change of all unique IDs in ATT&CK v15.1 commit #2
Comments
|
Thanks @cvandeplas, this ID change is a bug - will fix this week. Hold off on merging and I'll update here. |
|
This issues still exists in latest releases; See example from release 1.8.0 (4.8.0) {
"type": "x-mitre-tactic",
"spec_version": "2.1",
"id": "x-mitre-tactic--3fa0e3a6-3d30-4407-864d-7975b4feda3c",
"created": "2025-03-14T14:59:46.047628Z",
"modified": "2025-03-14T14:59:46.047628Z",
"name": "Reconnaissance",
"description": "The adversary is trying to gather information about the machine learning system they can use to plan future operations.\n\nReconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting.\nSuch information may include details of the victim organizations' machine learning capabilities and research efforts.\nThis information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to obtain relevant ML artifacts, targeting ML capabilities used by the victim, tailoring attacks to the particular models used by the victim, or to drive and lead further Reconnaissance efforts.\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/tactics/AML.TA0002",
"external_id": "AML.TA0002"
}
],
"x_mitre_shortname": "reconnaissance"
},and the same object in release 1.9.0 (4.9.0) {
"type": "x-mitre-tactic",
"spec_version": "2.1",
"id": "x-mitre-tactic--8ed07aa0-b2fb-4267-ad98-84da4669dcec",
"created": "2025-04-22T21:54:36.101219Z",
"modified": "2025-04-22T21:54:36.101219Z",
"name": "Reconnaissance",
"description": "The adversary is trying to gather information about the AI system they can use to plan future operations.\n\nReconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting.\nSuch information may include details of the victim organizations' AI capabilities and research efforts.\nThis information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to obtain relevant AI artifacts, targeting AI capabilities used by the victim, tailoring attacks to the particular models used by the victim, or to drive and lead further Reconnaissance efforts.",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/tactics/AML.TA0002",
"external_id": "AML.TA0002"
}
],
"x_mitre_shortname": "reconnaissance"
},The lack of persistence in Suggestion would be to
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We notice in commit 5938264 with ATT&CK v15.1 info, that all unique IDs of ATLAS have changed to a new ID.
For example "Search for Victim's Publicly Available Research Materials", had as ID
attack-pattern--65d21e6b-7abe-4623-8f5c-88011cb362cb.Since the new release the ID us now
attack-pattern--41420aee-d3d0-413a-9528-9deb8b1fddba.A change in IDs unfortunately breaks all references whenever ATLAS data is being used.
As you may know, MITRE ATLAS is also made available as a MISP Galaxy, and therefore available as tag and metadata to the thousands of MISP Threat Sharing communities, and any other software that uses this source of information.
Was this an intentional change, or was it accidental?
It'd be great to know as we can give it a bit of time to fix before merging the change.
Thank you again for the great work with ATLAS !
The text was updated successfully, but these errors were encountered: