "T1014": { - "full_name": "T1014: Rootkit", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1016": { - "full_name": "T1016: System Network Configuration Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1016.001": { - "full_name": "T1016.001: Internet Connection Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1016.002": { - "full_name": "T1016.002: Wi-Fi Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1018": { - "full_name": "T1018: Remote System Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1020": { - "full_name": "T1020: Automated Exfiltration", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1020.001": { - "full_name": "T1020.001: Traffic Duplication", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1021": { - "full_name": "T1021: Remote Services", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.001": { - "full_name": "T1021.001: Remote Desktop Protocol", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.002": { - "full_name": "T1021.002: SMB/Windows Admin Shares", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.003": { - "full_name": "T1021.003: Distributed Component Object Model", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.004": { - "full_name": "T1021.004: SSH", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.005": { - "full_name": "T1021.005: VNC", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.006": { - "full_name": "T1021.006: Windows Remote Management", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.007": { - "full_name": "T1021.007: Cloud Services", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1021.008": { - "full_name": "T1021.008: Direct Cloud VM Connections", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1025": { - "full_name": "T1025: Data from Removable Media", - "tactic_full_name": "TA0009: Collection" - }, - "T1027": { - "full_name": "T1027: Obfuscated Files or Information", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.001": { - "full_name": "T1027.001: Binary Padding", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.002": { - "full_name": "T1027.002: Software Packing", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.003": { - "full_name": "T1027.003: Steganography", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.004": { - "full_name": "T1027.004: Compile After Delivery", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.005": { - "full_name": "T1027.005: Indicator Removal from Tools", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.006": { - "full_name": "T1027.006: HTML Smuggling", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.007": { - "full_name": "T1027.007: Dynamic API Resolution", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.008": { - "full_name": "T1027.008: Stripped Payloads", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.009": { - "full_name": "T1027.009: Embedded Payloads", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.010": { - "full_name": "T1027.010: Command Obfuscation", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.011": { - "full_name": "T1027.011: Fileless Storage", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.012": { - "full_name": "T1027.012: LNK Icon Smuggling", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1027.013": { - "full_name": "T1027.013: Encrypted/Encoded File", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1029": { - "full_name": "T1029: Scheduled Transfer", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1030": { - "full_name": "T1030: Data Transfer Size Limits", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1033": { - "full_name": "T1033: System Owner/User Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1036": { - "full_name": "T1036: Masquerading", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.001": { - "full_name": "T1036.001: Invalid Code Signature", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.002": { - "full_name": "T1036.002: Right-to-Left Override", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.003": { - "full_name": "T1036.003: Rename System Utilities", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.004": { - "full_name": "T1036.004: Masquerade Task or Service", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.005": { - "full_name": "T1036.005: Match Legitimate Name or Location", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.006": { - "full_name": "T1036.006: Space after Filename", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.007": { - "full_name": "T1036.007: Double File Extension", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.008": { - "full_name": "T1036.008: Masquerade File Type", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1036.009": { - "full_name": "T1036.009: Break Process Trees", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1037": { - "full_name": "T1037: Boot or Logon Initialization Scripts", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1037.001": { - "full_name": "T1037.001: Logon Script (Windows)", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1037.002": { - "full_name": "T1037.002: Login Hook", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1037.003": { - "full_name": "T1037.003: Network Logon Script", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1037.004": { - "full_name": "T1037.004: RC Scripts", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1037.005": { - "full_name": "T1037.005: Startup Items", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1039": { - "full_name": "T1039: Data from Network Shared Drive", - "tactic_full_name": "TA0009: Collection" - }, - "T1040": { - "full_name": "T1040: Network Sniffing", - "tactic_full_name": "TA0006: Credential Access, TA0007: Discovery" - }, - "T1041": { - "full_name": "T1041: Exfiltration Over C2 Channel", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1046": { - "full_name": "T1046: Network Service Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1047": { - "full_name": "T1047: Windows Management Instrumentation", - "tactic_full_name": "TA0002: Execution" - }, - "T1048": { - "full_name": "T1048: Exfiltration Over Alternative Protocol", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1048.001": { - "full_name": "T1048.001: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1048.002": { - "full_name": "T1048.002: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1048.003": { - "full_name": "T1048.003: Exfiltration Over Unencrypted Non-C2 Protocol", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1049": { - "full_name": "T1049: System Network Connections Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1052": { - "full_name": "T1052: Exfiltration Over Physical Medium", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1052.001": { - "full_name": "T1052.001: Exfiltration over USB", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1053": { - "full_name": "T1053: Scheduled Task/Job", - "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1053.002": { - "full_name": "T1053.002: At", - "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1053.003": { - "full_name": "T1053.003: Cron", - "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1053.005": { - "full_name": "T1053.005: Scheduled Task", - "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1053.006": { - "full_name": "T1053.006: Systemd Timers", - "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1053.007": { - "full_name": "T1053.007: Container Orchestration Job", - "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1055": { - "full_name": "T1055: Process Injection", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.001": { - "full_name": "T1055.001: Dynamic-link Library Injection", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.002": { - "full_name": "T1055.002: Portable Executable Injection", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.003": { - "full_name": "T1055.003: Thread Execution Hijacking", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.004": { - "full_name": "T1055.004: Asynchronous Procedure Call", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.005": { - "full_name": "T1055.005: Thread Local Storage", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.008": { - "full_name": "T1055.008: Ptrace System Calls", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.009": { - "full_name": "T1055.009: Proc Memory", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.011": { - "full_name": "T1055.011: Extra Window Memory Injection", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.012": { - "full_name": "T1055.012: Process Hollowing", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.013": { - "full_name": "T1055.013: Process Doppelg\u00e4nging", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.014": { - "full_name": "T1055.014: VDSO Hijacking", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1055.015": { - "full_name": "T1055.015: ListPlanting", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1056": { - "full_name": "T1056: Input Capture", - "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" - }, - "T1056.001": { - "full_name": "T1056.001: Keylogging", - "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" - }, - "T1056.002": { - "full_name": "T1056.002: GUI Input Capture", - "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" - }, - "T1056.003": { - "full_name": "T1056.003: Web Portal Capture", - "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" - }, - "T1056.004": { - "full_name": "T1056.004: Credential API Hooking", - "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" - }, - "T1057": { - "full_name": "T1057: Process Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1059": { - "full_name": "T1059: Command and Scripting Interpreter", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.001": { - "full_name": "T1059.001: PowerShell", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.002": { - "full_name": "T1059.002: AppleScript", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.003": { - "full_name": "T1059.003: Windows Command Shell", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.004": { - "full_name": "T1059.004: Unix Shell", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.005": { - "full_name": "T1059.005: Visual Basic", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.006": { - "full_name": "T1059.006: Python", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.007": { - "full_name": "T1059.007: JavaScript", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.008": { - "full_name": "T1059.008: Network Device CLI", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.009": { - "full_name": "T1059.009: Cloud API", - "tactic_full_name": "TA0002: Execution" - }, - "T1059.010": { - "full_name": "T1059.010: AutoHotKey & AutoIT", - "tactic_full_name": "TA0002: Execution" - }, - "T1068": { - "full_name": "T1068: Exploitation for Privilege Escalation", - "tactic_full_name": "TA0004: Privilege Escalation" - }, - "T1069": { - "full_name": "T1069: Permission Groups Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1069.001": { - "full_name": "T1069.001: Local Groups", - "tactic_full_name": "TA0007: Discovery" - }, - "T1069.002": { - "full_name": "T1069.002: Domain Groups", - "tactic_full_name": "TA0007: Discovery" - }, - "T1069.003": { - "full_name": "T1069.003: Cloud Groups", - "tactic_full_name": "TA0007: Discovery" - }, - "T1070": { - "full_name": "T1070: Indicator Removal", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.001": { - "full_name": "T1070.001: Clear Windows Event Logs", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.002": { - "full_name": "T1070.002: Clear Linux or Mac System Logs", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.003": { - "full_name": "T1070.003: Clear Command History", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.004": { - "full_name": "T1070.004: File Deletion", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.005": { - "full_name": "T1070.005: Network Share Connection Removal", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.006": { - "full_name": "T1070.006: Timestomp", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.007": { - "full_name": "T1070.007: Clear Network Connection History and Configurations", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.008": { - "full_name": "T1070.008: Clear Mailbox Data", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1070.009": { - "full_name": "T1070.009: Clear Persistence", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1071": { - "full_name": "T1071: Application Layer Protocol", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1071.001": { - "full_name": "T1071.001: Web Protocols", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1071.002": { - "full_name": "T1071.002: File Transfer Protocols", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1071.003": { - "full_name": "T1071.003: Mail Protocols", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1071.004": { - "full_name": "T1071.004: DNS", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1072": { - "full_name": "T1072: Software Deployment Tools", - "tactic_full_name": "TA0002: Execution, TA0008: Lateral Movement" - }, - "T1074": { - "full_name": "T1074: Data Staged", - "tactic_full_name": "TA0009: Collection" - }, - "T1074.001": { - "full_name": "T1074.001: Local Data Staging", - "tactic_full_name": "TA0009: Collection" - }, - "T1074.002": { - "full_name": "T1074.002: Remote Data Staging", - "tactic_full_name": "TA0009: Collection" - }, - "T1078": { - "full_name": "T1078: Valid Accounts", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" - }, - "T1078.001": { - "full_name": "T1078.001: Default Accounts", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" - }, - "T1078.002": { - "full_name": "T1078.002: Domain Accounts", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" - }, - "T1078.003": { - "full_name": "T1078.003: Local Accounts", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" - }, - "T1078.004": { - "full_name": "T1078.004: Cloud Accounts", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" - }, - "T1080": { - "full_name": "T1080: Taint Shared Content", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1082": { - "full_name": "T1082: System Information Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1083": { - "full_name": "T1083: File and Directory Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1087": { - "full_name": "T1087: Account Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1087.001": { - "full_name": "T1087.001: Local Account", - "tactic_full_name": "TA0007: Discovery" - }, - "T1087.002": { - "full_name": "T1087.002: Domain Account", - "tactic_full_name": "TA0007: Discovery" - }, - "T1087.003": { - "full_name": "T1087.003: Email Account", - "tactic_full_name": "TA0007: Discovery" - }, - "T1087.004": { - "full_name": "T1087.004: Cloud Account", - "tactic_full_name": "TA0007: Discovery" - }, - "T1090": { - "full_name": "T1090: Proxy", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1090.001": { - "full_name": "T1090.001: Internal Proxy", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1090.002": { - "full_name": "T1090.002: External Proxy", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1090.003": { - "full_name": "T1090.003: Multi-hop Proxy", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1090.004": { - "full_name": "T1090.004: Domain Fronting", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1091": { - "full_name": "T1091: Replication Through Removable Media", - "tactic_full_name": "TA0008: Lateral Movement, TA0001: Initial Access" - }, - "T1092": { - "full_name": "T1092: Communication Through Removable Media", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1095": { - "full_name": "T1095: Non-Application Layer Protocol", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1098": { - "full_name": "T1098: Account Manipulation", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1098.001": { - "full_name": "T1098.001: Additional Cloud Credentials", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1098.002": { - "full_name": "T1098.002: Additional Email Delegate Permissions", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1098.003": { - "full_name": "T1098.003: Additional Cloud Roles", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1098.004": { - "full_name": "T1098.004: SSH Authorized Keys", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1098.005": { - "full_name": "T1098.005: Device Registration", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1098.006": { - "full_name": "T1098.006: Additional Container Cluster Roles", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1102": { - "full_name": "T1102: Web Service", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1102.001": { - "full_name": "T1102.001: Dead Drop Resolver", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1102.002": { - "full_name": "T1102.002: Bidirectional Communication", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1102.003": { - "full_name": "T1102.003: One-Way Communication", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1104": { - "full_name": "T1104: Multi-Stage Channels", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1105": { - "full_name": "T1105: Ingress Tool Transfer", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1106": { - "full_name": "T1106: Native API", - "tactic_full_name": "TA0002: Execution" - }, - "T1110": { - "full_name": "T1110: Brute Force", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1110.001": { - "full_name": "T1110.001: Password Guessing", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1110.002": { - "full_name": "T1110.002: Password Cracking", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1110.003": { - "full_name": "T1110.003: Password Spraying", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1110.004": { - "full_name": "T1110.004: Credential Stuffing", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1111": { - "full_name": "T1111: Multi-Factor Authentication Interception", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1112": { - "full_name": "T1112: Modify Registry", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1113": { - "full_name": "T1113: Screen Capture", - "tactic_full_name": "TA0009: Collection" - }, - "T1114": { - "full_name": "T1114: Email Collection", - "tactic_full_name": "TA0009: Collection" - }, - "T1114.001": { - "full_name": "T1114.001: Local Email Collection", - "tactic_full_name": "TA0009: Collection" - }, - "T1114.002": { - "full_name": "T1114.002: Remote Email Collection", - "tactic_full_name": "TA0009: Collection" - }, - "T1114.003": { - "full_name": "T1114.003: Email Forwarding Rule", - "tactic_full_name": "TA0009: Collection" - }, - "T1115": { - "full_name": "T1115: Clipboard Data", - "tactic_full_name": "TA0009: Collection" - }, - "T1119": { - "full_name": "T1119: Automated Collection", - "tactic_full_name": "TA0009: Collection" - }, - "T1120": { - "full_name": "T1120: Peripheral Device Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1123": { - "full_name": "T1123: Audio Capture", - "tactic_full_name": "TA0009: Collection" - }, - "T1124": { - "full_name": "T1124: System Time Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1125": { - "full_name": "T1125: Video Capture", - "tactic_full_name": "TA0009: Collection" - }, - "T1127": { - "full_name": "T1127: Trusted Developer Utilities Proxy Execution", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1127.001": { - "full_name": "T1127.001: MSBuild", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1129": { - "full_name": "T1129: Shared Modules", - "tactic_full_name": "TA0002: Execution" - }, - "T1132": { - "full_name": "T1132: Data Encoding", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1132.001": { - "full_name": "T1132.001: Standard Encoding", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1132.002": { - "full_name": "T1132.002: Non-Standard Encoding", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1133": { - "full_name": "T1133: External Remote Services", - "tactic_full_name": "TA0003: Persistence, TA0001: Initial Access" - }, - "T1134": { - "full_name": "T1134: Access Token Manipulation", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1134.001": { - "full_name": "T1134.001: Token Impersonation/Theft", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1134.002": { - "full_name": "T1134.002: Create Process with Token", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1134.003": { - "full_name": "T1134.003: Make and Impersonate Token", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1134.004": { - "full_name": "T1134.004: Parent PID Spoofing", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1134.005": { - "full_name": "T1134.005: SID-History Injection", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1135": { - "full_name": "T1135: Network Share Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1136": { - "full_name": "T1136: Create Account", - "tactic_full_name": "TA0003: Persistence" - }, - "T1136.001": { - "full_name": "T1136.001: Local Account", - "tactic_full_name": "TA0003: Persistence" - }, - "T1136.002": { - "full_name": "T1136.002: Domain Account", - "tactic_full_name": "TA0003: Persistence" - }, - "T1136.003": { - "full_name": "T1136.003: Cloud Account", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137": { - "full_name": "T1137: Office Application Startup", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137.001": { - "full_name": "T1137.001: Office Template Macros", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137.002": { - "full_name": "T1137.002: Office Test", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137.003": { - "full_name": "T1137.003: Outlook Forms", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137.004": { - "full_name": "T1137.004: Outlook Home Page", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137.005": { - "full_name": "T1137.005: Outlook Rules", - "tactic_full_name": "TA0003: Persistence" - }, - "T1137.006": { - "full_name": "T1137.006: Add-ins", - "tactic_full_name": "TA0003: Persistence" - }, - "T1140": { - "full_name": "T1140: Deobfuscate/Decode Files or Information", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1176": { - "full_name": "T1176: Browser Extensions", - "tactic_full_name": "TA0003: Persistence" - }, - "T1185": { - "full_name": "T1185: Browser Session Hijacking", - "tactic_full_name": "TA0009: Collection" - }, - "T1187": { - "full_name": "T1187: Forced Authentication", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1189": { - "full_name": "T1189: Drive-by Compromise", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1190": { - "full_name": "T1190: Exploit Public-Facing Application", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1195": { - "full_name": "T1195: Supply Chain Compromise", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1195.001": { - "full_name": "T1195.001: Compromise Software Dependencies and Development Tools", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1195.002": { - "full_name": "T1195.002: Compromise Software Supply Chain", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1195.003": { - "full_name": "T1195.003: Compromise Hardware Supply Chain", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1197": { - "full_name": "T1197: BITS Jobs", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1199": { - "full_name": "T1199: Trusted Relationship", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1200": { - "full_name": "T1200: Hardware Additions", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1201": { - "full_name": "T1201: Password Policy Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1202": { - "full_name": "T1202: Indirect Command Execution", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1203": { - "full_name": "T1203: Exploitation for Client Execution", - "tactic_full_name": "TA0002: Execution" - }, - "T1204": { - "full_name": "T1204: User Execution", - "tactic_full_name": "TA0002: Execution" - }, - "T1204.001": { - "full_name": "T1204.001: Malicious Link", - "tactic_full_name": "TA0002: Execution" - }, - "T1204.002": { - "full_name": "T1204.002: Malicious File", - "tactic_full_name": "TA0002: Execution" - }, - "T1204.003": { - "full_name": "T1204.003: Malicious Image", - "tactic_full_name": "TA0002: Execution" - }, - "T1205": { - "full_name": "T1205: Traffic Signaling", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" - }, - "T1205.001": { - "full_name": "T1205.001: Port Knocking", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" - }, - "T1205.002": { - "full_name": "T1205.002: Socket Filters", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" - }, - "T1207": { - "full_name": "T1207: Rogue Domain Controller", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1210": { - "full_name": "T1210: Exploitation of Remote Services", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1211": { - "full_name": "T1211: Exploitation for Defense Evasion", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1212": { - "full_name": "T1212: Exploitation for Credential Access", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1213": { - "full_name": "T1213: Data from Information Repositories", - "tactic_full_name": "TA0009: Collection" - }, - "T1213.001": { - "full_name": "T1213.001: Confluence", - "tactic_full_name": "TA0009: Collection" - }, - "T1213.002": { - "full_name": "T1213.002: Sharepoint", - "tactic_full_name": "TA0009: Collection" - }, - "T1213.003": { - "full_name": "T1213.003: Code Repositories", - "tactic_full_name": "TA0009: Collection" - }, - "T1216": { - "full_name": "T1216: System Script Proxy Execution", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1216.001": { - "full_name": "T1216.001: PubPrn", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1216.002": { - "full_name": "T1216.002: SyncAppvPublishingServer", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1217": { - "full_name": "T1217: Browser Information Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1218": { - "full_name": "T1218: System Binary Proxy Execution", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.001": { - "full_name": "T1218.001: Compiled HTML File", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.002": { - "full_name": "T1218.002: Control Panel", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.003": { - "full_name": "T1218.003: CMSTP", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.004": { - "full_name": "T1218.004: InstallUtil", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.005": { - "full_name": "T1218.005: Mshta", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.007": { - "full_name": "T1218.007: Msiexec", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.008": { - "full_name": "T1218.008: Odbcconf", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.009": { - "full_name": "T1218.009: Regsvcs/Regasm", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.010": { - "full_name": "T1218.010: Regsvr32", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.011": { - "full_name": "T1218.011: Rundll32", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.012": { - "full_name": "T1218.012: Verclsid", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.013": { - "full_name": "T1218.013: Mavinject", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.014": { - "full_name": "T1218.014: MMC", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1218.015": { - "full_name": "T1218.015: Electron Applications", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1219": { - "full_name": "T1219: Remote Access Software", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1220": { - "full_name": "T1220: XSL Script Processing", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1221": { - "full_name": "T1221: Template Injection", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1222": { - "full_name": "T1222: File and Directory Permissions Modification", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1222.001": { - "full_name": "T1222.001: Windows File and Directory Permissions Modification", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1222.002": { - "full_name": "T1222.002: Linux and Mac File and Directory Permissions Modification", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1480": { - "full_name": "T1480: Execution Guardrails", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1480.001": { - "full_name": "T1480.001: Environmental Keying", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1482": { - "full_name": "T1482: Domain Trust Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1484": { - "full_name": "T1484: Domain or Tenant Policy Modification", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1484.001": { - "full_name": "T1484.001: Group Policy Modification", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1484.002": { - "full_name": "T1484.002: Trust Modification", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1485": { - "full_name": "T1485: Data Destruction", - "tactic_full_name": "TA0040: Impact" - }, - "T1486": { - "full_name": "T1486: Data Encrypted for Impact", - "tactic_full_name": "TA0040: Impact" - }, - "T1489": { - "full_name": "T1489: Service Stop", - "tactic_full_name": "TA0040: Impact" - }, - "T1490": { - "full_name": "T1490: Inhibit System Recovery", - "tactic_full_name": "TA0040: Impact" - }, - "T1491": { - "full_name": "T1491: Defacement", - "tactic_full_name": "TA0040: Impact" - }, - "T1491.001": { - "full_name": "T1491.001: Internal Defacement", - "tactic_full_name": "TA0040: Impact" - }, - "T1491.002": { - "full_name": "T1491.002: External Defacement", - "tactic_full_name": "TA0040: Impact" - }, - "T1495": { - "full_name": "T1495: Firmware Corruption", - "tactic_full_name": "TA0040: Impact" - }, - "T1496": { - "full_name": "T1496: Resource Hijacking", - "tactic_full_name": "TA0040: Impact" - }, - "T1497": { - "full_name": "T1497: Virtualization/Sandbox Evasion", - "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" - }, - "T1497.001": { - "full_name": "T1497.001: System Checks", - "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" - }, - "T1497.002": { - "full_name": "T1497.002: User Activity Based Checks", - "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" - }, - "T1497.003": { - "full_name": "T1497.003: Time Based Evasion", - "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" - }, - "T1498": { - "full_name": "T1498: Network Denial of Service", - "tactic_full_name": "TA0040: Impact" - }, - "T1498.001": { - "full_name": "T1498.001: Direct Network Flood", - "tactic_full_name": "TA0040: Impact" - }, - "T1498.002": { - "full_name": "T1498.002: Reflection Amplification", - "tactic_full_name": "TA0040: Impact" - }, - "T1499": { - "full_name": "T1499: Endpoint Denial of Service", - "tactic_full_name": "TA0040: Impact" - }, - "T1499.001": { - "full_name": "T1499.001: OS Exhaustion Flood", - "tactic_full_name": "TA0040: Impact" - }, - "T1499.002": { - "full_name": "T1499.002: Service Exhaustion Flood", - "tactic_full_name": "TA0040: Impact" - }, - "T1499.003": { - "full_name": "T1499.003: Application Exhaustion Flood", - "tactic_full_name": "TA0040: Impact" - }, - "T1499.004": { - "full_name": "T1499.004: Application or System Exploitation", - "tactic_full_name": "TA0040: Impact" - }, - "T1505": { - "full_name": "T1505: Server Software Component", - "tactic_full_name": "TA0003: Persistence" - }, - "T1505.001": { - "full_name": "T1505.001: SQL Stored Procedures", - "tactic_full_name": "TA0003: Persistence" - }, - "T1505.002": { - "full_name": "T1505.002: Transport Agent", - "tactic_full_name": "TA0003: Persistence" - }, - "T1505.003": { - "full_name": "T1505.003: Web Shell", - "tactic_full_name": "TA0003: Persistence" - }, - "T1505.004": { - "full_name": "T1505.004: IIS Components", - "tactic_full_name": "TA0003: Persistence" - }, - "T1505.005": { - "full_name": "T1505.005: Terminal Services DLL", - "tactic_full_name": "TA0003: Persistence" - }, - "T1518": { - "full_name": "T1518: Software Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1518.001": { - "full_name": "T1518.001: Security Software Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1525": { - "full_name": "T1525: Implant Internal Image", - "tactic_full_name": "TA0003: Persistence" - }, - "T1526": { - "full_name": "T1526: Cloud Service Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1528": { - "full_name": "T1528: Steal Application Access Token", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1529": { - "full_name": "T1529: System Shutdown/Reboot", - "tactic_full_name": "TA0040: Impact" - }, - "T1530": { - "full_name": "T1530: Data from Cloud Storage", - "tactic_full_name": "TA0009: Collection" - }, - "T1531": { - "full_name": "T1531: Account Access Removal", - "tactic_full_name": "TA0040: Impact" - }, - "T1534": { - "full_name": "T1534: Internal Spearphishing", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1535": { - "full_name": "T1535: Unused/Unsupported Cloud Regions", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1537": { - "full_name": "T1537: Transfer Data to Cloud Account", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1538": { - "full_name": "T1538: Cloud Service Dashboard", - "tactic_full_name": "TA0007: Discovery" - }, - "T1539": { - "full_name": "T1539: Steal Web Session Cookie", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1542": { - "full_name": "T1542: Pre-OS Boot", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1542.001": { - "full_name": "T1542.001: System Firmware", - "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" - }, - "T1542.002": { - "full_name": "T1542.002: Component Firmware", - "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" - }, - "T1542.003": { - "full_name": "T1542.003: Bootkit", - "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" - }, - "T1542.004": { - "full_name": "T1542.004: ROMMONkit", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1542.005": { - "full_name": "T1542.005: TFTP Boot", - "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1543": { - "full_name": "T1543: Create or Modify System Process", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1543.001": { - "full_name": "T1543.001: Launch Agent", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1543.002": { - "full_name": "T1543.002: Systemd Service", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1543.003": { - "full_name": "T1543.003: Windows Service", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1543.004": { - "full_name": "T1543.004: Launch Daemon", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1543.005": { - "full_name": "T1543.005: Container Service", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1546": { - "full_name": "T1546: Event Triggered Execution", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.001": { - "full_name": "T1546.001: Change Default File Association", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.002": { - "full_name": "T1546.002: Screensaver", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.003": { - "full_name": "T1546.003: Windows Management Instrumentation Event Subscription", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.004": { - "full_name": "T1546.004: Unix Shell Configuration Modification", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.005": { - "full_name": "T1546.005: Trap", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.006": { - "full_name": "T1546.006: LC_LOAD_DYLIB Addition", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.007": { - "full_name": "T1546.007: Netsh Helper DLL", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.008": { - "full_name": "T1546.008: Accessibility Features", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.009": { - "full_name": "T1546.009: AppCert DLLs", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.010": { - "full_name": "T1546.010: AppInit DLLs", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.011": { - "full_name": "T1546.011: Application Shimming", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.012": { - "full_name": "T1546.012: Image File Execution Options Injection", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.013": { - "full_name": "T1546.013: PowerShell Profile", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.014": { - "full_name": "T1546.014: Emond", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.015": { - "full_name": "T1546.015: Component Object Model Hijacking", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1546.016": { - "full_name": "T1546.016: Installer Packages", - "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" - }, - "T1547": { - "full_name": "T1547: Boot or Logon Autostart Execution", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.001": { - "full_name": "T1547.001: Registry Run Keys / Startup Folder", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.002": { - "full_name": "T1547.002: Authentication Package", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.003": { - "full_name": "T1547.003: Time Providers", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.004": { - "full_name": "T1547.004: Winlogon Helper DLL", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.005": { - "full_name": "T1547.005: Security Support Provider", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.006": { - "full_name": "T1547.006: Kernel Modules and Extensions", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.007": { - "full_name": "T1547.007: Re-opened Applications", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.008": { - "full_name": "T1547.008: LSASS Driver", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.009": { - "full_name": "T1547.009: Shortcut Modification", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.010": { - "full_name": "T1547.010: Port Monitors", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.012": { - "full_name": "T1547.012: Print Processors", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.013": { - "full_name": "T1547.013: XDG Autostart Entries", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.014": { - "full_name": "T1547.014: Active Setup", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1547.015": { - "full_name": "T1547.015: Login Items", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" - }, - "T1548": { - "full_name": "T1548: Abuse Elevation Control Mechanism", - "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1548.001": { - "full_name": "T1548.001: Setuid and Setgid", - "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1548.002": { - "full_name": "T1548.002: Bypass User Account Control", - "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1548.003": { - "full_name": "T1548.003: Sudo and Sudo Caching", - "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1548.004": { - "full_name": "T1548.004: Elevated Execution with Prompt", - "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1548.005": { - "full_name": "T1548.005: Temporary Elevated Cloud Access", - "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1548.006": { - "full_name": "T1548.006: TCC Manipulation", - "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" - }, - "T1550": { - "full_name": "T1550: Use Alternate Authentication Material", - "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" - }, - "T1550.001": { - "full_name": "T1550.001: Application Access Token", - "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" - }, - "T1550.002": { - "full_name": "T1550.002: Pass the Hash", - "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" - }, - "T1550.003": { - "full_name": "T1550.003: Pass the Ticket", - "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" - }, - "T1550.004": { - "full_name": "T1550.004: Web Session Cookie", - "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" - }, - "T1552": { - "full_name": "T1552: Unsecured Credentials", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.001": { - "full_name": "T1552.001: Credentials In Files", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.002": { - "full_name": "T1552.002: Credentials in Registry", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.003": { - "full_name": "T1552.003: Bash History", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.004": { - "full_name": "T1552.004: Private Keys", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.005": { - "full_name": "T1552.005: Cloud Instance Metadata API", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.006": { - "full_name": "T1552.006: Group Policy Preferences", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.007": { - "full_name": "T1552.007: Container API", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1552.008": { - "full_name": "T1552.008: Chat Messages", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1553": { - "full_name": "T1553: Subvert Trust Controls", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1553.001": { - "full_name": "T1553.001: Gatekeeper Bypass", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1553.002": { - "full_name": "T1553.002: Code Signing", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1553.003": { - "full_name": "T1553.003: SIP and Trust Provider Hijacking", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1553.004": { - "full_name": "T1553.004: Install Root Certificate", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1553.005": { - "full_name": "T1553.005: Mark-of-the-Web Bypass", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1553.006": { - "full_name": "T1553.006: Code Signing Policy Modification", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1554": { - "full_name": "T1554: Compromise Host Software Binary", - "tactic_full_name": "TA0003: Persistence" - }, - "T1555": { - "full_name": "T1555: Credentials from Password Stores", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1555.001": { - "full_name": "T1555.001: Keychain", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1555.002": { - "full_name": "T1555.002: Securityd Memory", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1555.003": { - "full_name": "T1555.003: Credentials from Web Browsers", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1555.004": { - "full_name": "T1555.004: Windows Credential Manager", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1555.005": { - "full_name": "T1555.005: Password Managers", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1555.006": { - "full_name": "T1555.006: Cloud Secrets Management Stores", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1556": { - "full_name": "T1556: Modify Authentication Process", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.001": { - "full_name": "T1556.001: Domain Controller Authentication", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.002": { - "full_name": "T1556.002: Password Filter DLL", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.003": { - "full_name": "T1556.003: Pluggable Authentication Modules", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.004": { - "full_name": "T1556.004: Network Device Authentication", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.005": { - "full_name": "T1556.005: Reversible Encryption", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.006": { - "full_name": "T1556.006: Multi-Factor Authentication", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.007": { - "full_name": "T1556.007: Hybrid Identity", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.008": { - "full_name": "T1556.008: Network Provider DLL", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1556.009": { - "full_name": "T1556.009: Conditional Access Policies", - "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" - }, - "T1557": { - "full_name": "T1557: Adversary-in-the-Middle", - "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" - }, - "T1557.001": { - "full_name": "T1557.001: LLMNR/NBT-NS Poisoning and SMB Relay", - "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" - }, - "T1557.002": { - "full_name": "T1557.002: ARP Cache Poisoning", - "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" - }, - "T1557.003": { - "full_name": "T1557.003: DHCP Spoofing", - "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" - }, - "T1558": { - "full_name": "T1558: Steal or Forge Kerberos Tickets", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1558.001": { - "full_name": "T1558.001: Golden Ticket", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1558.002": { - "full_name": "T1558.002: Silver Ticket", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1558.003": { - "full_name": "T1558.003: Kerberoasting", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1558.004": { - "full_name": "T1558.004: AS-REP Roasting", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1559": { - "full_name": "T1559: Inter-Process Communication", - "tactic_full_name": "TA0002: Execution" - }, - "T1559.001": { - "full_name": "T1559.001: Component Object Model", - "tactic_full_name": "TA0002: Execution" - }, - "T1559.002": { - "full_name": "T1559.002: Dynamic Data Exchange", - "tactic_full_name": "TA0002: Execution" - }, - "T1559.003": { - "full_name": "T1559.003: XPC Services", - "tactic_full_name": "TA0002: Execution" - }, - "T1560": { - "full_name": "T1560: Archive Collected Data", - "tactic_full_name": "TA0009: Collection" - }, - "T1560.001": { - "full_name": "T1560.001: Archive via Utility", - "tactic_full_name": "TA0009: Collection" - }, - "T1560.002": { - "full_name": "T1560.002: Archive via Library", - "tactic_full_name": "TA0009: Collection" - }, - "T1560.003": { - "full_name": "T1560.003: Archive via Custom Method", - "tactic_full_name": "TA0009: Collection" - }, - "T1561": { - "full_name": "T1561: Disk Wipe", - "tactic_full_name": "TA0040: Impact" - }, - "T1561.001": { - "full_name": "T1561.001: Disk Content Wipe", - "tactic_full_name": "TA0040: Impact" - }, - "T1561.002": { - "full_name": "T1561.002: Disk Structure Wipe", - "tactic_full_name": "TA0040: Impact" - }, - "T1562": { - "full_name": "T1562: Impair Defenses", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.001": { - "full_name": "T1562.001: Disable or Modify Tools", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.002": { - "full_name": "T1562.002: Disable Windows Event Logging", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.003": { - "full_name": "T1562.003: Impair Command History Logging", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.004": { - "full_name": "T1562.004: Disable or Modify System Firewall", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.006": { - "full_name": "T1562.006: Indicator Blocking", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.007": { - "full_name": "T1562.007: Disable or Modify Cloud Firewall", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.008": { - "full_name": "T1562.008: Disable or Modify Cloud Logs", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.009": { - "full_name": "T1562.009: Safe Mode Boot", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.010": { - "full_name": "T1562.010: Downgrade Attack", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.011": { - "full_name": "T1562.011: Spoof Security Alerting", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1562.012": { - "full_name": "T1562.012: Disable or Modify Linux Audit System", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1563": { - "full_name": "T1563: Remote Service Session Hijacking", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1563.001": { - "full_name": "T1563.001: SSH Hijacking", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1563.002": { - "full_name": "T1563.002: RDP Hijacking", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1564": { - "full_name": "T1564: Hide Artifacts", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.001": { - "full_name": "T1564.001: Hidden Files and Directories", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.002": { - "full_name": "T1564.002: Hidden Users", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.003": { - "full_name": "T1564.003: Hidden Window", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.004": { - "full_name": "T1564.004: NTFS File Attributes", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.005": { - "full_name": "T1564.005: Hidden File System", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.006": { - "full_name": "T1564.006: Run Virtual Instance", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.007": { - "full_name": "T1564.007: VBA Stomping", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.008": { - "full_name": "T1564.008: Email Hiding Rules", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.009": { - "full_name": "T1564.009: Resource Forking", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.010": { - "full_name": "T1564.010: Process Argument Spoofing", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.011": { - "full_name": "T1564.011: Ignore Process Interrupts", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1564.012": { - "full_name": "T1564.012: File/Path Exclusions", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1565": { - "full_name": "T1565: Data Manipulation", - "tactic_full_name": "TA0040: Impact" - }, - "T1565.001": { - "full_name": "T1565.001: Stored Data Manipulation", - "tactic_full_name": "TA0040: Impact" - }, - "T1565.002": { - "full_name": "T1565.002: Transmitted Data Manipulation", - "tactic_full_name": "TA0040: Impact" - }, - "T1565.003": { - "full_name": "T1565.003: Runtime Data Manipulation", - "tactic_full_name": "TA0040: Impact" - }, - "T1566": { - "full_name": "T1566: Phishing", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1566.001": { - "full_name": "T1566.001: Spearphishing Attachment", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1566.002": { - "full_name": "T1566.002: Spearphishing Link", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1566.003": { - "full_name": "T1566.003: Spearphishing via Service", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1566.004": { - "full_name": "T1566.004: Spearphishing Voice", - "tactic_full_name": "TA0001: Initial Access" - }, - "T1567": { - "full_name": "T1567: Exfiltration Over Web Service", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1567.001": { - "full_name": "T1567.001: Exfiltration to Code Repository", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1567.002": { - "full_name": "T1567.002: Exfiltration to Cloud Storage", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1567.003": { - "full_name": "T1567.003: Exfiltration to Text Storage Sites", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1567.004": { - "full_name": "T1567.004: Exfiltration Over Webhook", - "tactic_full_name": "TA0010: Exfiltration" - }, - "T1568": { - "full_name": "T1568: Dynamic Resolution", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1568.001": { - "full_name": "T1568.001: Fast Flux DNS", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1568.002": { - "full_name": "T1568.002: Domain Generation Algorithms", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1568.003": { - "full_name": "T1568.003: DNS Calculation", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1569": { - "full_name": "T1569: System Services", - "tactic_full_name": "TA0002: Execution" - }, - "T1569.001": { - "full_name": "T1569.001: Launchctl", - "tactic_full_name": "TA0002: Execution" - }, - "T1569.002": { - "full_name": "T1569.002: Service Execution", - "tactic_full_name": "TA0002: Execution" - }, - "T1570": { - "full_name": "T1570: Lateral Tool Transfer", - "tactic_full_name": "TA0008: Lateral Movement" - }, - "T1571": { - "full_name": "T1571: Non-Standard Port", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1572": { - "full_name": "T1572: Protocol Tunneling", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1573": { - "full_name": "T1573: Encrypted Channel", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1573.001": { - "full_name": "T1573.001: Symmetric Cryptography", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1573.002": { - "full_name": "T1573.002: Asymmetric Cryptography", - "tactic_full_name": "TA0011: Command and Control" - }, - "T1574": { - "full_name": "T1574: Hijack Execution Flow", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.001": { - "full_name": "T1574.001: DLL Search Order Hijacking", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.002": { - "full_name": "T1574.002: DLL Side-Loading", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.004": { - "full_name": "T1574.004: Dylib Hijacking", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.005": { - "full_name": "T1574.005: Executable Installer File Permissions Weakness", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.006": { - "full_name": "T1574.006: Dynamic Linker Hijacking", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.007": { - "full_name": "T1574.007: Path Interception by PATH Environment Variable", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.008": { - "full_name": "T1574.008: Path Interception by Search Order Hijacking", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.009": { - "full_name": "T1574.009: Path Interception by Unquoted Path", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.010": { - "full_name": "T1574.010: Services File Permissions Weakness", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.011": { - "full_name": "T1574.011: Services Registry Permissions Weakness", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.012": { - "full_name": "T1574.012: COR_PROFILER", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.013": { - "full_name": "T1574.013: KernelCallbackTable", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1574.014": { - "full_name": "T1574.014: AppDomainManager", - "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" - }, - "T1578": { - "full_name": "T1578: Modify Cloud Compute Infrastructure", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1578.001": { - "full_name": "T1578.001: Create Snapshot", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1578.002": { - "full_name": "T1578.002: Create Cloud Instance", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1578.003": { - "full_name": "T1578.003: Delete Cloud Instance", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1578.004": { - "full_name": "T1578.004: Revert Cloud Instance", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1578.005": { - "full_name": "T1578.005: Modify Cloud Compute Configurations", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1580": { - "full_name": "T1580: Cloud Infrastructure Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1583": { - "full_name": "T1583: Acquire Infrastructure", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.001": { - "full_name": "T1583.001: Domains", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.002": { - "full_name": "T1583.002: DNS Server", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.003": { - "full_name": "T1583.003: Virtual Private Server", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.004": { - "full_name": "T1583.004: Server", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.005": { - "full_name": "T1583.005: Botnet", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.006": { - "full_name": "T1583.006: Web Services", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.007": { - "full_name": "T1583.007: Serverless", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1583.008": { - "full_name": "T1583.008: Malvertising", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584": { - "full_name": "T1584: Compromise Infrastructure", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.001": { - "full_name": "T1584.001: Domains", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.002": { - "full_name": "T1584.002: DNS Server", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.003": { - "full_name": "T1584.003: Virtual Private Server", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.004": { - "full_name": "T1584.004: Server", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.005": { - "full_name": "T1584.005: Botnet", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.006": { - "full_name": "T1584.006: Web Services", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.007": { - "full_name": "T1584.007: Serverless", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1584.008": { - "full_name": "T1584.008: Network Devices", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1585": { - "full_name": "T1585: Establish Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1585.001": { - "full_name": "T1585.001: Social Media Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1585.002": { - "full_name": "T1585.002: Email Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1585.003": { - "full_name": "T1585.003: Cloud Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1586": { - "full_name": "T1586: Compromise Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1586.001": { - "full_name": "T1586.001: Social Media Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1586.002": { - "full_name": "T1586.002: Email Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1586.003": { - "full_name": "T1586.003: Cloud Accounts", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1587": { - "full_name": "T1587: Develop Capabilities", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1587.001": { - "full_name": "T1587.001: Malware", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1587.002": { - "full_name": "T1587.002: Code Signing Certificates", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1587.003": { - "full_name": "T1587.003: Digital Certificates", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1587.004": { - "full_name": "T1587.004: Exploits", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588": { - "full_name": "T1588: Obtain Capabilities", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.001": { - "full_name": "T1588.001: Malware", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.002": { - "full_name": "T1588.002: Tool", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.003": { - "full_name": "T1588.003: Code Signing Certificates", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.004": { - "full_name": "T1588.004: Digital Certificates", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.005": { - "full_name": "T1588.005: Exploits", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.006": { - "full_name": "T1588.006: Vulnerabilities", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1588.007": { - "full_name": "T1588.007: Artificial Intelligence", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1589": { - "full_name": "T1589: Gather Victim Identity Information", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1589.001": { - "full_name": "T1589.001: Credentials", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1589.002": { - "full_name": "T1589.002: Email Addresses", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1589.003": { - "full_name": "T1589.003: Employee Names", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590": { - "full_name": "T1590: Gather Victim Network Information", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590.001": { - "full_name": "T1590.001: Domain Properties", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590.002": { - "full_name": "T1590.002: DNS", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590.003": { - "full_name": "T1590.003: Network Trust Dependencies", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590.004": { - "full_name": "T1590.004: Network Topology", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590.005": { - "full_name": "T1590.005: IP Addresses", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1590.006": { - "full_name": "T1590.006: Network Security Appliances", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1591": { - "full_name": "T1591: Gather Victim Org Information", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1591.001": { - "full_name": "T1591.001: Determine Physical Locations", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1591.002": { - "full_name": "T1591.002: Business Relationships", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1591.003": { - "full_name": "T1591.003: Identify Business Tempo", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1591.004": { - "full_name": "T1591.004: Identify Roles", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1592": { - "full_name": "T1592: Gather Victim Host Information", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1592.001": { - "full_name": "T1592.001: Hardware", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1592.002": { - "full_name": "T1592.002: Software", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1592.003": { - "full_name": "T1592.003: Firmware", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1592.004": { - "full_name": "T1592.004: Client Configurations", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1593": { - "full_name": "T1593: Search Open Websites/Domains", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1593.001": { - "full_name": "T1593.001: Social Media", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1593.002": { - "full_name": "T1593.002: Search Engines", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1593.003": { - "full_name": "T1593.003: Code Repositories", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1594": { - "full_name": "T1594: Search Victim-Owned Websites", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1595": { - "full_name": "T1595: Active Scanning", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1595.001": { - "full_name": "T1595.001: Scanning IP Blocks", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1595.002": { - "full_name": "T1595.002: Vulnerability Scanning", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1595.003": { - "full_name": "T1595.003: Wordlist Scanning", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1596": { - "full_name": "T1596: Search Open Technical Databases", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1596.001": { - "full_name": "T1596.001: DNS/Passive DNS", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1596.002": { - "full_name": "T1596.002: WHOIS", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1596.003": { - "full_name": "T1596.003: Digital Certificates", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1596.004": { - "full_name": "T1596.004: CDNs", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1596.005": { - "full_name": "T1596.005: Scan Databases", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1597": { - "full_name": "T1597: Search Closed Sources", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1597.001": { - "full_name": "T1597.001: Threat Intel Vendors", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1597.002": { - "full_name": "T1597.002: Purchase Technical Data", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1598": { - "full_name": "T1598: Phishing for Information", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1598.001": { - "full_name": "T1598.001: Spearphishing Service", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1598.002": { - "full_name": "T1598.002: Spearphishing Attachment", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1598.003": { - "full_name": "T1598.003: Spearphishing Link", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1598.004": { - "full_name": "T1598.004: Spearphishing Voice", - "tactic_full_name": "TA0043: Reconnaissance" - }, - "T1599": { - "full_name": "T1599: Network Boundary Bridging", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1599.001": { - "full_name": "T1599.001: Network Address Translation Traversal", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1600": { - "full_name": "T1600: Weaken Encryption", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1600.001": { - "full_name": "T1600.001: Reduce Key Space", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1600.002": { - "full_name": "T1600.002: Disable Crypto Hardware", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1601": { - "full_name": "T1601: Modify System Image", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1601.001": { - "full_name": "T1601.001: Patch System Image", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1601.002": { - "full_name": "T1601.002: Downgrade System Image", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1602": { - "full_name": "T1602: Data from Configuration Repository", - "tactic_full_name": "TA0009: Collection" - }, - "T1602.001": { - "full_name": "T1602.001: SNMP (MIB Dump)", - "tactic_full_name": "TA0009: Collection" - }, - "T1602.002": { - "full_name": "T1602.002: Network Device Configuration Dump", - "tactic_full_name": "TA0009: Collection" - }, - "T1606": { - "full_name": "T1606: Forge Web Credentials", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1606.001": { - "full_name": "T1606.001: Web Cookies", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1606.002": { - "full_name": "T1606.002: SAML Tokens", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1608": { - "full_name": "T1608: Stage Capabilities", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1608.001": { - "full_name": "T1608.001: Upload Malware", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1608.002": { - "full_name": "T1608.002: Upload Tool", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1608.003": { - "full_name": "T1608.003: Install Digital Certificate", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1608.004": { - "full_name": "T1608.004: Drive-by Target", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1608.005": { - "full_name": "T1608.005: Link Target", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1608.006": { - "full_name": "T1608.006: SEO Poisoning", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1609": { - "full_name": "T1609: Container Administration Command", - "tactic_full_name": "TA0002: Execution" - }, - "T1610": { - "full_name": "T1610: Deploy Container", - "tactic_full_name": "TA0005: Defense Evasion, TA0002: Execution" - }, - "T1611": { - "full_name": "T1611: Escape to Host", - "tactic_full_name": "TA0004: Privilege Escalation" - }, - "T1612": { - "full_name": "T1612: Build Image on Host", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1613": { - "full_name": "T1613: Container and Resource Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1614": { - "full_name": "T1614: System Location Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1614.001": { - "full_name": "T1614.001: System Language Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1615": { - "full_name": "T1615: Group Policy Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1619": { - "full_name": "T1619: Cloud Storage Object Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1620": { - "full_name": "T1620: Reflective Code Loading", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1621": { - "full_name": "T1621: Multi-Factor Authentication Request Generation", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1622": { - "full_name": "T1622: Debugger Evasion", - "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" - }, - "T1647": { - "full_name": "T1647: Plist File Modification", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1648": { - "full_name": "T1648: Serverless Execution", - "tactic_full_name": "TA0002: Execution" - }, - "T1649": { - "full_name": "T1649: Steal or Forge Authentication Certificates", - "tactic_full_name": "TA0006: Credential Access" - }, - "T1650": { - "full_name": "T1650: Acquire Access", - "tactic_full_name": "TA0042: Resource Development" - }, - "T1651": { - "full_name": "T1651: Cloud Administration Command", - "tactic_full_name": "TA0002: Execution" - }, - "T1652": { - "full_name": "T1652: Device Driver Discovery", - "tactic_full_name": "TA0007: Discovery" - }, - "T1653": { - "full_name": "T1653: Power Settings", - "tactic_full_name": "TA0003: Persistence" - }, - "T1654": { - "full_name": "T1654: Log Enumeration", - "tactic_full_name": "TA0007: Discovery" - }, - "T1656": { - "full_name": "T1656: Impersonation", - "tactic_full_name": "TA0005: Defense Evasion" - }, - "T1657": { - "full_name": "T1657: Financial Theft", - "tactic_full_name": "TA0040: Impact" - }, - "T1659": { - "full_name": "T1659: Content Injection", - "tactic_full_name": "TA0001: Initial Access, TA0011: Command and Control" - }, - "T1665": { - "full_name": "T1665: Hide Infrastructure", - "tactic_full_name": "TA0011: Command and Control" + "techniques": { + "T1001": { + "full_name": "T1001: Data Obfuscation", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1001.001": { + "full_name": "T1001.001: Junk Data", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1001.002": { + "full_name": "T1001.002: Steganography", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1001.003": { + "full_name": "T1001.003: Protocol Impersonation", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1003": { + "full_name": "T1003: OS Credential Dumping", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.001": { + "full_name": "T1003.001: LSASS Memory", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.002": { + "full_name": "T1003.002: Security Account Manager", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.003": { + "full_name": "T1003.003: NTDS", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.004": { + "full_name": "T1003.004: LSA Secrets", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.005": { + "full_name": "T1003.005: Cached Domain Credentials", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.006": { + "full_name": "T1003.006: DCSync", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.007": { + "full_name": "T1003.007: Proc Filesystem", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1003.008": { + "full_name": "T1003.008: /etc/passwd and /etc/shadow", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1005": { + "full_name": "T1005: Data from Local System", + "tactic_full_name": "TA0009: Collection" + }, + "T1006": { + "full_name": "T1006: Direct Volume Access", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1007": { + "full_name": "T1007: System Service Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1008": { + "full_name": "T1008: Fallback Channels", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1010": { + "full_name": "T1010: Application Window Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1011": { + "full_name": "T1011: Exfiltration Over Other Network Medium", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1011.001": { + "full_name": "T1011.001: Exfiltration Over Bluetooth", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1012": { + "full_name": "T1012: Query Registry", + "tactic_full_name": "TA0007: Discovery" + }, + "T1014": { + "full_name": "T1014: Rootkit", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1016": { + "full_name": "T1016: System Network Configuration Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1016.001": { + "full_name": "T1016.001: Internet Connection Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1016.002": { + "full_name": "T1016.002: Wi-Fi Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1018": { + "full_name": "T1018: Remote System Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1020": { + "full_name": "T1020: Automated Exfiltration", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1020.001": { + "full_name": "T1020.001: Traffic Duplication", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1021": { + "full_name": "T1021: Remote Services", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.001": { + "full_name": "T1021.001: Remote Desktop Protocol", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.002": { + "full_name": "T1021.002: SMB/Windows Admin Shares", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.003": { + "full_name": "T1021.003: Distributed Component Object Model", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.004": { + "full_name": "T1021.004: SSH", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.005": { + "full_name": "T1021.005: VNC", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.006": { + "full_name": "T1021.006: Windows Remote Management", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.007": { + "full_name": "T1021.007: Cloud Services", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1021.008": { + "full_name": "T1021.008: Direct Cloud VM Connections", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1025": { + "full_name": "T1025: Data from Removable Media", + "tactic_full_name": "TA0009: Collection" + }, + "T1027": { + "full_name": "T1027: Obfuscated Files or Information", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.001": { + "full_name": "T1027.001: Binary Padding", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.002": { + "full_name": "T1027.002: Software Packing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.003": { + "full_name": "T1027.003: Steganography", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.004": { + "full_name": "T1027.004: Compile After Delivery", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.005": { + "full_name": "T1027.005: Indicator Removal from Tools", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.006": { + "full_name": "T1027.006: HTML Smuggling", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.007": { + "full_name": "T1027.007: Dynamic API Resolution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.008": { + "full_name": "T1027.008: Stripped Payloads", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.009": { + "full_name": "T1027.009: Embedded Payloads", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.010": { + "full_name": "T1027.010: Command Obfuscation", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.011": { + "full_name": "T1027.011: Fileless Storage", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.012": { + "full_name": "T1027.012: LNK Icon Smuggling", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1027.013": { + "full_name": "T1027.013: Encrypted/Encoded File", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1029": { + "full_name": "T1029: Scheduled Transfer", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1030": { + "full_name": "T1030: Data Transfer Size Limits", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1033": { + "full_name": "T1033: System Owner/User Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1036": { + "full_name": "T1036: Masquerading", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.001": { + "full_name": "T1036.001: Invalid Code Signature", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.002": { + "full_name": "T1036.002: Right-to-Left Override", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.003": { + "full_name": "T1036.003: Rename System Utilities", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.004": { + "full_name": "T1036.004: Masquerade Task or Service", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.005": { + "full_name": "T1036.005: Match Legitimate Name or Location", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.006": { + "full_name": "T1036.006: Space after Filename", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.007": { + "full_name": "T1036.007: Double File Extension", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.008": { + "full_name": "T1036.008: Masquerade File Type", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1036.009": { + "full_name": "T1036.009: Break Process Trees", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1037": { + "full_name": "T1037: Boot or Logon Initialization Scripts", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.001": { + "full_name": "T1037.001: Logon Script (Windows)", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.002": { + "full_name": "T1037.002: Login Hook", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.003": { + "full_name": "T1037.003: Network Logon Script", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.004": { + "full_name": "T1037.004: RC Scripts", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1037.005": { + "full_name": "T1037.005: Startup Items", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1039": { + "full_name": "T1039: Data from Network Shared Drive", + "tactic_full_name": "TA0009: Collection" + }, + "T1040": { + "full_name": "T1040: Network Sniffing", + "tactic_full_name": "TA0006: Credential Access, TA0007: Discovery" + }, + "T1041": { + "full_name": "T1041: Exfiltration Over C2 Channel", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1046": { + "full_name": "T1046: Network Service Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1047": { + "full_name": "T1047: Windows Management Instrumentation", + "tactic_full_name": "TA0002: Execution" + }, + "T1048": { + "full_name": "T1048: Exfiltration Over Alternative Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1048.001": { + "full_name": "T1048.001: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1048.002": { + "full_name": "T1048.002: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1048.003": { + "full_name": "T1048.003: Exfiltration Over Unencrypted Non-C2 Protocol", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1049": { + "full_name": "T1049: System Network Connections Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1052": { + "full_name": "T1052: Exfiltration Over Physical Medium", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1052.001": { + "full_name": "T1052.001: Exfiltration over USB", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1053": { + "full_name": "T1053: Scheduled Task/Job", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.002": { + "full_name": "T1053.002: At", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.003": { + "full_name": "T1053.003: Cron", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.005": { + "full_name": "T1053.005: Scheduled Task", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.006": { + "full_name": "T1053.006: Systemd Timers", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1053.007": { + "full_name": "T1053.007: Container Orchestration Job", + "tactic_full_name": "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1055": { + "full_name": "T1055: Process Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.001": { + "full_name": "T1055.001: Dynamic-link Library Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.002": { + "full_name": "T1055.002: Portable Executable Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.003": { + "full_name": "T1055.003: Thread Execution Hijacking", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.004": { + "full_name": "T1055.004: Asynchronous Procedure Call", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.005": { + "full_name": "T1055.005: Thread Local Storage", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.008": { + "full_name": "T1055.008: Ptrace System Calls", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.009": { + "full_name": "T1055.009: Proc Memory", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.011": { + "full_name": "T1055.011: Extra Window Memory Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.012": { + "full_name": "T1055.012: Process Hollowing", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.013": { + "full_name": "T1055.013: Process Doppelg\u00e4nging", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.014": { + "full_name": "T1055.014: VDSO Hijacking", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1055.015": { + "full_name": "T1055.015: ListPlanting", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1056": { + "full_name": "T1056: Input Capture", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.001": { + "full_name": "T1056.001: Keylogging", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.002": { + "full_name": "T1056.002: GUI Input Capture", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.003": { + "full_name": "T1056.003: Web Portal Capture", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1056.004": { + "full_name": "T1056.004: Credential API Hooking", + "tactic_full_name": "TA0009: Collection, TA0006: Credential Access" + }, + "T1057": { + "full_name": "T1057: Process Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1059": { + "full_name": "T1059: Command and Scripting Interpreter", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.001": { + "full_name": "T1059.001: PowerShell", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.002": { + "full_name": "T1059.002: AppleScript", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.003": { + "full_name": "T1059.003: Windows Command Shell", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.004": { + "full_name": "T1059.004: Unix Shell", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.005": { + "full_name": "T1059.005: Visual Basic", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.006": { + "full_name": "T1059.006: Python", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.007": { + "full_name": "T1059.007: JavaScript", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.008": { + "full_name": "T1059.008: Network Device CLI", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.009": { + "full_name": "T1059.009: Cloud API", + "tactic_full_name": "TA0002: Execution" + }, + "T1059.010": { + "full_name": "T1059.010: AutoHotKey & AutoIT", + "tactic_full_name": "TA0002: Execution" + }, + "T1068": { + "full_name": "T1068: Exploitation for Privilege Escalation", + "tactic_full_name": "TA0004: Privilege Escalation" + }, + "T1069": { + "full_name": "T1069: Permission Groups Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1069.001": { + "full_name": "T1069.001: Local Groups", + "tactic_full_name": "TA0007: Discovery" + }, + "T1069.002": { + "full_name": "T1069.002: Domain Groups", + "tactic_full_name": "TA0007: Discovery" + }, + "T1069.003": { + "full_name": "T1069.003: Cloud Groups", + "tactic_full_name": "TA0007: Discovery" + }, + "T1070": { + "full_name": "T1070: Indicator Removal", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.001": { + "full_name": "T1070.001: Clear Windows Event Logs", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.002": { + "full_name": "T1070.002: Clear Linux or Mac System Logs", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.003": { + "full_name": "T1070.003: Clear Command History", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.004": { + "full_name": "T1070.004: File Deletion", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.005": { + "full_name": "T1070.005: Network Share Connection Removal", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.006": { + "full_name": "T1070.006: Timestomp", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.007": { + "full_name": "T1070.007: Clear Network Connection History and Configurations", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.008": { + "full_name": "T1070.008: Clear Mailbox Data", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1070.009": { + "full_name": "T1070.009: Clear Persistence", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1071": { + "full_name": "T1071: Application Layer Protocol", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.001": { + "full_name": "T1071.001: Web Protocols", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.002": { + "full_name": "T1071.002: File Transfer Protocols", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.003": { + "full_name": "T1071.003: Mail Protocols", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1071.004": { + "full_name": "T1071.004: DNS", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1072": { + "full_name": "T1072: Software Deployment Tools", + "tactic_full_name": "TA0002: Execution, TA0008: Lateral Movement" + }, + "T1074": { + "full_name": "T1074: Data Staged", + "tactic_full_name": "TA0009: Collection" + }, + "T1074.001": { + "full_name": "T1074.001: Local Data Staging", + "tactic_full_name": "TA0009: Collection" + }, + "T1074.002": { + "full_name": "T1074.002: Remote Data Staging", + "tactic_full_name": "TA0009: Collection" + }, + "T1078": { + "full_name": "T1078: Valid Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.001": { + "full_name": "T1078.001: Default Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.002": { + "full_name": "T1078.002: Domain Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.003": { + "full_name": "T1078.003: Local Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1078.004": { + "full_name": "T1078.004: Cloud Accounts", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0004: Privilege Escalation, TA0001: Initial Access" + }, + "T1080": { + "full_name": "T1080: Taint Shared Content", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1082": { + "full_name": "T1082: System Information Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1083": { + "full_name": "T1083: File and Directory Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087": { + "full_name": "T1087: Account Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.001": { + "full_name": "T1087.001: Local Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.002": { + "full_name": "T1087.002: Domain Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.003": { + "full_name": "T1087.003: Email Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1087.004": { + "full_name": "T1087.004: Cloud Account", + "tactic_full_name": "TA0007: Discovery" + }, + "T1090": { + "full_name": "T1090: Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.001": { + "full_name": "T1090.001: Internal Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.002": { + "full_name": "T1090.002: External Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.003": { + "full_name": "T1090.003: Multi-hop Proxy", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1090.004": { + "full_name": "T1090.004: Domain Fronting", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1091": { + "full_name": "T1091: Replication Through Removable Media", + "tactic_full_name": "TA0008: Lateral Movement, TA0001: Initial Access" + }, + "T1092": { + "full_name": "T1092: Communication Through Removable Media", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1095": { + "full_name": "T1095: Non-Application Layer Protocol", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1098": { + "full_name": "T1098: Account Manipulation", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.001": { + "full_name": "T1098.001: Additional Cloud Credentials", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.002": { + "full_name": "T1098.002: Additional Email Delegate Permissions", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.003": { + "full_name": "T1098.003: Additional Cloud Roles", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.004": { + "full_name": "T1098.004: SSH Authorized Keys", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.005": { + "full_name": "T1098.005: Device Registration", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1098.006": { + "full_name": "T1098.006: Additional Container Cluster Roles", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1102": { + "full_name": "T1102: Web Service", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1102.001": { + "full_name": "T1102.001: Dead Drop Resolver", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1102.002": { + "full_name": "T1102.002: Bidirectional Communication", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1102.003": { + "full_name": "T1102.003: One-Way Communication", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1104": { + "full_name": "T1104: Multi-Stage Channels", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1105": { + "full_name": "T1105: Ingress Tool Transfer", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1106": { + "full_name": "T1106: Native API", + "tactic_full_name": "TA0002: Execution" + }, + "T1110": { + "full_name": "T1110: Brute Force", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.001": { + "full_name": "T1110.001: Password Guessing", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.002": { + "full_name": "T1110.002: Password Cracking", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.003": { + "full_name": "T1110.003: Password Spraying", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1110.004": { + "full_name": "T1110.004: Credential Stuffing", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1111": { + "full_name": "T1111: Multi-Factor Authentication Interception", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1112": { + "full_name": "T1112: Modify Registry", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1113": { + "full_name": "T1113: Screen Capture", + "tactic_full_name": "TA0009: Collection" + }, + "T1114": { + "full_name": "T1114: Email Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1114.001": { + "full_name": "T1114.001: Local Email Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1114.002": { + "full_name": "T1114.002: Remote Email Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1114.003": { + "full_name": "T1114.003: Email Forwarding Rule", + "tactic_full_name": "TA0009: Collection" + }, + "T1115": { + "full_name": "T1115: Clipboard Data", + "tactic_full_name": "TA0009: Collection" + }, + "T1119": { + "full_name": "T1119: Automated Collection", + "tactic_full_name": "TA0009: Collection" + }, + "T1120": { + "full_name": "T1120: Peripheral Device Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1123": { + "full_name": "T1123: Audio Capture", + "tactic_full_name": "TA0009: Collection" + }, + "T1124": { + "full_name": "T1124: System Time Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1125": { + "full_name": "T1125: Video Capture", + "tactic_full_name": "TA0009: Collection" + }, + "T1127": { + "full_name": "T1127: Trusted Developer Utilities Proxy Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1127.001": { + "full_name": "T1127.001: MSBuild", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1129": { + "full_name": "T1129: Shared Modules", + "tactic_full_name": "TA0002: Execution" + }, + "T1132": { + "full_name": "T1132: Data Encoding", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1132.001": { + "full_name": "T1132.001: Standard Encoding", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1132.002": { + "full_name": "T1132.002: Non-Standard Encoding", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1133": { + "full_name": "T1133: External Remote Services", + "tactic_full_name": "TA0003: Persistence, TA0001: Initial Access" + }, + "T1134": { + "full_name": "T1134: Access Token Manipulation", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.001": { + "full_name": "T1134.001: Token Impersonation/Theft", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.002": { + "full_name": "T1134.002: Create Process with Token", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.003": { + "full_name": "T1134.003: Make and Impersonate Token", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.004": { + "full_name": "T1134.004: Parent PID Spoofing", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1134.005": { + "full_name": "T1134.005: SID-History Injection", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1135": { + "full_name": "T1135: Network Share Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1136": { + "full_name": "T1136: Create Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1136.001": { + "full_name": "T1136.001: Local Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1136.002": { + "full_name": "T1136.002: Domain Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1136.003": { + "full_name": "T1136.003: Cloud Account", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137": { + "full_name": "T1137: Office Application Startup", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.001": { + "full_name": "T1137.001: Office Template Macros", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.002": { + "full_name": "T1137.002: Office Test", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.003": { + "full_name": "T1137.003: Outlook Forms", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.004": { + "full_name": "T1137.004: Outlook Home Page", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.005": { + "full_name": "T1137.005: Outlook Rules", + "tactic_full_name": "TA0003: Persistence" + }, + "T1137.006": { + "full_name": "T1137.006: Add-ins", + "tactic_full_name": "TA0003: Persistence" + }, + "T1140": { + "full_name": "T1140: Deobfuscate/Decode Files or Information", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1176": { + "full_name": "T1176: Browser Extensions", + "tactic_full_name": "TA0003: Persistence" + }, + "T1185": { + "full_name": "T1185: Browser Session Hijacking", + "tactic_full_name": "TA0009: Collection" + }, + "T1187": { + "full_name": "T1187: Forced Authentication", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1189": { + "full_name": "T1189: Drive-by Compromise", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1190": { + "full_name": "T1190: Exploit Public-Facing Application", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195": { + "full_name": "T1195: Supply Chain Compromise", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195.001": { + "full_name": "T1195.001: Compromise Software Dependencies and Development Tools", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195.002": { + "full_name": "T1195.002: Compromise Software Supply Chain", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1195.003": { + "full_name": "T1195.003: Compromise Hardware Supply Chain", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1197": { + "full_name": "T1197: BITS Jobs", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1199": { + "full_name": "T1199: Trusted Relationship", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1200": { + "full_name": "T1200: Hardware Additions", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1201": { + "full_name": "T1201: Password Policy Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1202": { + "full_name": "T1202: Indirect Command Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1203": { + "full_name": "T1203: Exploitation for Client Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1204": { + "full_name": "T1204: User Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1204.001": { + "full_name": "T1204.001: Malicious Link", + "tactic_full_name": "TA0002: Execution" + }, + "T1204.002": { + "full_name": "T1204.002: Malicious File", + "tactic_full_name": "TA0002: Execution" + }, + "T1204.003": { + "full_name": "T1204.003: Malicious Image", + "tactic_full_name": "TA0002: Execution" + }, + "T1205": { + "full_name": "T1205: Traffic Signaling", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" + }, + "T1205.001": { + "full_name": "T1205.001: Port Knocking", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" + }, + "T1205.002": { + "full_name": "T1205.002: Socket Filters", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence, TA0011: Command and Control" + }, + "T1207": { + "full_name": "T1207: Rogue Domain Controller", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1210": { + "full_name": "T1210: Exploitation of Remote Services", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1211": { + "full_name": "T1211: Exploitation for Defense Evasion", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1212": { + "full_name": "T1212: Exploitation for Credential Access", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1213": { + "full_name": "T1213: Data from Information Repositories", + "tactic_full_name": "TA0009: Collection" + }, + "T1213.001": { + "full_name": "T1213.001: Confluence", + "tactic_full_name": "TA0009: Collection" + }, + "T1213.002": { + "full_name": "T1213.002: Sharepoint", + "tactic_full_name": "TA0009: Collection" + }, + "T1213.003": { + "full_name": "T1213.003: Code Repositories", + "tactic_full_name": "TA0009: Collection" + }, + "T1216": { + "full_name": "T1216: System Script Proxy Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1216.001": { + "full_name": "T1216.001: PubPrn", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1216.002": { + "full_name": "T1216.002: SyncAppvPublishingServer", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1217": { + "full_name": "T1217: Browser Information Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1218": { + "full_name": "T1218: System Binary Proxy Execution", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.001": { + "full_name": "T1218.001: Compiled HTML File", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.002": { + "full_name": "T1218.002: Control Panel", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.003": { + "full_name": "T1218.003: CMSTP", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.004": { + "full_name": "T1218.004: InstallUtil", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.005": { + "full_name": "T1218.005: Mshta", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.007": { + "full_name": "T1218.007: Msiexec", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.008": { + "full_name": "T1218.008: Odbcconf", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.009": { + "full_name": "T1218.009: Regsvcs/Regasm", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.010": { + "full_name": "T1218.010: Regsvr32", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.011": { + "full_name": "T1218.011: Rundll32", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.012": { + "full_name": "T1218.012: Verclsid", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.013": { + "full_name": "T1218.013: Mavinject", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.014": { + "full_name": "T1218.014: MMC", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1218.015": { + "full_name": "T1218.015: Electron Applications", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1219": { + "full_name": "T1219: Remote Access Software", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1220": { + "full_name": "T1220: XSL Script Processing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1221": { + "full_name": "T1221: Template Injection", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1222": { + "full_name": "T1222: File and Directory Permissions Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1222.001": { + "full_name": "T1222.001: Windows File and Directory Permissions Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1222.002": { + "full_name": "T1222.002: Linux and Mac File and Directory Permissions Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1480": { + "full_name": "T1480: Execution Guardrails", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1480.001": { + "full_name": "T1480.001: Environmental Keying", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1482": { + "full_name": "T1482: Domain Trust Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1484": { + "full_name": "T1484: Domain or Tenant Policy Modification", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1484.001": { + "full_name": "T1484.001: Group Policy Modification", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1484.002": { + "full_name": "T1484.002: Trust Modification", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1485": { + "full_name": "T1485: Data Destruction", + "tactic_full_name": "TA0040: Impact" + }, + "T1486": { + "full_name": "T1486: Data Encrypted for Impact", + "tactic_full_name": "TA0040: Impact" + }, + "T1489": { + "full_name": "T1489: Service Stop", + "tactic_full_name": "TA0040: Impact" + }, + "T1490": { + "full_name": "T1490: Inhibit System Recovery", + "tactic_full_name": "TA0040: Impact" + }, + "T1491": { + "full_name": "T1491: Defacement", + "tactic_full_name": "TA0040: Impact" + }, + "T1491.001": { + "full_name": "T1491.001: Internal Defacement", + "tactic_full_name": "TA0040: Impact" + }, + "T1491.002": { + "full_name": "T1491.002: External Defacement", + "tactic_full_name": "TA0040: Impact" + }, + "T1495": { + "full_name": "T1495: Firmware Corruption", + "tactic_full_name": "TA0040: Impact" + }, + "T1496": { + "full_name": "T1496: Resource Hijacking", + "tactic_full_name": "TA0040: Impact" + }, + "T1497": { + "full_name": "T1497: Virtualization/Sandbox Evasion", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1497.001": { + "full_name": "T1497.001: System Checks", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1497.002": { + "full_name": "T1497.002: User Activity Based Checks", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1497.003": { + "full_name": "T1497.003: Time Based Evasion", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1498": { + "full_name": "T1498: Network Denial of Service", + "tactic_full_name": "TA0040: Impact" + }, + "T1498.001": { + "full_name": "T1498.001: Direct Network Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1498.002": { + "full_name": "T1498.002: Reflection Amplification", + "tactic_full_name": "TA0040: Impact" + }, + "T1499": { + "full_name": "T1499: Endpoint Denial of Service", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.001": { + "full_name": "T1499.001: OS Exhaustion Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.002": { + "full_name": "T1499.002: Service Exhaustion Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.003": { + "full_name": "T1499.003: Application Exhaustion Flood", + "tactic_full_name": "TA0040: Impact" + }, + "T1499.004": { + "full_name": "T1499.004: Application or System Exploitation", + "tactic_full_name": "TA0040: Impact" + }, + "T1505": { + "full_name": "T1505: Server Software Component", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.001": { + "full_name": "T1505.001: SQL Stored Procedures", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.002": { + "full_name": "T1505.002: Transport Agent", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.003": { + "full_name": "T1505.003: Web Shell", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.004": { + "full_name": "T1505.004: IIS Components", + "tactic_full_name": "TA0003: Persistence" + }, + "T1505.005": { + "full_name": "T1505.005: Terminal Services DLL", + "tactic_full_name": "TA0003: Persistence" + }, + "T1518": { + "full_name": "T1518: Software Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1518.001": { + "full_name": "T1518.001: Security Software Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1525": { + "full_name": "T1525: Implant Internal Image", + "tactic_full_name": "TA0003: Persistence" + }, + "T1526": { + "full_name": "T1526: Cloud Service Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1528": { + "full_name": "T1528: Steal Application Access Token", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1529": { + "full_name": "T1529: System Shutdown/Reboot", + "tactic_full_name": "TA0040: Impact" + }, + "T1530": { + "full_name": "T1530: Data from Cloud Storage", + "tactic_full_name": "TA0009: Collection" + }, + "T1531": { + "full_name": "T1531: Account Access Removal", + "tactic_full_name": "TA0040: Impact" + }, + "T1534": { + "full_name": "T1534: Internal Spearphishing", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1535": { + "full_name": "T1535: Unused/Unsupported Cloud Regions", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1537": { + "full_name": "T1537: Transfer Data to Cloud Account", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1538": { + "full_name": "T1538: Cloud Service Dashboard", + "tactic_full_name": "TA0007: Discovery" + }, + "T1539": { + "full_name": "T1539: Steal Web Session Cookie", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1542": { + "full_name": "T1542: Pre-OS Boot", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1542.001": { + "full_name": "T1542.001: System Firmware", + "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" + }, + "T1542.002": { + "full_name": "T1542.002: Component Firmware", + "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" + }, + "T1542.003": { + "full_name": "T1542.003: Bootkit", + "tactic_full_name": "TA0003: Persistence, TA0005: Defense Evasion" + }, + "T1542.004": { + "full_name": "T1542.004: ROMMONkit", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1542.005": { + "full_name": "T1542.005: TFTP Boot", + "tactic_full_name": "TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1543": { + "full_name": "T1543: Create or Modify System Process", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.001": { + "full_name": "T1543.001: Launch Agent", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.002": { + "full_name": "T1543.002: Systemd Service", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.003": { + "full_name": "T1543.003: Windows Service", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.004": { + "full_name": "T1543.004: Launch Daemon", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1543.005": { + "full_name": "T1543.005: Container Service", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1546": { + "full_name": "T1546: Event Triggered Execution", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.001": { + "full_name": "T1546.001: Change Default File Association", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.002": { + "full_name": "T1546.002: Screensaver", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.003": { + "full_name": "T1546.003: Windows Management Instrumentation Event Subscription", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.004": { + "full_name": "T1546.004: Unix Shell Configuration Modification", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.005": { + "full_name": "T1546.005: Trap", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.006": { + "full_name": "T1546.006: LC_LOAD_DYLIB Addition", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.007": { + "full_name": "T1546.007: Netsh Helper DLL", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.008": { + "full_name": "T1546.008: Accessibility Features", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.009": { + "full_name": "T1546.009: AppCert DLLs", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.010": { + "full_name": "T1546.010: AppInit DLLs", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.011": { + "full_name": "T1546.011: Application Shimming", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.012": { + "full_name": "T1546.012: Image File Execution Options Injection", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.013": { + "full_name": "T1546.013: PowerShell Profile", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.014": { + "full_name": "T1546.014: Emond", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.015": { + "full_name": "T1546.015: Component Object Model Hijacking", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1546.016": { + "full_name": "T1546.016: Installer Packages", + "tactic_full_name": "TA0004: Privilege Escalation, TA0003: Persistence" + }, + "T1547": { + "full_name": "T1547: Boot or Logon Autostart Execution", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.001": { + "full_name": "T1547.001: Registry Run Keys / Startup Folder", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.002": { + "full_name": "T1547.002: Authentication Package", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.003": { + "full_name": "T1547.003: Time Providers", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.004": { + "full_name": "T1547.004: Winlogon Helper DLL", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.005": { + "full_name": "T1547.005: Security Support Provider", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.006": { + "full_name": "T1547.006: Kernel Modules and Extensions", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.007": { + "full_name": "T1547.007: Re-opened Applications", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.008": { + "full_name": "T1547.008: LSASS Driver", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.009": { + "full_name": "T1547.009: Shortcut Modification", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.010": { + "full_name": "T1547.010: Port Monitors", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.012": { + "full_name": "T1547.012: Print Processors", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.013": { + "full_name": "T1547.013: XDG Autostart Entries", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.014": { + "full_name": "T1547.014: Active Setup", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1547.015": { + "full_name": "T1547.015: Login Items", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation" + }, + "T1548": { + "full_name": "T1548: Abuse Elevation Control Mechanism", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.001": { + "full_name": "T1548.001: Setuid and Setgid", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.002": { + "full_name": "T1548.002: Bypass User Account Control", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.003": { + "full_name": "T1548.003: Sudo and Sudo Caching", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.004": { + "full_name": "T1548.004: Elevated Execution with Prompt", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.005": { + "full_name": "T1548.005: Temporary Elevated Cloud Access", + "tactic_full_name": "TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1548.006": { + "full_name": "T1548.006: TCC Manipulation", + "tactic_full_name": "TA0005: Defense Evasion, TA0004: Privilege Escalation" + }, + "T1550": { + "full_name": "T1550: Use Alternate Authentication Material", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.001": { + "full_name": "T1550.001: Application Access Token", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.002": { + "full_name": "T1550.002: Pass the Hash", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.003": { + "full_name": "T1550.003: Pass the Ticket", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1550.004": { + "full_name": "T1550.004: Web Session Cookie", + "tactic_full_name": "TA0005: Defense Evasion, TA0008: Lateral Movement" + }, + "T1552": { + "full_name": "T1552: Unsecured Credentials", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.001": { + "full_name": "T1552.001: Credentials In Files", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.002": { + "full_name": "T1552.002: Credentials in Registry", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.003": { + "full_name": "T1552.003: Bash History", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.004": { + "full_name": "T1552.004: Private Keys", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.005": { + "full_name": "T1552.005: Cloud Instance Metadata API", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.006": { + "full_name": "T1552.006: Group Policy Preferences", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.007": { + "full_name": "T1552.007: Container API", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1552.008": { + "full_name": "T1552.008: Chat Messages", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1553": { + "full_name": "T1553: Subvert Trust Controls", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.001": { + "full_name": "T1553.001: Gatekeeper Bypass", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.002": { + "full_name": "T1553.002: Code Signing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.003": { + "full_name": "T1553.003: SIP and Trust Provider Hijacking", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.004": { + "full_name": "T1553.004: Install Root Certificate", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.005": { + "full_name": "T1553.005: Mark-of-the-Web Bypass", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1553.006": { + "full_name": "T1553.006: Code Signing Policy Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1554": { + "full_name": "T1554: Compromise Host Software Binary", + "tactic_full_name": "TA0003: Persistence" + }, + "T1555": { + "full_name": "T1555: Credentials from Password Stores", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.001": { + "full_name": "T1555.001: Keychain", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.002": { + "full_name": "T1555.002: Securityd Memory", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.003": { + "full_name": "T1555.003: Credentials from Web Browsers", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.004": { + "full_name": "T1555.004: Windows Credential Manager", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.005": { + "full_name": "T1555.005: Password Managers", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1555.006": { + "full_name": "T1555.006: Cloud Secrets Management Stores", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1556": { + "full_name": "T1556: Modify Authentication Process", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.001": { + "full_name": "T1556.001: Domain Controller Authentication", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.002": { + "full_name": "T1556.002: Password Filter DLL", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.003": { + "full_name": "T1556.003: Pluggable Authentication Modules", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.004": { + "full_name": "T1556.004: Network Device Authentication", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.005": { + "full_name": "T1556.005: Reversible Encryption", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.006": { + "full_name": "T1556.006: Multi-Factor Authentication", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.007": { + "full_name": "T1556.007: Hybrid Identity", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.008": { + "full_name": "T1556.008: Network Provider DLL", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1556.009": { + "full_name": "T1556.009: Conditional Access Policies", + "tactic_full_name": "TA0006: Credential Access, TA0005: Defense Evasion, TA0003: Persistence" + }, + "T1557": { + "full_name": "T1557: Adversary-in-the-Middle", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1557.001": { + "full_name": "T1557.001: LLMNR/NBT-NS Poisoning and SMB Relay", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1557.002": { + "full_name": "T1557.002: ARP Cache Poisoning", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1557.003": { + "full_name": "T1557.003: DHCP Spoofing", + "tactic_full_name": "TA0006: Credential Access, TA0009: Collection" + }, + "T1558": { + "full_name": "T1558: Steal or Forge Kerberos Tickets", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.001": { + "full_name": "T1558.001: Golden Ticket", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.002": { + "full_name": "T1558.002: Silver Ticket", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.003": { + "full_name": "T1558.003: Kerberoasting", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1558.004": { + "full_name": "T1558.004: AS-REP Roasting", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1559": { + "full_name": "T1559: Inter-Process Communication", + "tactic_full_name": "TA0002: Execution" + }, + "T1559.001": { + "full_name": "T1559.001: Component Object Model", + "tactic_full_name": "TA0002: Execution" + }, + "T1559.002": { + "full_name": "T1559.002: Dynamic Data Exchange", + "tactic_full_name": "TA0002: Execution" + }, + "T1559.003": { + "full_name": "T1559.003: XPC Services", + "tactic_full_name": "TA0002: Execution" + }, + "T1560": { + "full_name": "T1560: Archive Collected Data", + "tactic_full_name": "TA0009: Collection" + }, + "T1560.001": { + "full_name": "T1560.001: Archive via Utility", + "tactic_full_name": "TA0009: Collection" + }, + "T1560.002": { + "full_name": "T1560.002: Archive via Library", + "tactic_full_name": "TA0009: Collection" + }, + "T1560.003": { + "full_name": "T1560.003: Archive via Custom Method", + "tactic_full_name": "TA0009: Collection" + }, + "T1561": { + "full_name": "T1561: Disk Wipe", + "tactic_full_name": "TA0040: Impact" + }, + "T1561.001": { + "full_name": "T1561.001: Disk Content Wipe", + "tactic_full_name": "TA0040: Impact" + }, + "T1561.002": { + "full_name": "T1561.002: Disk Structure Wipe", + "tactic_full_name": "TA0040: Impact" + }, + "T1562": { + "full_name": "T1562: Impair Defenses", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.001": { + "full_name": "T1562.001: Disable or Modify Tools", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.002": { + "full_name": "T1562.002: Disable Windows Event Logging", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.003": { + "full_name": "T1562.003: Impair Command History Logging", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.004": { + "full_name": "T1562.004: Disable or Modify System Firewall", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.006": { + "full_name": "T1562.006: Indicator Blocking", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.007": { + "full_name": "T1562.007: Disable or Modify Cloud Firewall", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.008": { + "full_name": "T1562.008: Disable or Modify Cloud Logs", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.009": { + "full_name": "T1562.009: Safe Mode Boot", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.010": { + "full_name": "T1562.010: Downgrade Attack", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.011": { + "full_name": "T1562.011: Spoof Security Alerting", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1562.012": { + "full_name": "T1562.012: Disable or Modify Linux Audit System", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1563": { + "full_name": "T1563: Remote Service Session Hijacking", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1563.001": { + "full_name": "T1563.001: SSH Hijacking", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1563.002": { + "full_name": "T1563.002: RDP Hijacking", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1564": { + "full_name": "T1564: Hide Artifacts", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.001": { + "full_name": "T1564.001: Hidden Files and Directories", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.002": { + "full_name": "T1564.002: Hidden Users", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.003": { + "full_name": "T1564.003: Hidden Window", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.004": { + "full_name": "T1564.004: NTFS File Attributes", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.005": { + "full_name": "T1564.005: Hidden File System", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.006": { + "full_name": "T1564.006: Run Virtual Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.007": { + "full_name": "T1564.007: VBA Stomping", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.008": { + "full_name": "T1564.008: Email Hiding Rules", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.009": { + "full_name": "T1564.009: Resource Forking", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.010": { + "full_name": "T1564.010: Process Argument Spoofing", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.011": { + "full_name": "T1564.011: Ignore Process Interrupts", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1564.012": { + "full_name": "T1564.012: File/Path Exclusions", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1565": { + "full_name": "T1565: Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1565.001": { + "full_name": "T1565.001: Stored Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1565.002": { + "full_name": "T1565.002: Transmitted Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1565.003": { + "full_name": "T1565.003: Runtime Data Manipulation", + "tactic_full_name": "TA0040: Impact" + }, + "T1566": { + "full_name": "T1566: Phishing", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.001": { + "full_name": "T1566.001: Spearphishing Attachment", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.002": { + "full_name": "T1566.002: Spearphishing Link", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.003": { + "full_name": "T1566.003: Spearphishing via Service", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1566.004": { + "full_name": "T1566.004: Spearphishing Voice", + "tactic_full_name": "TA0001: Initial Access" + }, + "T1567": { + "full_name": "T1567: Exfiltration Over Web Service", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.001": { + "full_name": "T1567.001: Exfiltration to Code Repository", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.002": { + "full_name": "T1567.002: Exfiltration to Cloud Storage", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.003": { + "full_name": "T1567.003: Exfiltration to Text Storage Sites", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1567.004": { + "full_name": "T1567.004: Exfiltration Over Webhook", + "tactic_full_name": "TA0010: Exfiltration" + }, + "T1568": { + "full_name": "T1568: Dynamic Resolution", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1568.001": { + "full_name": "T1568.001: Fast Flux DNS", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1568.002": { + "full_name": "T1568.002: Domain Generation Algorithms", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1568.003": { + "full_name": "T1568.003: DNS Calculation", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1569": { + "full_name": "T1569: System Services", + "tactic_full_name": "TA0002: Execution" + }, + "T1569.001": { + "full_name": "T1569.001: Launchctl", + "tactic_full_name": "TA0002: Execution" + }, + "T1569.002": { + "full_name": "T1569.002: Service Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1570": { + "full_name": "T1570: Lateral Tool Transfer", + "tactic_full_name": "TA0008: Lateral Movement" + }, + "T1571": { + "full_name": "T1571: Non-Standard Port", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1572": { + "full_name": "T1572: Protocol Tunneling", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1573": { + "full_name": "T1573: Encrypted Channel", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1573.001": { + "full_name": "T1573.001: Symmetric Cryptography", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1573.002": { + "full_name": "T1573.002: Asymmetric Cryptography", + "tactic_full_name": "TA0011: Command and Control" + }, + "T1574": { + "full_name": "T1574: Hijack Execution Flow", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.001": { + "full_name": "T1574.001: DLL Search Order Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.002": { + "full_name": "T1574.002: DLL Side-Loading", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.004": { + "full_name": "T1574.004: Dylib Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.005": { + "full_name": "T1574.005: Executable Installer File Permissions Weakness", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.006": { + "full_name": "T1574.006: Dynamic Linker Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.007": { + "full_name": "T1574.007: Path Interception by PATH Environment Variable", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.008": { + "full_name": "T1574.008: Path Interception by Search Order Hijacking", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.009": { + "full_name": "T1574.009: Path Interception by Unquoted Path", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.010": { + "full_name": "T1574.010: Services File Permissions Weakness", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.011": { + "full_name": "T1574.011: Services Registry Permissions Weakness", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.012": { + "full_name": "T1574.012: COR_PROFILER", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.013": { + "full_name": "T1574.013: KernelCallbackTable", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1574.014": { + "full_name": "T1574.014: AppDomainManager", + "tactic_full_name": "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion" + }, + "T1578": { + "full_name": "T1578: Modify Cloud Compute Infrastructure", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.001": { + "full_name": "T1578.001: Create Snapshot", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.002": { + "full_name": "T1578.002: Create Cloud Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.003": { + "full_name": "T1578.003: Delete Cloud Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.004": { + "full_name": "T1578.004: Revert Cloud Instance", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1578.005": { + "full_name": "T1578.005: Modify Cloud Compute Configurations", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1580": { + "full_name": "T1580: Cloud Infrastructure Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1583": { + "full_name": "T1583: Acquire Infrastructure", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.001": { + "full_name": "T1583.001: Domains", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.002": { + "full_name": "T1583.002: DNS Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.003": { + "full_name": "T1583.003: Virtual Private Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.004": { + "full_name": "T1583.004: Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.005": { + "full_name": "T1583.005: Botnet", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.006": { + "full_name": "T1583.006: Web Services", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.007": { + "full_name": "T1583.007: Serverless", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1583.008": { + "full_name": "T1583.008: Malvertising", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584": { + "full_name": "T1584: Compromise Infrastructure", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.001": { + "full_name": "T1584.001: Domains", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.002": { + "full_name": "T1584.002: DNS Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.003": { + "full_name": "T1584.003: Virtual Private Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.004": { + "full_name": "T1584.004: Server", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.005": { + "full_name": "T1584.005: Botnet", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.006": { + "full_name": "T1584.006: Web Services", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.007": { + "full_name": "T1584.007: Serverless", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1584.008": { + "full_name": "T1584.008: Network Devices", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585": { + "full_name": "T1585: Establish Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585.001": { + "full_name": "T1585.001: Social Media Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585.002": { + "full_name": "T1585.002: Email Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1585.003": { + "full_name": "T1585.003: Cloud Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586": { + "full_name": "T1586: Compromise Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586.001": { + "full_name": "T1586.001: Social Media Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586.002": { + "full_name": "T1586.002: Email Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1586.003": { + "full_name": "T1586.003: Cloud Accounts", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587": { + "full_name": "T1587: Develop Capabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.001": { + "full_name": "T1587.001: Malware", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.002": { + "full_name": "T1587.002: Code Signing Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.003": { + "full_name": "T1587.003: Digital Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1587.004": { + "full_name": "T1587.004: Exploits", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588": { + "full_name": "T1588: Obtain Capabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.001": { + "full_name": "T1588.001: Malware", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.002": { + "full_name": "T1588.002: Tool", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.003": { + "full_name": "T1588.003: Code Signing Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.004": { + "full_name": "T1588.004: Digital Certificates", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.005": { + "full_name": "T1588.005: Exploits", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.006": { + "full_name": "T1588.006: Vulnerabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1588.007": { + "full_name": "T1588.007: Artificial Intelligence", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1589": { + "full_name": "T1589: Gather Victim Identity Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1589.001": { + "full_name": "T1589.001: Credentials", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1589.002": { + "full_name": "T1589.002: Email Addresses", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1589.003": { + "full_name": "T1589.003: Employee Names", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590": { + "full_name": "T1590: Gather Victim Network Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.001": { + "full_name": "T1590.001: Domain Properties", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.002": { + "full_name": "T1590.002: DNS", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.003": { + "full_name": "T1590.003: Network Trust Dependencies", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.004": { + "full_name": "T1590.004: Network Topology", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.005": { + "full_name": "T1590.005: IP Addresses", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1590.006": { + "full_name": "T1590.006: Network Security Appliances", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591": { + "full_name": "T1591: Gather Victim Org Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.001": { + "full_name": "T1591.001: Determine Physical Locations", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.002": { + "full_name": "T1591.002: Business Relationships", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.003": { + "full_name": "T1591.003: Identify Business Tempo", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1591.004": { + "full_name": "T1591.004: Identify Roles", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592": { + "full_name": "T1592: Gather Victim Host Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.001": { + "full_name": "T1592.001: Hardware", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.002": { + "full_name": "T1592.002: Software", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.003": { + "full_name": "T1592.003: Firmware", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1592.004": { + "full_name": "T1592.004: Client Configurations", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593": { + "full_name": "T1593: Search Open Websites/Domains", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593.001": { + "full_name": "T1593.001: Social Media", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593.002": { + "full_name": "T1593.002: Search Engines", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1593.003": { + "full_name": "T1593.003: Code Repositories", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1594": { + "full_name": "T1594: Search Victim-Owned Websites", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595": { + "full_name": "T1595: Active Scanning", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595.001": { + "full_name": "T1595.001: Scanning IP Blocks", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595.002": { + "full_name": "T1595.002: Vulnerability Scanning", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1595.003": { + "full_name": "T1595.003: Wordlist Scanning", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596": { + "full_name": "T1596: Search Open Technical Databases", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.001": { + "full_name": "T1596.001: DNS/Passive DNS", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.002": { + "full_name": "T1596.002: WHOIS", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.003": { + "full_name": "T1596.003: Digital Certificates", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.004": { + "full_name": "T1596.004: CDNs", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1596.005": { + "full_name": "T1596.005: Scan Databases", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1597": { + "full_name": "T1597: Search Closed Sources", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1597.001": { + "full_name": "T1597.001: Threat Intel Vendors", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1597.002": { + "full_name": "T1597.002: Purchase Technical Data", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598": { + "full_name": "T1598: Phishing for Information", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.001": { + "full_name": "T1598.001: Spearphishing Service", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.002": { + "full_name": "T1598.002: Spearphishing Attachment", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.003": { + "full_name": "T1598.003: Spearphishing Link", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1598.004": { + "full_name": "T1598.004: Spearphishing Voice", + "tactic_full_name": "TA0043: Reconnaissance" + }, + "T1599": { + "full_name": "T1599: Network Boundary Bridging", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1599.001": { + "full_name": "T1599.001: Network Address Translation Traversal", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1600": { + "full_name": "T1600: Weaken Encryption", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1600.001": { + "full_name": "T1600.001: Reduce Key Space", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1600.002": { + "full_name": "T1600.002: Disable Crypto Hardware", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1601": { + "full_name": "T1601: Modify System Image", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1601.001": { + "full_name": "T1601.001: Patch System Image", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1601.002": { + "full_name": "T1601.002: Downgrade System Image", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1602": { + "full_name": "T1602: Data from Configuration Repository", + "tactic_full_name": "TA0009: Collection" + }, + "T1602.001": { + "full_name": "T1602.001: SNMP (MIB Dump)", + "tactic_full_name": "TA0009: Collection" + }, + "T1602.002": { + "full_name": "T1602.002: Network Device Configuration Dump", + "tactic_full_name": "TA0009: Collection" + }, + "T1606": { + "full_name": "T1606: Forge Web Credentials", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1606.001": { + "full_name": "T1606.001: Web Cookies", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1606.002": { + "full_name": "T1606.002: SAML Tokens", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1608": { + "full_name": "T1608: Stage Capabilities", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.001": { + "full_name": "T1608.001: Upload Malware", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.002": { + "full_name": "T1608.002: Upload Tool", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.003": { + "full_name": "T1608.003: Install Digital Certificate", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.004": { + "full_name": "T1608.004: Drive-by Target", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.005": { + "full_name": "T1608.005: Link Target", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1608.006": { + "full_name": "T1608.006: SEO Poisoning", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1609": { + "full_name": "T1609: Container Administration Command", + "tactic_full_name": "TA0002: Execution" + }, + "T1610": { + "full_name": "T1610: Deploy Container", + "tactic_full_name": "TA0005: Defense Evasion, TA0002: Execution" + }, + "T1611": { + "full_name": "T1611: Escape to Host", + "tactic_full_name": "TA0004: Privilege Escalation" + }, + "T1612": { + "full_name": "T1612: Build Image on Host", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1613": { + "full_name": "T1613: Container and Resource Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1614": { + "full_name": "T1614: System Location Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1614.001": { + "full_name": "T1614.001: System Language Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1615": { + "full_name": "T1615: Group Policy Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1619": { + "full_name": "T1619: Cloud Storage Object Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1620": { + "full_name": "T1620: Reflective Code Loading", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1621": { + "full_name": "T1621: Multi-Factor Authentication Request Generation", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1622": { + "full_name": "T1622: Debugger Evasion", + "tactic_full_name": "TA0005: Defense Evasion, TA0007: Discovery" + }, + "T1647": { + "full_name": "T1647: Plist File Modification", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1648": { + "full_name": "T1648: Serverless Execution", + "tactic_full_name": "TA0002: Execution" + }, + "T1649": { + "full_name": "T1649: Steal or Forge Authentication Certificates", + "tactic_full_name": "TA0006: Credential Access" + }, + "T1650": { + "full_name": "T1650: Acquire Access", + "tactic_full_name": "TA0042: Resource Development" + }, + "T1651": { + "full_name": "T1651: Cloud Administration Command", + "tactic_full_name": "TA0002: Execution" + }, + "T1652": { + "full_name": "T1652: Device Driver Discovery", + "tactic_full_name": "TA0007: Discovery" + }, + "T1653": { + "full_name": "T1653: Power Settings", + "tactic_full_name": "TA0003: Persistence" + }, + "T1654": { + "full_name": "T1654: Log Enumeration", + "tactic_full_name": "TA0007: Discovery" + }, + "T1656": { + "full_name": "T1656: Impersonation", + "tactic_full_name": "TA0005: Defense Evasion" + }, + "T1657": { + "full_name": "T1657: Financial Theft", + "tactic_full_name": "TA0040: Impact" + }, + "T1659": { + "full_name": "T1659: Content Injection", + "tactic_full_name": "TA0001: Initial Access, TA0011: Command and Control" + }, + "T1665": { + "full_name": "T1665: Hide Infrastructure", + "tactic_full_name": "TA0011: Command and Control" + } } } \ No newline at end of file From c539ba458a0e7e0dc5c6d7c7ce6b3781170cac96 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 16:10:44 +0100 Subject: [PATCH 12/35] Populate Mitre tags properly, extract GUID per atomic test --- magefiles/translate.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 5376fa16..c4ade304 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -44,6 +44,7 @@ type TTP struct { Description string `yaml:"description,omitempty"` Environment map[string]string `yaml:"env,omitempty,flow"` Args []args.Spec `yaml:"args,omitempty"` + UUID string `yaml:"uuid,omitempty"` Mitre Mitre Steps []Step // Omit WorkDir, but expose for testing. @@ -59,6 +60,7 @@ type AtomicTest struct { // TODO: Ignore it completely? DependencyExecutorName string `yaml:"dependency_executor_name"` InputArguments map[string]InputArgument `yaml:"input_arguments,omitempty,flow"` + AutoGeneratedGUID string `yaml:"auto_generated_guid,omitempty"` } type AtomicTestExecutor struct { @@ -120,6 +122,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { ttp := TTP{ Name: test.Name, Description: test.Description, + UUID: test.AutoGeneratedGUID, Mitre: Mitre{ Techniques: []string{atomic.AttackTechnique}, Tactics: []string{}, @@ -248,15 +251,15 @@ func ConvertYAMLSchema(ttpPath string) error { } // Populating Mitre Tactics - for _, ttp := range targetTtpList { + for i, ttp := range targetTtpList { if len(ttp.Mitre.Techniques) != 1 { continue } key := ttp.Mitre.Techniques[0] info, ok := mitreMap.Map[key] if ok { - ttp.Mitre.Tactics = strings.Split(info.TacticFullNames, ", ") - ttp.Mitre.Techniques = []string{info.FullName} + targetTtpList[i].Mitre.Tactics = strings.Split(info.TacticFullNames, ", ") + targetTtpList[i].Mitre.Techniques = []string{info.FullName} } } From df452420223fa5cd1ad1f870083344ceb9e5e97b Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 16:40:53 +0100 Subject: [PATCH 13/35] Use UUID as safe target filename --- magefiles/translate.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index c4ade304..2cc27a4b 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -244,7 +244,6 @@ func ConvertYAMLSchema(ttpPath string) error { targetTtpList := ConvertSchema(atomic) // Load Mitre TTP map - // TODO: figure out why the map is empty mitreMap, err := NewMitreMap("magefiles/ttp_map.json") if err != nil { return err @@ -278,7 +277,7 @@ func ConvertYAMLSchema(ttpPath string) error { if err != nil { return err } - outputFilePath := filepath.Join(outputDir, fmt.Sprintf("%v.yaml", target.Name)) + outputFilePath := filepath.Join(outputDir, fmt.Sprintf("%v.yaml", target.UUID)) err = os.WriteFile(outputFilePath, result, os.ModePerm) if err != nil { From d956ca414806660602e4e51a5d07d7974fbf87cd Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 17:12:53 +0100 Subject: [PATCH 14/35] Always define API version --- magefiles/translate.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/magefiles/translate.go b/magefiles/translate.go index 2cc27a4b..b7f0e038 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -40,6 +40,7 @@ type AtomicSchema struct { // (Tactics, Techniques, and Procedures) object. // TODO: Replace with existing TTP struct type TTP struct { + APIVersion string `yaml:"api_version"` Name string Description string `yaml:"description,omitempty"` Environment map[string]string `yaml:"env,omitempty,flow"` @@ -120,6 +121,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { for i, test := range atomic.AtomicTests { ttp := TTP{ + APIVersion: "2.0", Name: test.Name, Description: test.Description, UUID: test.AutoGeneratedGUID, From 1a9d336a6a66a3f099a03a9b74e588c3cce8621f Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 17:22:12 +0100 Subject: [PATCH 15/35] Added todos and Executor to clean up step --- magefiles/translate.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index b7f0e038..6e35b8b0 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -107,6 +107,7 @@ type Step struct { type CleanupAction struct { Inline string + Executor string `yaml:"executor,omitempty"` } type ArgumentSpec struct { @@ -136,8 +137,10 @@ func ConvertSchema(atomic AtomicSchema) []TTP { argumentReplacements := make(map[string]string, len(test.InputArguments)) for argName, inputArg := range test.InputArguments { spec := args.Spec{ - Name: argName, - Type: inputArg.Type, + Name: argName, + Type: inputArg.Type, + // TODO: consider path prefix "PathToAtomicsFolder" as magical + // TODO: consider prefix "$env:FOOBAR" as magical Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string // TODO: bump ttpforge dependency to support description field // Description: inputArg.Description, @@ -153,6 +156,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { Executor: test.Executor.Name, Cleanup: CleanupAction{ Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements), + Executor: test.Executor.Name }, } ttp.Steps = append(ttp.Steps, step) @@ -261,6 +265,7 @@ func ConvertYAMLSchema(ttpPath string) error { if ok { targetTtpList[i].Mitre.Tactics = strings.Split(info.TacticFullNames, ", ") targetTtpList[i].Mitre.Techniques = []string{info.FullName} + // TODO: Populate subtechniques when "." in key } } From 96fce19cc3519d314da0fc059c04260c696ac529 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 17:23:09 +0100 Subject: [PATCH 16/35] Comma --- magefiles/translate.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 6e35b8b0..775963a1 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -106,7 +106,7 @@ type Step struct { } type CleanupAction struct { - Inline string + Inline string Executor string `yaml:"executor,omitempty"` } @@ -155,8 +155,8 @@ func ConvertSchema(atomic AtomicSchema) []TTP { Inline: replaceArgumentPlaceholders(test.Executor.Command, argumentReplacements), Executor: test.Executor.Name, Cleanup: CleanupAction{ - Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements), - Executor: test.Executor.Name + Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements), + Executor: test.Executor.Name, }, } ttp.Steps = append(ttp.Steps, step) From 5bfd931b3100c6bb189329e40db7b0022697eb54 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 17:56:58 +0100 Subject: [PATCH 17/35] Populate Mitre Subtechnique when present --- magefiles/translate.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 775963a1..523264be 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -264,8 +264,16 @@ func ConvertYAMLSchema(ttpPath string) error { info, ok := mitreMap.Map[key] if ok { targetTtpList[i].Mitre.Tactics = strings.Split(info.TacticFullNames, ", ") - targetTtpList[i].Mitre.Techniques = []string{info.FullName} - // TODO: Populate subtechniques when "." in key + if strings.Contains(key, ".") { + targetTtpList[i].Mitre.Subtechniques = []string{info.FullName} + tkey := strings.Split(key, ".")[0] + techniqueInfo, ok := mitreMap.Map[tkey] + if ok { + targetTtpList[i].Mitre.Techniques = []string{techniqueInfo.FullName} + } + } else { + targetTtpList[i].Mitre.Techniques = []string{info.FullName} + } } } From 0b0f233b3c2415cfeb0b97c49d8f2401089ddccf Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Wed, 23 Oct 2024 18:16:37 +0100 Subject: [PATCH 18/35] Supported Platforms translates to Requirements --- magefiles/translate.go | 50 ++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 523264be..f9906e46 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -40,18 +40,30 @@ type AtomicSchema struct { // (Tactics, Techniques, and Procedures) object. // TODO: Replace with existing TTP struct type TTP struct { - APIVersion string `yaml:"api_version"` - Name string - Description string `yaml:"description,omitempty"` - Environment map[string]string `yaml:"env,omitempty,flow"` - Args []args.Spec `yaml:"args,omitempty"` - UUID string `yaml:"uuid,omitempty"` - Mitre Mitre - Steps []Step + APIVersion string `yaml:"api_version"` + Name string + Description string `yaml:"description,omitempty"` + Environment map[string]string `yaml:"env,omitempty,flow"` + Args []args.Spec `yaml:"args,omitempty"` + UUID string `yaml:"uuid,omitempty"` + Mitre Mitre + Requirements RequirementsConfig + Steps []Step // Omit WorkDir, but expose for testing. WorkDir string `yaml:"-"` } +// TODO: replace this by ttpforge/pkg/blocks/requirements.go#RequirementsConfig +type RequirementsConfig struct { + Platforms []PlatformSpec +} + +// TODO: replace it by ttpforge/pkg/platforms/spec.go#Spec +type PlatformSpec struct { + OS string + Arch string `yaml:"arch,omitempty"` +} + type AtomicTest struct { Name string `yaml:"name"` Description string `yaml:"description,omitempty"` @@ -117,15 +129,29 @@ type ArgumentSpec struct { Description string `yaml:"description,omitempty"` } +func buildRequirements(test AtomicTest) RequirementsConfig { + result := RequirementsConfig{} + for _, platform := range test.SupportedPlatforms { + result.Platforms = append( + result.Platforms, + PlatformSpec{ + OS: platform, + }, + ) + } + return result +} + func ConvertSchema(atomic AtomicSchema) []TTP { result := make([]TTP, len(atomic.AtomicTests)) for i, test := range atomic.AtomicTests { ttp := TTP{ - APIVersion: "2.0", - Name: test.Name, - Description: test.Description, - UUID: test.AutoGeneratedGUID, + APIVersion: "2.0", + Name: test.Name, + Description: test.Description, + UUID: test.AutoGeneratedGUID, + Requirements: buildRequirements(test), Mitre: Mitre{ Techniques: []string{atomic.AttackTechnique}, Tactics: []string{}, From c5bf9f282fe7806e7118baa1aca50eec08985a6b Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Thu, 24 Oct 2024 12:31:56 +0100 Subject: [PATCH 19/35] Added translation of platform names and argument types --- magefiles/translate.go | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index f9906e46..b677d5f1 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -129,13 +129,41 @@ type ArgumentSpec struct { Description string `yaml:"description,omitempty"` } +// Maps platform names from Atomic terms to TTPForge supported +func NewPlatformMapping() map[string]string { + // All supported_platforms found in Atomics repo + // {'containers', 'iaas:gcp', 'office-365', 'google-workspace', 'iaas:azure', 'windows', 'macos', 'linux', 'azure-ad', 'iaas:aws'} + // TODO: Rely on enum from TTPForge paltforms.go + return map[string]string{ + "linux": "linux", + "macos": "darwin", + "windows": "windows", + } +} + +func NewArgumentTypeMapping() map[string]string { + // TODO: compare lower-cased strings only + return map[string]string{ + "string": "string", + "url": "string", + "integer": "int", + "boolean": "bool", + "path": "path", + } +} + func buildRequirements(test AtomicTest) RequirementsConfig { + platformMapping := NewPlatformMapping() result := RequirementsConfig{} for _, platform := range test.SupportedPlatforms { + value, ok := platformMapping[platform] + if !ok { + value = platform + } result.Platforms = append( result.Platforms, PlatformSpec{ - OS: platform, + OS: value, }, ) } @@ -160,11 +188,16 @@ func ConvertSchema(atomic AtomicSchema) []TTP { } // Populate Args for each step from the test's InputArguments + argumentTypeMapping := NewArgumentTypeMapping() argumentReplacements := make(map[string]string, len(test.InputArguments)) for argName, inputArg := range test.InputArguments { + typeValue, ok := argumentTypeMapping[inputArg.Type] + if !ok { + typeValue = inputArg.Type + } spec := args.Spec{ Name: argName, - Type: inputArg.Type, + Type: typeValue, // TODO: consider path prefix "PathToAtomicsFolder" as magical // TODO: consider prefix "$env:FOOBAR" as magical Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string From fd713601b9b1f4c834f66869cc6149a1499803ab Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Thu, 24 Oct 2024 16:02:13 +0100 Subject: [PATCH 20/35] Process dependencies as Steps --- magefiles/translate.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/magefiles/translate.go b/magefiles/translate.go index b677d5f1..d0e76cbb 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -170,6 +170,29 @@ func buildRequirements(test AtomicTest) RequirementsConfig { return result } +func buildDependencySteps(dependencies []Dependency, executor string) []Step { + // TODO: Invent clean up instructions for dependencies + var result []Step + for _, dep := range dependencies { + check := dep.PrereqCommand + prep := dep.GetPrereqCommand + var inline string + if !(executor == "powershell" || executor == "bash" || executor == "sh") { + // Cannot auto-build dependency step for this executor + continue + } + // Relying on existing convention of having "exit 1" in case of failed check + inline = strings.Replace(check, "exit 1", fmt.Sprintf("{%s}", prep), 1) + step := Step{ + Name: dep.Description, + Inline: inline, + Executor: executor, + } + result = append(result, step) + } + return result +} + func ConvertSchema(atomic AtomicSchema) []TTP { result := make([]TTP, len(atomic.AtomicTests)) @@ -209,6 +232,11 @@ func ConvertSchema(atomic AtomicSchema) []TTP { argumentReplacements[argPlaceholder] = fmt.Sprintf("{{.Args.%v}}", argName) } + depSteps := buildDependencySteps(test.Dependencies, test.DependencyExecutorName) + if len(depSteps) > 0 { + ttp.Steps = append(ttp.Steps, depSteps...) + } + step := Step{ Name: formatStepName(test.Name), Inline: replaceArgumentPlaceholders(test.Executor.Command, argumentReplacements), From 3d4713c6b887eaa267ace847200592ee14cb2ebb Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Thu, 24 Oct 2024 17:05:33 +0100 Subject: [PATCH 21/35] Add expected super-user flag, ReplaceAll in dependency step formatting --- magefiles/translate.go | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index d0e76cbb..22f9d359 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -55,7 +55,8 @@ type TTP struct { // TODO: replace this by ttpforge/pkg/blocks/requirements.go#RequirementsConfig type RequirementsConfig struct { - Platforms []PlatformSpec + Platforms []PlatformSpec + ExpectSuperuser bool `yaml:"superuser,omitempty"` } // TODO: replace it by ttpforge/pkg/platforms/spec.go#Spec @@ -78,9 +79,10 @@ type AtomicTest struct { type AtomicTestExecutor struct { // TODO: Use existing Executor Enum - Name string `yaml:"name,omitempty"` - Command string - CleanupCommand string `yaml:"cleanup_command"` + Name string `yaml:"name,omitempty"` + Command string + CleanupCommand string `yaml:"cleanup_command"` + ElevationRequired bool `yaml:"elevation_required,omitempty"` } type InputArgument struct { @@ -155,6 +157,9 @@ func NewArgumentTypeMapping() map[string]string { func buildRequirements(test AtomicTest) RequirementsConfig { platformMapping := NewPlatformMapping() result := RequirementsConfig{} + if test.Executor.ElevationRequired { + result.ExpectSuperuser = test.Executor.ElevationRequired + } for _, platform := range test.SupportedPlatforms { value, ok := platformMapping[platform] if !ok { @@ -182,7 +187,9 @@ func buildDependencySteps(dependencies []Dependency, executor string) []Step { continue } // Relying on existing convention of having "exit 1" in case of failed check - inline = strings.Replace(check, "exit 1", fmt.Sprintf("{%s}", prep), 1) + // NB: check script might have several checks as well as several exit points + // we are just replacing all exit points to prep command and hope for idempotency + inline = strings.ReplaceAll(check, "exit 1", fmt.Sprintf("{%s}", prep)) step := Step{ Name: dep.Description, Inline: inline, From 3fd917499d78538788119fef48af4eb6d32aa2d3 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Thu, 24 Oct 2024 18:03:35 +0100 Subject: [PATCH 22/35] Added Description field to Argument Specification --- pkg/args/spec.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkg/args/spec.go b/pkg/args/spec.go index ace1dfa9..1884689c 100644 --- a/pkg/args/spec.go +++ b/pkg/args/spec.go @@ -31,11 +31,12 @@ import ( // Spec defines a CLI argument for the TTP type Spec struct { - Name string `yaml:"name"` - Type string `yaml:"type,omitempty"` - Default string `yaml:"default,omitempty"` - Choices []string `yaml:"choices,omitempty"` - Format string `yaml:"regexp,omitempty"` + Name string `yaml:"name"` + Type string `yaml:"type,omitempty"` + Default string `yaml:"default,omitempty"` + Choices []string `yaml:"choices,omitempty"` + Format string `yaml:"regexp,omitempty"` + Description string `yaml:"description,omitempty"` formatReg *regexp.Regexp } From 890f09fb1773b6ec62b4b7d9f046a339402bfa83 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Fri, 25 Oct 2024 19:01:31 +0100 Subject: [PATCH 23/35] update magefiles reference to ttpforge@1.2.1 --- magefiles/go.mod | 70 +++--- magefiles/go.sum | 620 ++++++----------------------------------------- 2 files changed, 109 insertions(+), 581 deletions(-) diff --git a/magefiles/go.mod b/magefiles/go.mod index 447592f3..9a6a93af 100755 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -1,47 +1,43 @@ module magefile -go 1.21 +go 1.23 -toolchain go1.21.1 +toolchain go1.23.1 require ( - github.com/facebookincubator/ttpforge v1.0.7 - github.com/l50/goutils/v2 v2.1.0 - github.com/magefile/mage v1.15.0 - github.com/spf13/afero v1.9.5 + github.com/facebookincubator/ttpforge v1.2.1 gopkg.in/yaml.v3 v3.0.1 ) require ( - dario.cat/mergo v1.0.0 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect - github.com/acomagu/bufpipe v1.0.4 // indirect - github.com/bitfield/script v0.22.0 // indirect - github.com/cloudflare/circl v1.3.3 // indirect - github.com/emirpasic/gods v1.18.1 // indirect - github.com/fatih/color v1.15.0 // indirect - github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.4.1 // indirect - github.com/go-git/go-git/v5 v5.8.1 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/itchyny/gojq v0.12.13 // indirect - github.com/itchyny/timefmt-go v0.1.5 // indirect - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect - github.com/otiai10/copy v1.12.0 // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/skeema/knownhosts v1.2.0 // indirect - github.com/xanzy/ssh-agent v0.3.3 // indirect - golang.org/x/crypto v0.12.0 // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect - golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect - gopkg.in/warnings.v0 v0.1.2 // indirect - mvdan.cc/sh/v3 v3.6.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/Masterminds/sprig/v3 v3.2.3 // indirect + github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 // indirect + github.com/creack/pty v1.1.17 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/huandu/xstrings v1.4.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/kr/pretty v0.3.1 // indirect + github.com/kr/text v0.2.0 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/otiai10/copy v1.14.0 // indirect + github.com/rogpeppe/go-internal v1.13.1 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + github.com/spf13/afero v1.11.0 // indirect + github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/tidwall/gjson v1.17.1 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.1 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect ) diff --git a/magefiles/go.sum b/magefiles/go.sum index 526441e5..d451fca2 100755 --- a/magefiles/go.sum +++ b/magefiles/go.sum @@ -1,180 +1,34 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= -github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/bitfield/script v0.22.0 h1:LA7QHuEsXMPD52YLtxWrlqCCy+9FOpzNYfsRHC5Gsrc= -github.com/bitfield/script v0.22.0/go.mod h1:ms4w+9B8f2/W0mbsgWDVTtl7K94bYuZc3AunnJC4Ebs= -github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= +github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI= +github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= -github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= -github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/facebookincubator/ttpforge v1.0.7 h1:qrLKCYY4aS9LPPywGYso15Phxt1vVlLFiX+z8tBbHFQ= -github.com/facebookincubator/ttpforge v1.0.7/go.mod h1:AIilkLrCgcdyjWglSffm6U+7l+tSwd9GBj7GQmDYKIM= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= -github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= -github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A= -github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/itchyny/gojq v0.12.12/go.mod h1:j+3sVkjxwd7A7Z5jrbKibgOLn0ZfLWkV+Awxr/pyzJE= -github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= -github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= -github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= -github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= -github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/facebookincubator/ttpforge v1.2.0 h1:k1f7rBccdzuwNeT/YjyUtL+BH94KdWQlmZ+bQ7EMODY= +github.com/facebookincubator/ttpforge v1.2.0/go.mod h1:7GXbcsYR0HsPPZoAMC9J99fkkDsQ5UhpixJf42DFDXk= +github.com/facebookincubator/ttpforge v1.2.1 h1:eLi26wnnJC/sCsUd5WZfXTj9r55Vzf4tTzFfZvKPbJ4= +github.com/facebookincubator/ttpforge v1.2.1/go.mod h1:7GXbcsYR0HsPPZoAMC9J99fkkDsQ5UhpixJf42DFDXk= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= +github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -182,416 +36,94 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/l50/goutils/v2 v2.1.0 h1:o6DYjCtPevU5Uq1OjB8mtdsS00KxZHFQKVb9Hgo+KzI= -github.com/l50/goutils/v2 v2.1.0/go.mod h1:UwkfE7TaT3x9pzK7iAbiwQj+gkRVEi0GETasQqwE8uk= -github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= -github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= -github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY= -github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= -github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= -github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= +github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= -github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= -github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= -github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= -github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= +github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -mvdan.cc/editorconfig v0.2.0/go.mod h1:lvnnD3BNdBYkhq+B4uBuFFKatfp02eB6HixDvEz91C0= -mvdan.cc/sh/v3 v3.6.0 h1:gtva4EXJ0dFNvl5bHjcUEvws+KRcDslT8VKheTYkbGU= -mvdan.cc/sh/v3 v3.6.0/go.mod h1:U4mhtBLZ32iWhif5/lD+ygy1zrgaQhUu+XFy7C8+TTA= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= From 6acf7e4570ec5564ea1ed751ec34042deedab223 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sun, 3 Nov 2024 17:29:07 +0000 Subject: [PATCH 24/35] Replace argument placeholders in dependency steps; prevent double curve brackets from appearing in dep steps --- magefiles/translate.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 22f9d359..45be4216 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -175,7 +175,7 @@ func buildRequirements(test AtomicTest) RequirementsConfig { return result } -func buildDependencySteps(dependencies []Dependency, executor string) []Step { +func buildDependencySteps(dependencies []Dependency, executor string, argumentReplacements map[string]string) []Step { // TODO: Invent clean up instructions for dependencies var result []Step for _, dep := range dependencies { @@ -189,7 +189,7 @@ func buildDependencySteps(dependencies []Dependency, executor string) []Step { // Relying on existing convention of having "exit 1" in case of failed check // NB: check script might have several checks as well as several exit points // we are just replacing all exit points to prep command and hope for idempotency - inline = strings.ReplaceAll(check, "exit 1", fmt.Sprintf("{%s}", prep)) + inline = strings.ReplaceAll(replaceArgumentPlaceholders(check, argumentReplacements), "exit 1", fmt.Sprintf(" {%s} ", prep)) step := Step{ Name: dep.Description, Inline: inline, @@ -239,7 +239,7 @@ func ConvertSchema(atomic AtomicSchema) []TTP { argumentReplacements[argPlaceholder] = fmt.Sprintf("{{.Args.%v}}", argName) } - depSteps := buildDependencySteps(test.Dependencies, test.DependencyExecutorName) + depSteps := buildDependencySteps(test.Dependencies, test.DependencyExecutorName, argumentReplacements) if len(depSteps) > 0 { ttp.Steps = append(ttp.Steps, depSteps...) } From f9fcc73be1a2d3a5cadf3fcada3e979bd88bf475 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sun, 3 Nov 2024 17:35:47 +0000 Subject: [PATCH 25/35] Make all argument types lowercased --- magefiles/translate.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 45be4216..6692aab7 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -221,7 +221,8 @@ func ConvertSchema(atomic AtomicSchema) []TTP { argumentTypeMapping := NewArgumentTypeMapping() argumentReplacements := make(map[string]string, len(test.InputArguments)) for argName, inputArg := range test.InputArguments { - typeValue, ok := argumentTypeMapping[inputArg.Type] + lowerCaseArgName := strings.ToLower(argName) + typeValue, ok := argumentTypeMapping[lowerCaseArgName] if !ok { typeValue = inputArg.Type } From a58114eb6c2d6d123b1c22306f3244769c95092d Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sun, 3 Nov 2024 18:09:52 +0000 Subject: [PATCH 26/35] Do not translate empty clean up instructions --- magefiles/translate.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 6692aab7..7fff395d 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -245,14 +245,18 @@ func ConvertSchema(atomic AtomicSchema) []TTP { ttp.Steps = append(ttp.Steps, depSteps...) } + inline := replaceArgumentPlaceholders(test.Executor.Command, argumentReplacements) step := Step{ Name: formatStepName(test.Name), - Inline: replaceArgumentPlaceholders(test.Executor.Command, argumentReplacements), + Inline: inline, Executor: test.Executor.Name, - Cleanup: CleanupAction{ - Inline: replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements), + } + cleanUpInline := replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements) + if cleanUpInline != "" { + step.Cleanup = CleanupAction{ + Inline: cleanUpInline, Executor: test.Executor.Name, - }, + } } ttp.Steps = append(ttp.Steps, step) From 5f7a6abe1745c5de1257376e2ebbe0f80a4385df Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sun, 3 Nov 2024 20:38:47 +0000 Subject: [PATCH 27/35] Properly escape default values --- magefiles/translate.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 7fff395d..9ed88614 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -226,12 +226,14 @@ func ConvertSchema(atomic AtomicSchema) []TTP { if !ok { typeValue = inputArg.Type } + defaultValue := fmt.Sprintf("%v", inputArg.Default) // convert interface{} to string + defaultValue = strings.ReplaceAll(defaultValue, "\\", "\\\\") // proper escaping spec := args.Spec{ Name: argName, Type: typeValue, // TODO: consider path prefix "PathToAtomicsFolder" as magical // TODO: consider prefix "$env:FOOBAR" as magical - Default: fmt.Sprintf("%v", inputArg.Default), // convert interface{} to string + Default: defaultValue, // TODO: bump ttpforge dependency to support description field // Description: inputArg.Description, } From 9037d305b921b5da1eef5beeb353a0fadcfc2a34 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sun, 3 Nov 2024 20:57:00 +0000 Subject: [PATCH 28/35] Translate executor names to executables --- magefiles/translate.go | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 9ed88614..430fdcbb 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -144,7 +144,6 @@ func NewPlatformMapping() map[string]string { } func NewArgumentTypeMapping() map[string]string { - // TODO: compare lower-cased strings only return map[string]string{ "string": "string", "url": "string", @@ -154,6 +153,12 @@ func NewArgumentTypeMapping() map[string]string { } } +func NewExecutorMapping() map[string]string { + return map[string]string{ + "command_prompt": "cmd", + } +} + func buildRequirements(test AtomicTest) RequirementsConfig { platformMapping := NewPlatformMapping() result := RequirementsConfig{} @@ -200,6 +205,15 @@ func buildDependencySteps(dependencies []Dependency, executor string, argumentRe return result } +func translateExecutor(executor string) string { + executorMapping := NewExecutorMapping() + value, ok := executorMapping[executor] + if ok { + return value + } + return executor +} + func ConvertSchema(atomic AtomicSchema) []TTP { result := make([]TTP, len(atomic.AtomicTests)) @@ -248,16 +262,17 @@ func ConvertSchema(atomic AtomicSchema) []TTP { } inline := replaceArgumentPlaceholders(test.Executor.Command, argumentReplacements) + executor := translateExecutor(test.Executor.Name) step := Step{ Name: formatStepName(test.Name), Inline: inline, - Executor: test.Executor.Name, + Executor: executor, } cleanUpInline := replaceArgumentPlaceholders(test.Executor.CleanupCommand, argumentReplacements) if cleanUpInline != "" { step.Cleanup = CleanupAction{ Inline: cleanUpInline, - Executor: test.Executor.Name, + Executor: executor, } } ttp.Steps = append(ttp.Steps, step) From 1f8b7d45e6a5d41d0b85e68fd7e6e76718f72f74 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Tue, 12 Nov 2024 10:06:39 +0000 Subject: [PATCH 29/35] Translate arg placeholders in pre-requisites instructions --- magefiles/translate.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index 430fdcbb..fc52f452 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -186,15 +186,16 @@ func buildDependencySteps(dependencies []Dependency, executor string, argumentRe for _, dep := range dependencies { check := dep.PrereqCommand prep := dep.GetPrereqCommand - var inline string if !(executor == "powershell" || executor == "bash" || executor == "sh") { // Cannot auto-build dependency step for this executor continue } + check = replaceArgumentPlaceholders(check, argumentReplacements) + prep = replaceArgumentPlaceholders(prep, argumentReplacements) // Relying on existing convention of having "exit 1" in case of failed check // NB: check script might have several checks as well as several exit points // we are just replacing all exit points to prep command and hope for idempotency - inline = strings.ReplaceAll(replaceArgumentPlaceholders(check, argumentReplacements), "exit 1", fmt.Sprintf(" {%s} ", prep)) + inline := strings.ReplaceAll(check, "exit 1", fmt.Sprintf(" {\n%s\n} ", prep)) step := Step{ Name: dep.Description, Inline: inline, From ed2dd789f5720d7bc15ad40ff697c406cedc2116 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Thu, 14 Nov 2024 20:59:30 +0000 Subject: [PATCH 30/35] Actual translation of argument types --- magefiles/translate.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index fc52f452..cc1e4f1a 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -236,8 +236,8 @@ func ConvertSchema(atomic AtomicSchema) []TTP { argumentTypeMapping := NewArgumentTypeMapping() argumentReplacements := make(map[string]string, len(test.InputArguments)) for argName, inputArg := range test.InputArguments { - lowerCaseArgName := strings.ToLower(argName) - typeValue, ok := argumentTypeMapping[lowerCaseArgName] + lowerCaseArgType := strings.ToLower(inputArg.Type) + typeValue, ok := argumentTypeMapping[lowerCaseArgType] if !ok { typeValue = inputArg.Type } From df6b13631622586fb51beec3cee24d939c5631a9 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Thu, 14 Nov 2024 21:13:45 +0000 Subject: [PATCH 31/35] Keep arguments sorted by name --- magefiles/translate.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/magefiles/translate.go b/magefiles/translate.go index cc1e4f1a..1a9162f9 100644 --- a/magefiles/translate.go +++ b/magefiles/translate.go @@ -24,6 +24,7 @@ import ( "fmt" "os" "path/filepath" + "sort" "strings" "github.com/facebookincubator/ttpforge/pkg/args" @@ -235,7 +236,15 @@ func ConvertSchema(atomic AtomicSchema) []TTP { // Populate Args for each step from the test's InputArguments argumentTypeMapping := NewArgumentTypeMapping() argumentReplacements := make(map[string]string, len(test.InputArguments)) - for argName, inputArg := range test.InputArguments { + + argNames := make([]string, 0, len(test.InputArguments)) + for argName := range test.InputArguments { + argNames = append(argNames, argName) + } + sort.Strings(argNames) + + for _, argName := range argNames { + inputArg := test.InputArguments[argName] lowerCaseArgType := strings.ToLower(inputArg.Type) typeValue, ok := argumentTypeMapping[lowerCaseArgType] if !ok { From e727269cf3ea5720013899b2eb78dac671436d3b Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Tue, 26 Nov 2024 18:25:57 +0000 Subject: [PATCH 32/35] Added manual for YAML translation process --- TranslationGuide.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 TranslationGuide.md diff --git a/TranslationGuide.md b/TranslationGuide.md new file mode 100644 index 00000000..60162252 --- /dev/null +++ b/TranslationGuide.md @@ -0,0 +1,44 @@ +# Atomic Red Team tests consumption by TTPForge + +This doc provides step-by-step guide to migrate ART tests to TTPForge format and run them. + + +## Conventions of the source + +Located in the [redcanaryco/atomic-red-team](https://github.com/redcanaryco/atomic-red-team) repo on github. The `atomics` directory contains a library of YAML files categorized by MITRE TTP ids as sub-directory names. +Each YAML file contains several _Atomic tests_ (or implementations) of the unique TTP. Those tests differ by targeted platform, toolchain, and the actual way of acheiving the goal. +Each test might have unique parameters to be passed via command line, prerequisites and instructions to funlfill those prerequisites. +Executor is the program which is used to perform required actions to excersise the test. + + +## Steps required for translation + +The TTPForge engine supports only one implementation of a TTP per file. This is why you should expect several new files to appear in the target directory. By default the resulting YAML files have unique UUID as its name. This UUID is taken from the corresponding test. +Each resulting file has MITRE TTP id tags as well as platform requirements. +Resulting YAML file has all arguments defined in the corresponding Atomic test. + +Please note that the Prerequisites concept is not supported by TTPForge engine. This is why check for such prerequisites and their acquisition is kept as a separate step in the resulting YAML file. + + +## The guidance + +0. Checkout the branch containing the translation script (see [the PR](https://github.com/inesusvet/TTPForge/pull/1) in my fork of TTPForge). +0. Install [the Mage](https://magefile.org/) build tool for Go in order to run the translation script. +0. Select a YAML file from the ART library to traslate to TTPForge format. +0. Run the translation script passing diretory containing the ART YAML file. +For example `mage convertYAMLSchema ~/atomic-red-team/atomics/T1003.002` +0. Test the translated YAML file with TTPForge. + + +## Testing + +As the majority of Atomic tests are Windows specific, let's describe the testing approach using this platform. + +0. Enable Windows Sandbox following [the official guide](https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview) to evade EDR noise. +0. Download latest TTPForge binary [release](https://github.com/facebookincubator/TTPForge/releases) from github. +0. Run TTPForge on transalted YAML file using `--dry-run` mode +0. Run TTPForge for real life. + + +## Feedback +Please send your questions to the [original issue](https://github.com/facebookincubator/TTPForge/issues/83) on github. From f2fcf50c40ed4de76bf0610365c4e4aa2fcf0d91 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sat, 30 Nov 2024 08:18:25 +0000 Subject: [PATCH 33/35] go mod tidy --- magefiles/go.mod | 27 ------------ magefiles/go.sum | 104 ----------------------------------------------- 2 files changed, 131 deletions(-) diff --git a/magefiles/go.mod b/magefiles/go.mod index 9a6a93af..7fc98f2b 100755 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -10,34 +10,7 @@ require ( ) require ( - github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.3 // indirect - github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 // indirect - github.com/creack/pty v1.1.17 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/huandu/xstrings v1.4.0 // indirect - github.com/imdario/mergo v0.3.16 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/kr/pretty v0.3.1 // indirect - github.com/kr/text v0.2.0 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/otiai10/copy v1.14.0 // indirect github.com/rogpeppe/go-internal v1.13.1 // indirect - github.com/shopspring/decimal v1.4.0 // indirect - github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.6.0 // indirect - github.com/spf13/cobra v1.8.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/tidwall/gjson v1.17.1 // indirect - github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.1 // indirect - go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect ) diff --git a/magefiles/go.sum b/magefiles/go.sum index d451fca2..65170d39 100755 --- a/magefiles/go.sum +++ b/magefiles/go.sum @@ -1,34 +1,8 @@ -github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= -github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= -github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= -github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w= -github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI= -github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/facebookincubator/ttpforge v1.2.0 h1:k1f7rBccdzuwNeT/YjyUtL+BH94KdWQlmZ+bQ7EMODY= -github.com/facebookincubator/ttpforge v1.2.0/go.mod h1:7GXbcsYR0HsPPZoAMC9J99fkkDsQ5UhpixJf42DFDXk= github.com/facebookincubator/ttpforge v1.2.1 h1:eLi26wnnJC/sCsUd5WZfXTj9r55Vzf4tTzFfZvKPbJ4= github.com/facebookincubator/ttpforge v1.2.1/go.mod h1:7GXbcsYR0HsPPZoAMC9J99fkkDsQ5UhpixJf42DFDXk= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -36,94 +10,16 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= -github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= -github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= -github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= -github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= -github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= -github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= -github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= -github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= -github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= -github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= -go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From f50fbe265c4aa6f3d683cdefe8aae9385de34579 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sat, 30 Nov 2024 08:30:38 +0000 Subject: [PATCH 34/35] Moved translation guide to docs --- TranslationGuide.md => docs/TranslationGuide.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename TranslationGuide.md => docs/TranslationGuide.md (100%) diff --git a/TranslationGuide.md b/docs/TranslationGuide.md similarity index 100% rename from TranslationGuide.md rename to docs/TranslationGuide.md From 13d2ef8738365684507a2d52d6633273fd315582 Mon Sep 17 00:00:00 2001 From: Ivan Styazhkin Date: Sat, 30 Nov 2024 08:47:14 +0000 Subject: [PATCH 35/35] Drop pkg/art as outdated --- pkg/art/README.md | 233 ----------------------------- pkg/art/parse.go | 333 ------------------------------------------ pkg/art/parse_test.go | 143 ------------------ 3 files changed, 709 deletions(-) delete mode 100644 pkg/art/README.md delete mode 100644 pkg/art/parse.go delete mode 100644 pkg/art/parse_test.go diff --git a/pkg/art/README.md b/pkg/art/README.md deleted file mode 100644 index 00988cb0..00000000 --- a/pkg/art/README.md +++ /dev/null @@ -1,233 +0,0 @@ -# TTPForge/art - -The `art` package is a part of the TTPForge. - ---- - -## Table of contents - -- [Functions](#functions) -- [Installation](#installation) -- [Usage](#usage) -- [Tests](#tests) -- [Contributing](#contributing) -- [License](#license) - ---- - -## Functions - -### Ability.EncodeCommand() - -```go -EncodeCommand() -``` - -EncodeCommand encodes the command of an Ability using base64 encoding. - -**Parameters:** - -a: A pointer to the Ability structure. - ---- - -### Atomic.GenerateArtVarsAndAbilities() - -```go -GenerateArtVarsAndAbilities() -``` - -GenerateArtVarsAndAbilities generates the ArtInputVars and ArtAbilities for an Atomic structure. - -**Parameters:** - -a: A pointer to the Atomic structure. - ---- - -### Atomic.LoadArtYAML(string) - -```go -LoadArtYAML(string) error -``` - -LoadArtYAML loads the ART YAML from a given path into the Atomic structure. - -**Parameters:** - -path: Path to the ART YAML file. - -**Returns:** - -error: An error if any issue occurs while loading the ART YAML. - ---- - -### Atomic.LoadAtomic(string) - -```go -LoadAtomic(string) error -``` - -LoadAtomic loads a JSON file into the Atomic structure. - -**Parameters:** - -path: Path to the JSON file. - -**Returns:** - -error: An error if any issue occurs while loading the JSON into Atomic. - ---- - -### Config.Load(string) - -```go -Load(string) error -``` - -Load reads a YAML file and loads it into the Config structure. - -**Parameters:** - -path: Path to the YAML file. - -**Returns:** - -error: An error if any issue occurs while loading the YAML into Config. - ---- - -### NewAbility(int64, string) - -```go -NewAbility(int64, string) *Ability -``` - -NewAbility initializes a new Ability and encodes its command. - -**Parameters:** - -id: Identifier for the new ability. -command: The command for the new ability. - -**Returns:** - -*Ability: A pointer to the newly created Ability. - ---- - -### NewAtomic() - -```go -NewAtomic() *Atomic -``` - -NewAtomic initializes a new Atomic structure. - -**Returns:** - -*Atomic: A pointer to the newly created Atomic structure. - ---- - -### NewConfig(string) - -```go -NewConfig(string) *Config, error -``` - -NewConfig initializes a new Config. - -**Parameters:** - -path: Path to the configuration file. - -**Returns:** - -*Config: A pointer to the newly created Config. -error: An error if any issue occurs while initializing the Config. - ---- - -### NewVar(int64, string) - -```go -NewVar(int64, string) *Var -``` - -NewVar initializes a new Var and encodes its value. - -**Parameters:** - -id: Identifier for the ability the variable belongs to. -name: Name of the variable. -value: Value of the variable. - -**Returns:** - -*Var: A pointer to the newly created Var. - ---- - -### Var.EncodeValue() - -```go -EncodeValue() -``` - -EncodeValue encodes the value of the Var structure. - -**Parameters:** - -v: A pointer to the Var structure. - ---- - -## Installation - -To use the TTPForge/art package, you first need to install it. -Follow the steps below to install via go get. - -```bash -go get github.com/facebookincubator/ttpforge/art -``` - ---- - -## Usage - -After installation, you can import the package in your Go project -using the following import statement: - -```go -import "github.com/facebookincubator/ttpforge/art" -``` - ---- - -## Tests - -To ensure the package is working correctly, run the following -command to execute the tests for `TTPForge/art`: - -```bash -go test -v -``` - ---- - -## Contributing - -Pull requests are welcome. For major changes, -please open an issue first to discuss what -you would like to change. - ---- - -## License - -This project is licensed under the MIT -License - see the [LICENSE](https://github.com/facebookincubator/TTPForge/blob/main/LICENSE) -file for details. diff --git a/pkg/art/parse.go b/pkg/art/parse.go deleted file mode 100644 index 01d63e7e..00000000 --- a/pkg/art/parse.go +++ /dev/null @@ -1,333 +0,0 @@ -/* -Copyright © 2023-present, Meta Platforms, Inc. and affiliates -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. -*/ - -package art - -import ( - "encoding/base64" - "encoding/json" - "os" - "strings" - - "gopkg.in/yaml.v3" -) - -// Config represents the configuration details for ART. -// -// **Attributes:** -// -// ArtPath: Path to ART files. -// CtiPath: Path to CTI files. -type Config struct { - ArtPath string `yaml:"art_path"` - CtiPath string `yaml:"cti_path"` -} - -// Ability represents the details of an ability. -// -// **Attributes:** -// -// AbilityID: Identifier for the ability. -// Command: The command to be executed for this ability. -type Ability struct { - AbilityID int64 - Command string -} - -// Var represents a variable tied to an ability. -// -// **Attributes:** -// -// AbilityID: Identifier for the ability the variable belongs to. -// VarName: Name of the variable. -// Value: Value of the variable. -type Var struct { - AbilityID int64 - VarName string - Value string -} - -// Atomic represents the structure of an atomic test. -// -// **Attributes:** -// -// AbilityID: Identifier for the atomic test. -// Platform: Platform on which the atomic test runs. -// Executor: Executor name. -// Command: The command to be executed. -// InputArguments: Arguments passed to the atomic test. -// Encoder: List of encoders used. -// ArtAbilities: List of art abilities tied to this atomic. -// ArtInputVars: List of variables tied to this atomic. -type Atomic struct { - AbilityID int64 `json:"ability_id"` - Platform string `json:"platform"` - Executor string `json:"executor"` - Command string `json:"command"` - InputArguments map[string]Argument - Encoder []string `json:"encoder"` - ArtAbilities []*Ability - ArtInputVars []*Var -} - -// Argument represents the input arguments for an atomic test. -// -// **Attributes:** -// -// ID: Identifier for the argument. -// Name: Name of the argument. -// Default: Default value for the argument. -type Argument struct { - ID int `json:"id"` - Name string `json:"name"` - Default string `json:"default"` -} - -// AtomicRedTeamYAML represents the structure of an ART TTP. -// -// **Attributes:** -// -// AttackTechnique: The attack technique. -// AtomicTests: List of atomic tests. -type AtomicRedTeamYAML struct { - AttackTechnique string `yaml:"attack_technique"` - AtomicTests []AtomicTest `yaml:"atomic_tests"` -} - -// AtomicTest represents an atomic test in ART YAML. -// -// **Attributes:** -// -// Name: Name of the atomic test. -// SupportedPlatforms: List of platforms this test supports. -// InputArguments: Input arguments for the atomic test. -// Executor: Executor for the atomic test. -type AtomicTest struct { - Name string `yaml:"name"` - SupportedPlatforms []string `yaml:"supported_platforms"` - InputArguments map[string]InputArg `yaml:"input_arguments"` - Executor Executor `yaml:"executor"` -} - -// Executor represents the executor details for an atomic test. -// -// **Attributes:** -// -// Name: Name of the executor. -// Command: Command associated with the executor. -type Executor struct { - Name string `yaml:"name"` - Command string `yaml:"command"` -} - -// InputArg represents an input argument in an AtomicTest. -// -// **Attributes:** -// -// Default: Default value for the input argument. -type InputArg struct { - Default string `yaml:"default"` -} - -// Helper function to process character replacements -func replaceSpecialChars(str string) string { - // Replacing "\x07" with "a" for specific reasons (you can elaborate based on real reasons). - str = strings.ReplaceAll(str, "\x07", "a") - // Replacing "\\\\" with "\\" to correct potential escape sequence errors. - str = strings.ReplaceAll(str, "\\\\", "\\") - return str -} - -// ProcessAtomicTest processes an individual Atomic Test from the -// provided AtomicTest structure, filters supported platforms, and -// creates abilities and variables from the atomic test. -// -// **Parameters:** -// -// atomicTest: The AtomicTest structure containing details of -// the test like supported platforms, executor commands, etc. -func (a *Atomic) ProcessAtomicTest(atomicTest AtomicTest) { - for _, platform := range atomicTest.SupportedPlatforms { - platform = strings.ToLower(platform) - if platform != "windows" && platform != "linux" && platform != "macos" { - continue - } - command := replaceSpecialChars(atomicTest.Executor.Command) - - artAbility := NewAbility(a.AbilityID, command) - a.ArtAbilities = append(a.ArtAbilities, artAbility) - - for varName, varVal := range atomicTest.InputArguments { - value := replaceSpecialChars(varVal.Default) - artVar := NewVar(a.AbilityID, varName, value) - a.ArtInputVars = append(a.ArtInputVars, artVar) - } - } -} - -// NewConfig initializes a new Config. -// -// **Parameters:** -// -// path: Path to the configuration file. -// -// **Returns:** -// -// *Config: A pointer to the newly created Config. -// error: An error if any issue occurs while initializing the Config. -func NewConfig(path string) (*Config, error) { - cfg := &Config{} - err := cfg.LoadArtYAML(path) - if err != nil { - return nil, err - } - return cfg, nil -} - -// LoadArtYAML reads an ART YAML file and loads it into the Config structure. -// -// **Parameters:** -// -// path: Path to the YAML file. -// -// **Returns:** -// -// error: An error if any issue occurs while loading the YAML into Config. -func (c *Config) LoadArtYAML(path string) error { - yamlFile, err := os.ReadFile(path) - if err != nil { - return err - } - - err = yaml.Unmarshal(yamlFile, c) - if err != nil { - return err - } - - return nil -} - -// NewAbility initializes a new Ability and encodes its command. -// -// **Parameters:** -// -// id: Identifier for the new ability. -// command: The command for the new ability. -// -// **Returns:** -// -// *Ability: A pointer to the newly created Ability. -func NewAbility(id int64, command string) *Ability { - ab := &Ability{ - AbilityID: id, - Command: command, - } - ab.EncodeCommand() - return ab -} - -// EncodeCommand encodes the command of an Ability using base64 encoding. -// -// **Parameters:** -// -// a: A pointer to the Ability structure. -func (a *Ability) EncodeCommand() { - a.Command = base64.StdEncoding.EncodeToString([]byte(a.Command)) -} - -// NewVar initializes a new Var and encodes its value. -// -// **Parameters:** -// -// id: Identifier for the ability the variable belongs to. -// name: Name of the variable. -// value: Value of the variable. -// -// **Returns:** -// -// *Var: A pointer to the newly created Var. -func NewVar(id int64, name, value string) *Var { - v := &Var{ - AbilityID: id, - VarName: name, - Value: value, - } - v.EncodeValue() - return v -} - -// EncodeValue encodes the value of the Var structure. -// -// **Parameters:** -// -// v: A pointer to the Var structure. -func (v *Var) EncodeValue() { - v.Value = base64.StdEncoding.EncodeToString([]byte(v.Value)) -} - -// NewAtomic initializes a new Atomic structure. -// -// **Returns:** -// -// *Atomic: A pointer to the newly created Atomic structure. -func NewAtomic() *Atomic { - return &Atomic{ - InputArguments: make(map[string]Argument), - ArtAbilities: make([]*Ability, 0), - ArtInputVars: make([]*Var, 0), - } -} - -// LoadAtomic loads a JSON file into the Atomic structure. -// -// **Parameters:** -// -// path: Path to the JSON file. -// -// **Returns:** -// -// error: An error if any issue occurs while loading the JSON into Atomic. -func (a *Atomic) LoadAtomic(path string) error { - jsonFile, err := os.ReadFile(path) - if err != nil { - return err - } - - err = json.Unmarshal(jsonFile, a) - if err != nil { - return err - } - - return nil -} - -// GenerateArtVarsAndAbilities generates the ArtInputVars and ArtAbilities for an Atomic structure. -// -// **Parameters:** -// -// a: A pointer to the Atomic structure. -func (a *Atomic) GenerateArtVarsAndAbilities() { - for varName, varVal := range a.InputArguments { - value := replaceSpecialChars(varVal.Default) - artVar := NewVar(a.AbilityID, varName, value) - a.ArtInputVars = append(a.ArtInputVars, artVar) - } - - a.ArtAbilities = append(a.ArtAbilities, NewAbility(a.AbilityID, a.Command)) -} diff --git a/pkg/art/parse_test.go b/pkg/art/parse_test.go deleted file mode 100644 index 473d3464..00000000 --- a/pkg/art/parse_test.go +++ /dev/null @@ -1,143 +0,0 @@ -/* -Copyright © 2023-present, Meta Platforms, Inc. and affiliates -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. -*/ - -package art_test - -import ( - "encoding/base64" - "testing" - - "github.com/facebookincubator/ttpforge/pkg/art" -) - -func TestNewConfig(t *testing.T) { - // This test assumes you have an actual YAML file. If you don't, this will fail. - tests := []struct { - name string - input string - expected art.Config - hasError bool - }{ - { - name: "Valid path", - input: "path_to_valid_yaml.yaml", - expected: art.Config{ArtPath: "some_path", CtiPath: "another_path"}, - hasError: false, - }, - { - name: "Invalid path", - input: "invalid_path.yaml", - expected: art.Config{}, - hasError: true, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - cfg, err := art.NewConfig(tc.input) - if (err != nil) != tc.hasError { - t.Fatalf("expected error status %v; got %v", tc.hasError, (err != nil)) - } - if *cfg != tc.expected { - t.Fatalf("expected config %v; got %v", tc.expected, cfg) - } - }) - } -} - -func TestLoadArtYAML(t *testing.T) { - tests := []struct { - name string - path string - expect *art.Atomic - err error - }{ - // TODO: Add test cases here - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - atomic := art.NewAtomic() - err := atomic.LoadArtYAML(tc.path) - if err != tc.err { - t.Errorf("Expected error %v, but got %v", tc.err, err) - } - // Add more assertions - }) - } -} - -func TestNewAbility(t *testing.T) { - tests := []struct { - name string - id int64 - command string - expected *art.Ability - }{ - { - name: "base64 encoding", - id: 1, - command: "ls", - expected: &art.Ability{ - AbilityID: 1, - Command: base64.StdEncoding.EncodeToString([]byte("ls")), - }, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - ab := art.NewAbility(tc.id, tc.command) - if *ab != *tc.expected { - t.Fatalf("expected %v; got %v", tc.expected, ab) - } - }) - } -} - -func TestNewVar(t *testing.T) { - tests := []struct { - name string - id int64 - varName string - value string - expected *art.Var - }{ - { - name: "base64 encoding", - id: 1, - varName: "VAR1", - value: "value1", - expected: &art.Var{ - AbilityID: 1, - VarName: "VAR1", - Value: base64.StdEncoding.EncodeToString([]byte("value1")), - }, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - v := art.NewVar(tc.id, tc.varName, tc.value) - if *v != *tc.expected { - t.Fatalf("expected %v; got %v", tc.expected, v) - } - }) - } -}