From 48ec70af3cb16abcf7044b8c60e5445ddbd72721 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <mcarenzo@mitre.org>
Date: Tue, 1 Aug 2023 13:57:34 -0400
Subject: [PATCH 01/18] Update FocusBox, FocusBox usage, Text and Enum Fields

---
 .../BlockDiagram/Property/EnumProperty.ts     |   6 +-
 .../BlockDiagram/Property/StringProperty.ts   |   6 +
 .../src/components/Containers/FocusBox.vue    |  92 ++++--
 .../src/components/Controls/ContextMenu.vue   |  11 +-
 .../Controls/ContextMenuListing.vue           | 115 +++++--
 .../Controls/Fields/DictionaryField.vue       |   4 -
 .../components/Controls/Fields/EnumField.vue  | 298 +++++++++++-------
 .../Controls/Fields/OptionsList.vue           | 242 ++++++++++++++
 .../components/Controls/Fields/TextField.vue  | 250 +++++++++++----
 .../src/components/Controls/TitleBar.vue      |  39 ++-
 .../src/components/Elements/BlockDiagram.vue  |  10 +-
 .../PageCommands/SetStringProperty.ts         |   2 +-
 12 files changed, 821 insertions(+), 254 deletions(-)
 create mode 100644 src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue

diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts
index 8f1f7218..e252f447 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts
@@ -1,4 +1,4 @@
-import { computeHash, MD5 } from "../Utilities";
+import { computeHash } from "../Utilities";
 import {
     CollectionProperty,
     EnumPropertyDescriptor,
@@ -50,14 +50,14 @@ export class EnumProperty extends Property {
         } else if(value !== undefined) {
             v = value;
         } else if(descriptor.value) {
-            v = MD5(descriptor.value)
+            v = descriptor.value
         } else {
             v = null;
         }
         // Set value
         if(v === null) {
             this.setValue(null);
-        } else if(typeof v === "string") { 
+        } else if(typeof v === "string") {
             this.setValue(v);
         } else {
             this.setValue(null);
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
index c6c134a1..899ab4da 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
@@ -12,6 +12,11 @@ export class StringProperty extends Property {
      */
     public override readonly descriptor: StringPropertyDescriptor;
 
+    /**
+     * The property's suggestions.
+     */
+    public suggestions: string[];
+
     /**
      * The property's value.
      */
@@ -34,6 +39,7 @@ export class StringProperty extends Property {
     ) {
         super(parent, descriptor);
         this.descriptor = descriptor;
+        this.suggestions = [];
         this._value = null;
         if(value === null) {
             this.setValue(null);
diff --git a/src/attack_flow_builder/src/components/Containers/FocusBox.vue b/src/attack_flow_builder/src/components/Containers/FocusBox.vue
index 9f81961f..23bcfe03 100644
--- a/src/attack_flow_builder/src/components/Containers/FocusBox.vue
+++ b/src/attack_flow_builder/src/components/Containers/FocusBox.vue
@@ -1,36 +1,92 @@
 <template>
-  <div @pointerdown="$emit('focus')" class="focus-box-container"><slot></slot></div>
+  <div class="focus-box-container" :tabindex="tabindex" @focusin="onFocusIn" @focusout="onFocusOut">
+    <slot></slot>
+  </div>
 </template>
 
 <script lang="ts">
-import { defineComponent } from 'vue';
+import { defineComponent, PropType } from 'vue';
 
 export default defineComponent({
   name: 'FocusBox',
+  props: {
+    tabindex: {
+      type: String as PropType<string>,
+      default: "-1"
+    },
+    pointerEvent: {
+      type: String as PropType<"click" | "pointerdown" | null>,
+      default: null
+    }
+  },
   data() {
     return {
-      onFocusOut: (
-        function(this: any, event: MouseEvent) {
-          // If clicked item isn't this container or a child of it, emit
-          // unfocus.
-          if (this.$el != event.target && !this.$el.contains(event.target)) {
-            this.$emit("unfocus");
-          }
+      focus: false,
+    }
+  },
+  emits: ["focusin", "focusout"],
+  methods: {
+    
+    /**
+     * Focus in behavior.
+     */
+    onFocusIn() {
+      this.focus = true;
+      this.$emit("focusin");
+    },
+
+    /**
+     * Focus out behavior.
+     * @param event
+     *  The focus event.
+     */
+    onFocusOut(event: FocusEvent) {
+      // If target is not a child of this container, unfocus.
+      if(this.focus && !this.$el.contains(event.relatedTarget)) {
+        this.focus = false;
+        this.$emit("focusout");
+      }
+    },
+
+    /**
+     * Pointer event behavior.
+     * @param event
+     *  The pointer event.
+     */
+    onPointerEvent(event: PointerEvent) {
+      // If target is a child of this container...
+      let target = event.target as HTMLElement;
+      while(this.$el !== target) {
+        // ...but has the exit flag, emit unfocus.
+        if(target.hasAttribute("exit-focus-box")) {
+          this.focus = false;
+          this.$emit("focusout");
+          // Force the container out of focus
+          this.$el.blur();
+          return;
         }
-      ).bind(this)
+        target = target.parentElement!;
+      }
     }
+
   },
-  emits: ["focus", "unfocus"],
   mounted() {
-    // Exit current event chain before binding to the pointerdown event.
-    // Otherwise, any click event that triggered mounted() will bubble up to
-    // this bound document event and cause focus to be left immediately.
-    setTimeout(() => {
-        document.body.addEventListener("pointerdown", this.onFocusOut)
-    }, 0);
+    if(this.pointerEvent) {
+      this.$el.addEventListener(this.pointerEvent, this.onPointerEvent);
+    }
   },
   unmounted() {
-    document.body.removeEventListener('pointerdown', this.onFocusOut)
+    this.$el.removeEventListener(this.pointerEvent, this.onPointerEvent);
   },
 });
 </script>
+
+<style scoped>
+
+/** === Main Container === */
+
+.focus-box-container:focus {
+  outline: none;
+}
+
+</style>
diff --git a/src/attack_flow_builder/src/components/Controls/ContextMenu.vue b/src/attack_flow_builder/src/components/Controls/ContextMenu.vue
index 71110fbd..aa4784b4 100644
--- a/src/attack_flow_builder/src/components/Controls/ContextMenu.vue
+++ b/src/attack_flow_builder/src/components/Controls/ContextMenu.vue
@@ -2,21 +2,22 @@
   <FocusBox 
     :style="offset" 
     class="context-menu-control"
-    @unfocus="$emit('unfocus')" 
+    pointerEvent="click"
+    @focusout="$emit('focusout')"
     @contextmenu.prevent=""
   >
     <ContextMenuListing 
       :sections="sections" 
-      @select="data => $emit('select', data)"
       :forceInsideWindow="false" 
+      @select="data => $emit('select', data)"
     />
   </FocusBox>
 </template>
 
 <script lang="ts">
 // Dependencies
-import { defineComponent, PropType } from 'vue';
 import { ContextMenuSection } from "@/assets/scripts/ContextMenuTypes";
+import { defineComponent, PropType } from 'vue';
 // Components
 import FocusBox from "@/components/Containers/FocusBox.vue";
 import ContextMenuListing from "./ContextMenuListing.vue";
@@ -50,7 +51,7 @@ export default defineComponent({
     }
 
   },
-  emits: ["select", "unfocus"],
+  emits: ["select", "focusout"],
   mounted() {
     // Offset menu if outside of viewport
     let viewWidth  = window.innerWidth;
@@ -59,6 +60,8 @@ export default defineComponent({
     // -1 ensures cursor is over menu and not the element beneath it
     this.xOffset = right > viewWidth ? -(this.$el.clientWidth - 1) : 0;
     this.yOffset = bottom > viewHeight ? -(this.$el.clientHeight - 1) : 0;
+    // Focus context menu
+    this.$el.focus();
   },
   components: { FocusBox, ContextMenuListing }
 });
diff --git a/src/attack_flow_builder/src/components/Controls/ContextMenuListing.vue b/src/attack_flow_builder/src/components/Controls/ContextMenuListing.vue
index 3d8e8d03..8691333e 100644
--- a/src/attack_flow_builder/src/components/Controls/ContextMenuListing.vue
+++ b/src/attack_flow_builder/src/components/Controls/ContextMenuListing.vue
@@ -6,39 +6,59 @@
       <template v-for="item of section.items" :key="item.text">
         <!-- Submenu Item -->
         <li 
-          v-if="item.type === MenuType.Submenu"
           :class="{ disabled: item.disabled }"
           @mouseenter="submenuEnter(item)"
-          @mouseleave="submenuLeave"
+          @mouseleave="submenuLeave(item)"
+          v-if="item.type === MenuType.Submenu"
         >
           <a class="item">
             <span class="text">{{ item.text }}</span>
             <span class="more-arrow"></span>
           </a>
-          <div class="submenu" v-if="item.text === focusedSubMenu">
-            <ContextMenuListing :sections="item.sections" @select="onChildItemSelect"/>
+          <div class="submenu" v-if="isActive(item)">
+            <ContextMenuListing 
+              :root="false"
+              :sections="item.sections"
+              @_select="onChildItemSelect"
+            />
           </div>
         </li>
         <!-- Regular Item -->
-        <li v-else :class="{ disabled: item.disabled }" @click="onItemClick(item)">
-          <a class="item" :href="item.disabled ? null : item.link" target="_blank">
-            <span class="check" v-show="item.value">✓</span>
-            <span class="text">{{ item.text }}</span>
-            <span v-if="item.shortcut" class="shortcut">
-                {{ formatShortcut(item.shortcut) }}
+        <li 
+          :class="{ disabled: item.disabled }"
+          :exit-focus-box="!item.keepMenuOpenOnSelect"
+          @click="onItemClick(item)"
+          v-else
+        >
+          <a 
+            class="item"
+            :href="item.disabled ? null : item.link"
+            target="_blank"
+          >
+            <span class="check" v-show="item.value">
+              ✓
+            </span>
+            <span class="text">
+              {{ item.text }}
+            </span>
+            <span class="shortcut" v-if="item.shortcut">
+              {{ formatShortcut(item.shortcut) }}
             </span>
           </a>
         </li>
       </template>
       <!-- Section Divider -->
-      <a v-if="i < sections.length - 1" class="section-divider"></a>
+      <a class="section-divider" v-if="i < sections.length - 1"></a>
     </div>
   </div>
 </template>
 
 <script lang="ts">
 import { defineComponent, PropType } from 'vue';
-import { ContextMenu, ContextMenuItem, ContextMenuSection, MenuType } from "@/assets/scripts/ContextMenuTypes";
+import { 
+  ContextMenu, ContextMenuItem, 
+  ContextMenuSection, MenuType
+} from "@/assets/scripts/ContextMenuTypes";
 
 const KeyToText: { [key: string]: string } = {
   Control    : "Ctrl",
@@ -53,6 +73,10 @@ const KeyToText: { [key: string]: string } = {
 export default defineComponent({
   name: 'ContextMenuListing',
   props: {
+    root: {
+      type: Boolean,
+      default: true,
+    },
     sections: {
       type: Array as PropType<ContextMenuSection[]>,
       required: true
@@ -66,9 +90,9 @@ export default defineComponent({
     return {
       xOffset: 0,
       yOffset: 0,
+      activeSubMenu: null as string | null,
       leaveTimeout: 500,
       leaveTimeoutId: 0,
-      focusedSubMenu: null as string | null,
       MenuType
     }
   },
@@ -87,27 +111,43 @@ export default defineComponent({
     }
 
   },
+  emits: ["select", "_select"],
   methods: {
     
+    /**
+     * Tests is a submenu is active.
+     * @param menu
+     *  The context submenu.
+     * @returns
+     *  True if the submenu is active, false otherwise.
+     */
+    isActive(menu: ContextMenu) {
+      return menu.text === this.activeSubMenu;
+    },
+
     /**
      * Submenu mouse enter behavior.
-     * @param item
-     *  The hovered submenu item.
+     * @param menu
+     *  The hovered submenu.
      */
-    submenuEnter(item: ContextMenu) {
-      clearTimeout(this.leaveTimeoutId);
-      if(!item.disabled) {
-        this.focusedSubMenu = item.text;
+    submenuEnter(menu: ContextMenu) {
+      if(!menu.disabled) {
+        clearTimeout(this.leaveTimeoutId);
+        this.activeSubMenu = menu.text;
       }
     },
 
     /**
      * Submenu mouse leave behavior.
+     * @param menu
+     *  The unhovered submenu.
      */
-    submenuLeave() {
-      this.leaveTimeoutId = setTimeout(() => {
-        this.focusedSubMenu = null;
-      }, this.leaveTimeout)
+    submenuLeave(menu: ContextMenu) {
+      if(!menu.disabled) {
+        this.leaveTimeoutId = setTimeout(() => {
+          this.activeSubMenu = null;
+        }, this.leaveTimeout)
+      }
     },
 
     /**
@@ -116,22 +156,28 @@ export default defineComponent({
      *  The selected menu item.
      */
     onItemClick(item: ContextMenuItem) {
-      if(item.disabled)
-        return;
-      this.$emit("select", item.data, !item.keepMenuOpenOnSelect);
+      if(!item.disabled) {
+        if(this.root) {
+          this.$emit("select", item.data);
+        } else {
+          this.$emit("_select", item);
+        }
+      }
     },
 
     /**
      * Submenu item selection behavior.
-     * @param data
-     *  The menu item's data.
-     * @param closeSubmenu
-     *  If the active submenu should close.
+     * @param item
+     *  The selected menu item.
      */
-    onChildItemSelect(data: any, closeSubmenu: boolean) {
-      this.$emit("select", data, closeSubmenu);
-      if(closeSubmenu) {
-        this.focusedSubMenu = null;
+    onChildItemSelect(item: ContextMenuItem) {
+      if(this.root) {
+        this.$emit("select", item.data);
+      } else {
+        this.$emit("_select", item);
+      }
+      if(!item.keepMenuOpenOnSelect) {
+        this.activeSubMenu = null;
       }
     },
 
@@ -154,7 +200,6 @@ export default defineComponent({
     }
 
   },
-  emits: ["select"],
   mounted() {
     if(!this.forceInsideWindow) return;
     // Offset submenu if outside of viewport
diff --git a/src/attack_flow_builder/src/components/Controls/Fields/DictionaryField.vue b/src/attack_flow_builder/src/components/Controls/Fields/DictionaryField.vue
index a381b04e..7a3888f0 100644
--- a/src/attack_flow_builder/src/components/Controls/Fields/DictionaryField.vue
+++ b/src/attack_flow_builder/src/components/Controls/Fields/DictionaryField.vue
@@ -79,10 +79,6 @@ export default defineComponent({
 
 /** === Main Field === */
 
-.dictionary-field-control {
-  overflow: hidden;
-}
-
 .dictionary-header-container {
   display: flex;
 }
diff --git a/src/attack_flow_builder/src/components/Controls/Fields/EnumField.vue b/src/attack_flow_builder/src/components/Controls/Fields/EnumField.vue
index 09486f18..075f7418 100644
--- a/src/attack_flow_builder/src/components/Controls/Fields/EnumField.vue
+++ b/src/attack_flow_builder/src/components/Controls/Fields/EnumField.vue
@@ -1,51 +1,58 @@
 <template>
   <FocusBox
-    :class="['enum-field-control', { disabled, open: showMenu }]"
-    @focus="openMenu"
-    @unfocus="closeMenu"
+    :class="['enum-field-control', { disabled }]"
+    :tabindex="tabIndex"
+    pointerEvent="click"
+    @focusin="onFocusIn"
+    @focusout="onFocusOut"
   >
-    <div class="grid-container">
-      <!-- Value Text -->
-      <div class="value-container">
-        <div :class="['value-text', { 'is-null': isNull }]">
-          {{ _property.toString() }}
-        </div>
-        <div class="dropdown-arrow" v-if="!disabled">▼</div>
+    <div class="options-container">
+      <OptionsList 
+        class="options-list"
+        :select="select"
+        :options="options"
+        :maxHeight="maxHeight"
+        @select="updateProperty"
+        v-if="showMenu"
+      />
+    </div>
+    <div class="value-container">
+      <div 
+        :class="['value-text', { 'is-null': isNull }]"
+        v-show="!showSearch"
+      >
+        {{ selectText }}
       </div>
-      <!-- Dropdown Options -->
-      <ScrollBox :propagateScroll="false" :style="style" v-if="showMenu">
-        <ul class="dropdown-options">
-          <li 
-            :class="[{ active: hovered === 'null' }, 'null']"
-            @mouseenter="hovered = 'null'"
-            @click.stop="updateProperty(null)"
-          >
-            Null
-          </li>
-          <li 
-            v-for="[k, v] in options" :key="k"
-            :class="{ active: hovered === k }"
-            @mouseenter="hovered = k"
-            @click.stop="updateProperty(k)"
-          >
-            {{ v.toString() }}
-          </li>
-        </ul>
-      </ScrollBox>
+      <input 
+          type="text" 
+          ref="search"
+          class="value-search"
+          placeholder="Search"
+          @input="onSearchInput"
+          @keyup.stop=""
+          @keydown.stop="onSearchKeyDown"
+          v-model="searchTerm"
+          v-show="showSearch"
+        />
+      <div class="dropdown-arrow" v-if="!disabled">▼</div>
     </div>
   </FocusBox>
 </template>
 
 <script lang="ts">
+
 // Dependencies
-import { EnumProperty, Property } from "@/assets/scripts/BlockDiagram";
-import { defineComponent, PropType } from "vue";
+import { EnumProperty } from "@/assets/scripts/BlockDiagram";
+import { defineComponent, PropType, ref } from "vue";
 // Components
 import FocusBox from "@/components/Containers/FocusBox.vue";
-import ScrollBox from "@/components/Containers/ScrollBox.vue";
+import OptionsList from "./OptionsList.vue";
 
 export default defineComponent({
   name: "EnumField",
+  setup() {
+    return { search: ref<HTMLElement | null>(null) };
+  },
   props: {
     property: {
       type: Object as PropType<EnumProperty>,
@@ -53,13 +60,15 @@ export default defineComponent({
     },
     maxHeight: {
       type: Number,
-      default: 200
+      default: 300
     }
   },
   data() {
     return {
-      hovered: "",
-      showMenu: false
+      select: this.property.toRawValue(),
+      showMenu: false,
+      showSearch: false,
+      searchTerm: ""
     }
   },
   computed: {
@@ -74,6 +83,15 @@ export default defineComponent({
       return trigger ? this.property : this.property; 
     },
 
+    /**
+     * Returns the field's tab index.
+     * @returns
+     *  The field's tab index.
+     */
+    tabIndex(): null | "0" {
+      return this.disabled ? null: "0";
+    },
+
     /**
      * Tests if the property is disabled.
      * @returns
@@ -84,21 +102,46 @@ export default defineComponent({
     },
 
     /**
-     * Returns the property's set of options.
+     * Tests if the null option is selected.
      * @returns
-     *  The property's set of options.
+     *  True if the null option is selected, false otherwise.
      */
-    options(): Map<string, Property> {
-      return this._property.options.value;
+    isNull(): boolean {
+      return this._property.toRawValue() === null;
+    },
+    
+    /**
+     * Returns the enum's options.
+     * @returns
+     *  The enum's options.
+     */
+    options(): { value: string | null, text: string }[] {
+      let options: { value: string | null, text: string }[] = [];
+      if(this.searchTerm === "") {
+        options.push({ value: null, text: "Null" });
+      }
+      let st = this.searchTerm.toLocaleLowerCase();
+      for(let [value, prop] of this._property.options.value) {
+        let text = prop.toString();
+        if(st === "" || text.toLocaleLowerCase().includes(st)) {
+          options.push({ value, text });
+        }
+      }
+      return options;
     },
 
     /**
-     * Tests if the property's value is null.
+     * Returns the enum's current selection text.
      * @returns
-     *  True if the property's value is null, false otherwise.
+     *  The enum's current selection text.
      */
-    isNull(): boolean {
-      return this._property.toRawValue() === null;
+    selectText(): string {
+      if(this.select !== null) {
+        let prop = this._property.options.value.get(this.select)!;
+        return prop.toString();
+      } else {
+        return "Null";
+      }
     },
 
     /**
@@ -111,28 +154,89 @@ export default defineComponent({
     }
 
   },
+  emits: ["change"],
   methods: {
-    
+
     /**
-     * Opens the options menu.
+     * Field focus in behavior.
      */
-    openMenu() {
-      if(this.disabled) {
-        return;
-      }
-      this.showMenu = true;      
+    onFocusIn() {
+      // Open menu
+      this.showMenu = true;
+      // Show search
+      this.showSearch = true;
+      // Focus search
+      setTimeout(() => {
+        this.search?.focus();
+      }, 0);
     },
 
     /**
-     * Closes the options menu.
+     * Field focus out behavior.
      */
-    closeMenu() {
+    onFocusOut() {
       // Close menu
       this.showMenu = false;
+      // Hide search
+      this.showSearch = false;
+      this.searchTerm = "";
       // Refresh value
       this.refreshValue();
     },
 
+    /**
+     * Search field input behavior.
+     */
+    onSearchInput() {
+      this.select = null;
+      if(this.searchTerm === "") {
+        this.select = this._property.toRawValue();
+        return;
+      }
+      let st = this.searchTerm.toLocaleLowerCase();
+      for(let [value, prop] of this._property.options.value) {
+        let text = prop.toString();
+        if(text.toLocaleLowerCase().includes(st)) {
+          this.select = value;
+          return;
+        }
+      }
+    },
+
+    /**
+     * Search field keydown behavior.
+     * @param event
+     *  The keydown event.
+     */
+    onSearchKeyDown(event: KeyboardEvent) {
+      let field = event.target as HTMLInputElement;
+      if(field.selectionStart !== field.selectionEnd) {
+        return;
+      }
+      let idx;
+      let options = this.options;
+      switch(event.key) {
+        case "ArrowUp":
+          idx = options.findIndex(o => o.value === this.select);
+          if(0 < idx) {
+            this.select = options[idx - 1].value;
+          }
+          break;
+        case "ArrowDown":
+          idx = options.findIndex(o => o.value === this.select);
+          if(idx < options.length - 1) {
+            this.select = options[idx + 1].value;
+          }
+          break;
+        case "Tab":
+        case "Enter":
+          this.updateProperty(this.select);
+          // Force search field out of focus
+          this.search!.blur();
+          break;
+      }
+    },
+
     /**
      * Updates the field's property value.
      * @param value
@@ -146,28 +250,27 @@ export default defineComponent({
         // Refresh value
         this.refreshValue();
       }
-      // Close menu
-      this.showMenu = false;
     },
 
     /**
      * Updates the field's text value.
      */
     refreshValue() {
-      this.hovered = this._property.toRawValue() ?? "null"
+      this.select = this._property.toRawValue()
     }
     
   },
-  emits: ["change"],
   watch: {
     "_property.trigger.value"() {
+      // Refresh value
       this.refreshValue();
     }
   },
   mounted() {
+    // Update field property value
     this.refreshValue();
   },
-  components: { FocusBox, ScrollBox }
+  components: { FocusBox, OptionsList }
 });
 </script>
 
@@ -176,33 +279,21 @@ export default defineComponent({
 /** === Main Field === */
 
 .enum-field-control {
-  display: flex;
-  align-items: center;
-  color: #cccccc;
-}
-
-.enum-field-control.open {
-  border: solid 1px #3d3d3d;
-}
-
-.grid-container {
   display: grid;
   grid-template-columns: minmax(0, 1fr);
-  grid-template-rows: minmax(0, 1fr) minmax(0, auto);
-  width: 100%;
+  grid-template-rows: minmax(0, 1fr);
+  color: #cccccc;
+  box-sizing: border-box;
+  cursor: pointer;
 }
 
 /** === Value Text === */
 
 .value-container {
+  position: relative;
   grid-area: 1 / 1;
   display: flex;
   align-items: center;
-  cursor: pointer;
-}
-
-.disabled .value-container {
-  cursor: inherit;
 }
 
 .value-text {
@@ -223,6 +314,29 @@ export default defineComponent({
   font-weight: 500;
 }
 
+.value-search {
+  flex: 1;
+  height: 100%;
+  min-width: 0px;
+  color: inherit;
+  font-size: inherit;
+  font-weight: inherit;
+  font-family: inherit;
+  padding: 6px 8px 6px 12px;
+  border: none;
+  box-sizing: border-box;
+  background: none;
+}
+
+.value-search::placeholder {
+  color: #999;
+  opacity: 1;
+}
+
+.value-search:focus {
+  outline: none;
+}
+
 .dropdown-arrow {
   color: #666666;
   font-size: 6pt;
@@ -235,37 +349,9 @@ export default defineComponent({
 
 /** === Dropdown Options === */
 
-.scrollbox-container {
-  grid-area: 2 / 1;
-  border-top: dotted 1px #3d3d3d;;
-  border-bottom-left-radius: 4px;
-  border-bottom-right-radius: 4px;
-  box-sizing: border-box;
-  background: #242424;
-}
-
-.dropdown-options {
-  padding: 6px 5px;
-}
-
-.dropdown-options li {
-  list-style: none;
-  font-size: 10pt;
-  user-select: none;
-  white-space: nowrap;
-  text-overflow: ellipsis;
-  padding: 5px 12px;
-  overflow: hidden;
-}
-
-.dropdown-options li.active,
-.dropdown-options li.active.null {
-  color: #fff;
-  background: #726de2;
-}
-
-.dropdown-options li.null {
-  color: #999;
+.options-container {
+  position: relative;
+  grid-area: 1 / 1;
 }
 
 </style>
diff --git a/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue b/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue
new file mode 100644
index 00000000..7394354a
--- /dev/null
+++ b/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue
@@ -0,0 +1,242 @@
+<template>
+  <div :class="['options-list-field-control', { flip }]">
+    <ScrollBox :top="scrollTop" :style="style" :propagateScroll="false">
+      <ul class="options" v-if="hasOptions">
+        <li 
+          ref="items"
+          v-for="option in options"
+          :key="option.value"
+          :list-id="option.value"
+          :class="{ active: isActive(option), null: isNull(option) }"
+          @click="$emit('select', option.value)"
+          @mouseenter="active = option.value"
+          exit-focus-box
+        >
+          {{ option.text }}
+        </li>
+      </ul>
+      <div class="no-options" v-if="!hasOptions">
+        No matches
+      </div> 
+    </ScrollBox>
+  </div>
+</template>
+
+<script lang="ts">
+// Dependencies
+import { defineComponent, PropType, ref } from "vue";
+// Components
+import ScrollBox from "@/components/Containers/ScrollBox.vue";
+
+export default defineComponent({
+  name: "EnumField",
+  props: {
+    maxHeight: {
+      type: Number,
+      required: true
+    },
+    options: {
+      type: Array as PropType<{ value: string | null, text: string }[]>,
+      required: true
+    },
+    select: {
+      type: String
+    },
+    align: {
+      type: Number
+    },
+  },
+  data() {
+    return {
+      flip: false,
+      active: this.select,
+      scrollTop: 0
+    }
+  },
+  computed: {
+
+    /**
+     * Returns the option list's style.
+     * @returns
+     *  The option list's style.
+     */
+    style(): { maxHeight: string } {
+      return { maxHeight: `${ this.maxHeight }px` };
+    },
+
+    /**
+     * Tests if there are any options available.
+     * @returns
+     *  True if there are options available, false otherwise.
+     */
+    hasOptions() {
+      return 0 < this.options.length;
+    }
+
+  },
+  emits: ["select"],
+  methods: {
+
+    /**
+     * Tests if an option is the null option.
+     * @returns
+     *  True if the options is the null option, false otherwise.
+     */
+    isNull(option: { value: string | null, text: string }) {
+      return option.value === null
+    },
+
+    /**
+     * Tests if an option is active.
+     * @returns
+     *  True if the option is active, false otherwise.
+     */
+    isActive(option: { value: string | null, text: string }) {
+      return this.active === option.value;
+    },
+
+    /**
+     * Moves the focus to the currently active item.
+     */
+    focusActive() {
+      // Resolve active item
+      let item: HTMLElement | undefined;
+      for(let el of this.$refs.items as HTMLElement[]) {
+        if(this.select === el.getAttribute("list-id")) {
+          item = el as HTMLElement;
+          break;
+        }
+      }
+      // Update scroll position
+      if(item) {
+        // -6px for the <ul>'s padding
+        this.scrollTop = item.offsetTop - 6;
+      }
+    }
+
+  },
+  watch: {
+    // On select change
+    select() {
+      // Update active item
+      this.active = this.select;
+      // Focus the active item
+      this.focusActive();
+    },
+    // On options change
+    options() {
+      // Focus the active item
+      this.$nextTick(() => {
+        this.focusActive();
+      });
+    }
+  },
+  mounted() {
+
+    /**
+     * Developer's Note:
+     * If an <OptionsList> does not extend past the bottom of the document's
+     * body or it's parent <ScrollBox>, it's deemed visible. These checks do
+     * not account for any other scroll constructs and do not account for
+     * nested <ScrollBox>'s. 
+     */
+    
+    // Resolve parent
+    let sc = "scroll-content";
+    let ele = this.$el;
+    let par = this.$el.parentElement;
+    let body = document.body;
+    while(par !== body && !par.classList.contains(sc)) {
+      par = par.parentElement;
+    }
+    // Resolve overlap
+    let { bottom: b1 } = par.getBoundingClientRect();
+    let { bottom: b2 } = ele.getBoundingClientRect();
+    if(b1 < b2) {
+      this.flip = true;
+    } else {
+      this.flip = false;
+    }
+    // Focus the active item
+    this.focusActive();
+  },
+  components: { ScrollBox }
+});
+</script>
+
+<style scoped>
+
+/** === Main Field === */
+
+.options-list-field-control {
+  position: absolute;
+  width: 100%;
+  border: solid 1px #3d3d3d;
+  border-radius: 4px;
+  box-sizing: border-box;
+  background: #242424;
+  z-index: 1;
+}
+
+.options-list-field-control:not(.flip) {
+  top: calc(100% + 3px);
+}
+
+.options-list-field-control.flip {
+  bottom: calc(100% + 3px);
+}
+
+/** === Scrollbox === */
+
+.scrollbox-container {
+  border-radius: 4px;
+}
+
+.options-list-field-control:not(.flip) .scrollbox-container {
+  box-shadow: 0px 5px 5px -2px rgb(0 0 0 / 20%);
+}
+
+.options-list-field-control.flip .scrollbox-container {
+  box-shadow: 0px -5px 5px -2px rgb(0 0 0 / 20%);
+}
+
+/** === Options List === */
+
+.options {
+  position: relative;
+  padding: 6px 5px;
+}
+
+.options li {
+  list-style: none;
+  font-size: 10pt;
+  user-select: none;
+  white-space: nowrap;
+  text-overflow: ellipsis;
+  padding: 5px 12px;
+  overflow: hidden;
+}
+
+.options li.active,
+.options li.active.null {
+  color: #fff;
+  background: #726de2;
+}
+
+.options li.null {
+  color: #999;
+}
+
+.no-options {
+  color: #999;
+  user-select: none;
+  padding: 8px 12px;
+}
+
+/** === Scroll Box === */
+
+.options-list-field-control:deep(.scroll-bar) {
+  border-left: dotted 1px #3b3b3b;  
+}
+
+</style>
diff --git a/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue b/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue
index 8364248b..5ed12767 100644
--- a/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue
+++ b/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue
@@ -1,21 +1,43 @@
 <template>
-  <div :class="['text-field-control', { disabled }]" :tabindex="tabIndex" @focus="onFocus()">
-    <textarea
-      v-model="value"
-      ref="field"
-      placeholder="Null"
-      @input="onInput"
-      @keyup.stop=""
-      @keydown.stop=""
-      @blur="onBlur"
-      :disabled="disabled"
-    ></textarea>
-  </div>
+  <FocusBox
+    :class="['text-field-control', { disabled }]"
+    :tabindex="tabIndex"
+    pointerEvent="click"
+    @focusin="onFocusIn"
+    @focusout="onFocusOut"
+  >
+    <div class="options-container">
+      <OptionsList 
+        class="options-list"
+        :select="select"
+        :options="suggestions"
+        :maxHeight="maxHeight"
+        @select="updatePropertyFromSuggestion"
+        v-if="select !== null"
+      />
+    </div>
+    <div class="value">
+      <textarea
+        v-model="value"
+        ref="field"
+        placeholder="Null"
+        @input="onInput"
+        @keyup.stop=""
+        @keydown.stop="onKeyDown"
+        :disabled="disabled"
+      ></textarea>
+    </div>
+  </FocusBox>
 </template>
 
 <script lang="ts">
-import { StringProperty } from "@/assets/scripts/BlockDiagram";
+
+// Dependencies
+import { MD5, StringProperty } from "@/assets/scripts/BlockDiagram";
 import { defineComponent, markRaw, PropType, ref } from "vue";
+// Components
+import FocusBox from "@/components/Containers/FocusBox.vue";
+import OptionsList from "./OptionsList.vue";
 
 export default defineComponent({
   name: "TextField",
@@ -27,21 +49,21 @@ export default defineComponent({
       type: Object as PropType<StringProperty>,
       required: true
     },
-    updateTimeout: {
+    maxHeight: {
       type: Number,
       default: 300
     }
   },
   data() {
     return {
-      sto: 0,
       value: "",
+      select: null as string | null,
       activeProperty: markRaw(this.property),
       onResizeObserver: null as ResizeObserver | null
     }
   },
   computed: {
-
+    
     /**
      * A reactive version of the property.
      * @returns
@@ -68,55 +90,158 @@ export default defineComponent({
      */
     disabled(): boolean {
       return !(this._property.descriptor.is_editable ?? true);
+    },
+
+    /**
+     * Returns the field's suggestions.
+     * @returns
+     *  The field's suggestions.
+     */
+    suggestions(): { value: string, text: string }[] {
+      let suggestions = [];
+      let v = this.value.toLocaleLowerCase();
+      for(let i = 0; i < this._property.suggestions.length; i++) {
+        let text = this._property.suggestions[i];
+        if(text.toLocaleLowerCase().includes(v)) {
+          suggestions.push({ value: MD5(text), text });
+        }
+      }
+      return suggestions;
     }
 
   },
+  emits: ["change"],
   methods: {
     
     /**
-     * Field focus behavior.
+     * Field focus in behavior.
      */
-    onFocus() {
-      // Set focus
-      this.$nextTick(() => {
-        this.field!.focus();
-      });
+    onFocusIn() {
+      // Focus field
+      this.field!.focus();
+      // Prompt suggestions
+      if(this.value === "") {
+        this.promptSuggestions();
+      }
+    },
+
+    /**
+     * Field focus out behavior.
+     */
+    onFocusOut() {
+      // Stop suggestions
+      this.stopSuggestions();
     },
 
     /**
      * Field input behavior.
      */
     onInput() {
-      // Clear timeout
-      clearTimeout(this.sto);
-      // Configure timeout
-      this.sto = setTimeout(() => {
-        this.updateProperty();
-      }, this.updateTimeout);
-      // Update height
-      this.$nextTick(() => {
-        this.refreshHeight();
-      });
+      this.updateProperty(this.value);
+      this.promptSuggestions();
     },
 
     /**
-     * Field blur behavior.
+     * Field keydown behavior.
+     * @param event
+     *  The keydown event.
      */
-    onBlur() {
-      // Clear timeout
-      clearTimeout(this.sto);
-      // Update property
-      this.updateProperty();
+    onKeyDown(event: KeyboardEvent) {
+      let field = event.target as HTMLInputElement;
+      if(field.selectionStart !== field.selectionEnd) {
+        return;
+      }
+      let s = this.suggestions;
+      let idx = s.findIndex(o => o.value === this.select);
+      let canAcceptSuggestion;
+      switch(event.key) {
+        case "ArrowUp":
+          if(0 < idx) {
+            this.select = s[idx - 1].value;
+          }
+          if(this.select !== null) {
+            event.preventDefault();
+          }
+          break;
+        case "ArrowDown":
+          if(idx < s.length - 1) {
+            this.select = s[idx + 1].value;
+          }
+          if(this.select !== null) {
+            event.preventDefault();
+          }
+          break;
+        case "Tab":
+          canAcceptSuggestion = idx !== -1;
+          canAcceptSuggestion &&= this.value !== "";
+          canAcceptSuggestion &&= this.value !== s[idx].text;
+          if(canAcceptSuggestion) {
+            this.updatePropertyFromSuggestion(s[idx].value);
+            this.stopSuggestions();
+            event.preventDefault();
+          }
+          break;
+        case "Enter":
+          canAcceptSuggestion = idx !== -1;
+          canAcceptSuggestion &&= this.value !== s[idx].text;
+          if(canAcceptSuggestion) {
+            this.updatePropertyFromSuggestion(s[idx].value);
+            this.stopSuggestions();
+            event.preventDefault();
+          }
+          break;
+      }
+    },
+
+    /**
+     * Prompts zero or more suggestions.
+     */
+    promptSuggestions() {
+      let isExactTextMatch = this.value === this.suggestions[0]?.text;
+      let isSingleSuggestion = this.suggestions.length === 1;
+      if(isExactTextMatch && isSingleSuggestion) {
+        this.select = null;
+        return;
+      }
+      this.select = null;
+      let v = this.value.toLocaleLowerCase();
+      for(let s of this.suggestions) {
+        if(s.text.toLocaleLowerCase().includes(v)) {
+          this.select = s.value;
+          return;
+        }
+      }
+    },
+
+    /**
+     * Stops the suggestion prompt.
+     */
+    stopSuggestions() {
+      this.select = null;
+    },
+
+    /**
+     * Updates the field's property value from a suggestion.
+     * @param hash
+     *  The suggestion's hash.
+     */
+    updatePropertyFromSuggestion(hash: string) {
+      let suggestion = this.suggestions.find(o => o.value === hash);
+      if(suggestion) {
+        this.updateProperty(suggestion.text);
+      }
     },
 
     /**
      * Updates the field's property value.
+     * @param value
+     *  The property's new value.
      */
-    updateProperty() {
-      let value = this.value || null;
-      if(this._property.toRawValue() !== value) {
+    updateProperty(value: string) {
+      let v = value || null;
+      if(this._property.toRawValue() !== v) {
         // Update property
-        this.$emit("change", this._property, value);
+        this.$emit("change", this._property, v);
       } else {
         // Refresh value
         this.refreshValue();
@@ -128,7 +253,7 @@ export default defineComponent({
      */
     refreshValue() {
       // Update value
-      this.value = this._property.toRawValue() ?? "";
+      this.value = this.property.toRawValue() ?? "";
       // Update height
       this.$nextTick(() => {
         this.refreshHeight();
@@ -149,11 +274,8 @@ export default defineComponent({
     }
 
   },
-  emits: ["change"],
   watch: {
     "property"() {
-        // Update existing property before switching
-        this.updateProperty();
         // Switch property
         this.activeProperty = markRaw(this.property);
         // Refresh value
@@ -165,7 +287,9 @@ export default defineComponent({
   },
   mounted() {
     // Configure resize observer
-    this.onResizeObserver = new ResizeObserver(() => this.refreshHeight());
+    this.onResizeObserver = new ResizeObserver(() => {
+      this.refreshHeight()
+    });
     this.onResizeObserver.observe(this.field!);
     // Update field property value
     this.refreshValue();
@@ -173,9 +297,8 @@ export default defineComponent({
   unmounted() {
     // Disconnect resize observer
     this.onResizeObserver!.disconnect();
-    // Update property
-    this.updateProperty();
-  }
+  },
+  components: { FocusBox, OptionsList }
 });
 </script>
 
@@ -184,27 +307,31 @@ export default defineComponent({
 /** === Main Field === */
 
 .text-field-control {
-  display: flex;
-  align-items: center;
+  display: grid;
+  grid-template-columns: minmax(0, 1fr);
+  grid-template-rows: minmax(0, 1fr);
   color: #cccccc;
-  cursor: text;
-  overflow: hidden;
-}
-
-.text-field-control.disabled {
-  cursor: inherit;
+  box-sizing: border-box;
 }
 
 .text-field-control:focus {
   outline: none;
 }
 
+.value {
+  position: relative;
+  display: flex;
+  grid-area: 1 / 1;
+  cursor:text
+}
+
 textarea {
   display: block;
+  width: 100%;
   color: inherit;
   font-size: inherit;
+  font-weight: inherit;
   font-family: inherit;
-  width: 100%;
   margin: 6px 12px;
   border: none;
   padding: 0px;
@@ -222,4 +349,9 @@ textarea:focus {
   outline: none;
 }
 
+.options-container {
+  position: relative;
+  grid-area: 1 / 1;
+}
+
 </style>
diff --git a/src/attack_flow_builder/src/components/Controls/TitleBar.vue b/src/attack_flow_builder/src/components/Controls/TitleBar.vue
index b6e71d79..c462da9c 100644
--- a/src/attack_flow_builder/src/components/Controls/TitleBar.vue
+++ b/src/attack_flow_builder/src/components/Controls/TitleBar.vue
@@ -1,21 +1,21 @@
 <template>
-  <FocusBox class="title-bar-control" @unfocus="menuClose">
+  <FocusBox class="title-bar-control" pointerEvent="click" @focusout="menuClose">
     <li class="icon">
       <slot name="icon"></slot>
     </li>
     <li 
-      v-for="menu of menus" :key="menu.text"
-      :class="{ focused: menu.text === focusedMenu }"
-      @mouseenter="menuEnter(menu.text)"
+      v-for="menu of menus"
+      :key="menu.text"
+      :class="{ active: isActive(menu) }"
       @click="menuOpen(menu.text)"
+      @mouseenter="menuEnter(menu.text)"
     >
       <p>{{ menu.text }}</p>
       <ContextMenuListing 
         class="menu-listing"
-        v-if="menu.text === focusedMenu"
         :sections="menu.sections"
         @select="menuSelect"
-        @click.stop
+        v-if="isActive(menu)"
       />
     </li>
   </FocusBox> 
@@ -39,11 +39,22 @@ export default defineComponent({
   },
   data() {
     return {
-      focusedMenu: null as string | null
+      activeMenu: null as string | null
     }
   },
   emits: ["select"],
   methods: {
+
+    /**
+     * Tests if a menu is currently active.
+     * @param menu
+     *  The context menu.
+     * @returns
+     *  True if the menu is active, false otherwise.
+     */
+    isActive(menu: ContextMenu): boolean {
+      return menu.text === this.activeMenu;
+    },
     
     /**
      * Menu selection behavior.
@@ -51,7 +62,7 @@ export default defineComponent({
      *  The id of the selected menu.
      */
     menuOpen(id: string) {
-      this.focusedMenu = id;
+      this.activeMenu = id;
     },
 
     /**
@@ -60,29 +71,25 @@ export default defineComponent({
      *  The id of the hovered menu.
      */
     menuEnter(id: string) {
-      if(this.focusedMenu === null)
+      if(this.activeMenu === null)
         return;
-      this.focusedMenu = id;
+      this.activeMenu = id;
     },
 
     /**
      * Menu close behavior.
      */
     menuClose() {
-      this.focusedMenu = null;
+      this.activeMenu = null;
     },
 
     /**
      * Menu item selection behavior.
      * @param data
      *  The menu item's data.
-     * @param closeSubmenu
-     *  If the active menu should close.
-
      */
-    menuSelect(data: any, closeMenu: boolean) {
+    menuSelect(data: any) {
       this.$emit("select", data);
-      if(closeMenu) this.focusedMenu = null;
     }
 
   },
diff --git a/src/attack_flow_builder/src/components/Elements/BlockDiagram.vue b/src/attack_flow_builder/src/components/Elements/BlockDiagram.vue
index a4a1e541..7e5b5e96 100644
--- a/src/attack_flow_builder/src/components/Elements/BlockDiagram.vue
+++ b/src/attack_flow_builder/src/components/Elements/BlockDiagram.vue
@@ -6,7 +6,7 @@
       :style="menuStyle"
       :sections="menuOptions"
       @select="onItemSelect"
-      @unfocus="closeContextMenu"
+      @focusout="closeContextMenu"
     />
   </div>
 </template>
@@ -20,10 +20,7 @@ import { CommandEmitter } from "@/store/Commands/Command";
 import { defineComponent, inject, markRaw } from 'vue';
 import { mapGetters, mapMutations, mapState } from "vuex";
 import {
-  ContextMenu as Menu,
-  ContextMenuSection,
-  ContextMenuSubmenu,
-  MenuType
+  ContextMenuSection
 } from "@/assets/scripts/ContextMenuTypes";
 import { 
   BlockDiagram,CameraLocation,Cursor,
@@ -33,8 +30,6 @@ import {
   DiagramLineModel,
   DiagramObjectModel,
   MouseClick,
-  Namespace,
-  titleCase
 } from "@/assets/scripts/BlockDiagram";
 // Components
 import ContextMenu from "@/components/Controls/ContextMenu.vue";
@@ -188,7 +183,6 @@ export default defineComponent({
       } catch(ex: any) {
         console.error(ex);
       }
-      this.closeContextMenu();
     },
 
     /**
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts
index 7475a79e..8cb9ff17 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts
@@ -26,7 +26,7 @@ export class SetStringProperty extends PageCommand {
      * @param value
      *  The property's new value.
      */
-    constructor(property: StringProperty, value: string) {
+    constructor(property: StringProperty, value: string | null) {
         let root = property.root;
         if(!root) {
             throw new Error("Property does not have a root.")

From 3bf9ebaf10bfc9080d0b9a915bcf7031518c3cef Mon Sep 17 00:00:00 2001
From: Michael Carenzo <mcarenzo@mitre.org>
Date: Tue, 1 Aug 2023 18:09:01 -0400
Subject: [PATCH 02/18] Add support for StringProperty text suggestions.

---
 .../BlockDiagram/Property/PropertyDescriptorTypes.ts        | 6 +++++-
 .../assets/scripts/BlockDiagram/Property/StringProperty.ts  | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/PropertyDescriptorTypes.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/PropertyDescriptorTypes.ts
index e97c933e..2d0adf8e 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/PropertyDescriptorTypes.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/PropertyDescriptorTypes.ts
@@ -13,6 +13,10 @@ type ValueDescriptorBase<K extends ValueTypes> = {
     is_required? : boolean,
 }
 
+type StringValueDescriptor = ValueDescriptorBase<PropertyType.String> & {
+    suggestions?: string[]
+}
+
 type IntValueDescriptor = ValueDescriptorBase<PropertyType.Int> & {
     min?: number,
     max?: number
@@ -71,7 +75,7 @@ export type PropertyDescriptor
     | DictionaryPropertyDescriptor
 
 export type StringPropertyDescriptor
-    = ValueDescriptorBase<PropertyType.String>;
+    = StringValueDescriptor;
 
 export type NumberPropertyDescriptor
     = IntValueDescriptor
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
index 899ab4da..82174963 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
@@ -39,7 +39,7 @@ export class StringProperty extends Property {
     ) {
         super(parent, descriptor);
         this.descriptor = descriptor;
-        this.suggestions = [];
+        this.suggestions = descriptor.suggestions ?? [];
         this._value = null;
         if(value === null) {
             this.setValue(null);

From d4d63c2ccc58534e46aad7c3955010eb5d9fa5fc Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 3 Aug 2023 13:42:04 -0400
Subject: [PATCH 03/18] create intel file

---
 .../attack/download_attack.js                 |  160 +
 .../attack/update_attack_intel.js             |   70 +
 src/attack_flow_builder/package.json          |   64 +-
 .../src/assets/builder.config.intel.ts        | 9534 +++++++++++++++++
 4 files changed, 9797 insertions(+), 31 deletions(-)
 create mode 100644 src/attack_flow_builder/attack/download_attack.js
 create mode 100644 src/attack_flow_builder/attack/update_attack_intel.js
 create mode 100644 src/attack_flow_builder/src/assets/builder.config.intel.ts

diff --git a/src/attack_flow_builder/attack/download_attack.js b/src/attack_flow_builder/attack/download_attack.js
new file mode 100644
index 00000000..7ae5fffd
--- /dev/null
+++ b/src/attack_flow_builder/attack/download_attack.js
@@ -0,0 +1,160 @@
+const https = require("https");
+
+/**
+ * @typedef {Object} AttackObject
+ *  An ATT&CK Object.
+ * @property {string} id
+ *  The object's ATT&CK id.
+ * @property {string} name
+ *  The object's ATT&CK name.
+ * @property {string} type
+ *  The object's type.
+ * @property {string} url
+ *  The object's ATT&CK url.
+ * @property {string} stixId
+ *  The object's STIX id.
+ * @property {boolean} deprecated
+ *  True if the ATT&CK object has been deprecated, false otherwise.
+ */
+
+/**
+ * A map that relates STIX types to ATT&CK types.
+ */
+const STIX_TO_ATTACK = {
+    "campaign"            : "campaign",
+    "course-of-action"    : "mitigation",
+    "intrusion-set"       : "group",
+    "malware"             : "software",
+    "tool"                : "software",
+    "x-mitre-data-source" : "data_source",
+    "x-mitre-tactic"      : "tactic",
+    "attack-pattern"      : "technique"
+}
+
+/**
+ * MITRE's source identifiers.
+ */
+const MITRE_SOURCES = new Set([
+    "mitre-attack",
+    "mitre-ics-attack",
+    "mitre-mobile-attack"
+])
+
+/**
+ * Fetches JSON data from a url.
+ * @param {string} url
+ *  The url.
+ * @param {Object} options
+ *  The request's options.
+ * @returns {Promise<Object>}
+ *  A Promise that resolves with the JSON data.
+ */
+function fetchJson(url, options = {}) {
+    return new Promise((resolve, reject) => {
+        https.get(url, options, res => {
+            let json = "";
+            res.on("data", chunk => {
+                json += chunk;
+            });
+            res.on("end", () => {
+                try {
+                    resolve(JSON.parse(json));
+                } catch(err) {
+                    reject(err)
+                }
+            })
+        }).on("error", (err) => {
+            reject(err);
+        });
+    })
+}
+
+
+/**
+ * Parses an ATT&CK object from a STIX object.
+ * @param {Object} obj
+ *  The STIX object.
+ * @returns {AttackObject}
+ *  The parsed ATT&CK object.
+ */
+function parseStixToAttackObject(obj) {
+
+    // Parse STIX id, name, and type directly
+    let parse = {
+        stixId : obj.id,
+        name   : obj.name,
+        type   : STIX_TO_ATTACK[obj.type]
+    }
+    
+    // Parse MITRE reference information
+    let mitreRef = obj.external_references.find(
+        o => MITRE_SOURCES.has(o.source_name)
+    );
+    if(!mitreRef) {
+        throw new Error("Missing MITRE reference information.")
+    }
+    parse.id  = mitreRef.external_id;
+    parse.url = mitreRef.url;
+
+    // Parse deprecation status
+    parse.deprecated = (obj.x_mitre_deprecated || obj.revoked) ?? false;
+    
+    // Return
+    return parse;
+}
+
+/**
+ * Parses a set of ATT&CK objects from a STIX manifest.
+ * @param {Object} data
+ *  The STIX manifest.
+ * @returns {AttackObject[]}
+ *  The parsed ATT&CK objects.
+ */
+function parseAttackObjectsFromManifest(data) {
+    let objs = []
+    for(let obj of data.objects) {
+        if(!(obj.type in STIX_TO_ATTACK)) {
+            continue;
+        }
+        objs.push(parseStixToAttackObject(obj));
+    }
+    return objs;
+}
+
+/**
+ * Fetches ATT&CK data from a set of STIX manifests.
+ * @param  {...string} urls
+ *  A list of STIX manifests specified by url.
+ * @returns {Promise<Map<string, AttackObject>>}
+ *  A Promise that resolves with the parsed ATT&CK data.
+ */
+async function fetchAttackData(...urls) {
+    console.log("→ Downloading ATT&CK Data...");
+    
+    // Parse objects
+    let catalog = new Map();
+    for(let url of urls) {
+        console.log(` → ${ url.length > 70 ? '...' : '' }${ url.substr(url.length - 70) }`);  
+        let objs = parseAttackObjectsFromManifest(await fetchJson(url));
+        for(let obj of objs) {
+            catalog.set(obj.stixId, obj);
+        }
+    }
+    
+    // Categorize catalog
+    let types = new Map(
+        Object.values(STIX_TO_ATTACK).map(v => [v, []])
+    );
+    for(let obj of catalog.values()) {
+        types.get(obj.type).push(obj);
+    }
+
+    // Return
+    return types;
+
+}
+
+/**
+ * Define exports.
+ */
+module.exports = { fetchAttackData }
diff --git a/src/attack_flow_builder/attack/update_attack_intel.js b/src/attack_flow_builder/attack/update_attack_intel.js
new file mode 100644
index 00000000..ed143ddc
--- /dev/null
+++ b/src/attack_flow_builder/attack/update_attack_intel.js
@@ -0,0 +1,70 @@
+const { resolve } = require("path");
+const { writeFileSync } = require("fs");
+const { fetchAttackData } = require("./download_attack");
+
+/**
+ * The base URL for the ATT&CK repository.
+ */
+const BASE_URL = "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master";
+
+/**
+ * The intel file's export key.
+ */
+const EXPORT_KEY = "intel";
+
+/**
+ * The intel file's path.
+ */
+const INTEL_FILE_PATH = "../src/assets/builder.config.intel.ts";
+
+/**
+ * JavaScript variable regex.
+ */
+const JS_VAR_REGEX = /^[a-z_$][a-z0-9_$]*$/i;
+
+/**
+ * Updates the specified intel file.
+ * @param {string} path
+ *  The intel file's path.
+ * @param  {...string} urls
+ *  A list of STIX manifests specified by url. 
+ */
+async function updateApplicationAttackIntel(path, ...urls) {
+    path = resolve(__dirname, path);
+    
+    // Validate export key
+    if(!JS_VAR_REGEX.test(EXPORT_KEY)) {
+        throw new Error(`Export key '${ EXPORT_KEY }' is not a valid variable name.`);
+    }
+    
+    // Collect intel
+    let types = await fetchAttackData(...urls);
+    console.log("→ Generating Application Intel File...");
+    let intel = {
+        tactics        : types.get("tactic"),
+        tactic_recs    : types.get("tactic").map(o => `${o.id} - ${o.name}`).sort(),
+        technique      : types.get("technique"),
+        technique_recs : types.get("technique").map(o => `${o.id} - ${o.name}`).sort()
+    };
+    
+    // Generate intel file
+    let file = "";
+    file += `export const ${ EXPORT_KEY } = `;
+    file += JSON.stringify(intel, null, 4);
+    file += `;\n\nexport default ${ EXPORT_KEY };\n`
+    writeFileSync(path, file);
+
+    // Done
+    console.log("\nIntelligence updated successfully.\n");
+
+}
+
+/**
+ * Main
+ */
+updateApplicationAttackIntel(
+    INTEL_FILE_PATH,
+    `${BASE_URL}/enterprise-attack/enterprise-attack-13.0.json`,
+    `${BASE_URL}/ics-attack/ics-attack-13.0.json`,
+    `${BASE_URL}/mobile-attack/mobile-attack-13.0.json`
+);
diff --git a/src/attack_flow_builder/package.json b/src/attack_flow_builder/package.json
index eaea43f3..986ea875 100644
--- a/src/attack_flow_builder/package.json
+++ b/src/attack_flow_builder/package.json
@@ -1,31 +1,33 @@
-{
-  "name": "attack-flow-builder",
-  "version": "2.0.1",
-  "private": true,
-  "scripts": {
-    "serve": "vue-cli-service serve",
-    "build": "vue-cli-service build",
-    "release": "standard-version"
-  },
-  "author": "mcarenzo",
-  "dependencies": {
-    "vue": "^3.0.0",
-    "vuex": "^4.0.0-0"
-  },
-  "devDependencies": {
-    "@types/d3": "^7.4.0",
-    "@types/resize-observer-browser": "^0.1.7",
-    "@vue/cli-plugin-typescript": "~4.5.15",
-    "@vue/cli-plugin-vuex": "~4.5.15",
-    "@vue/cli-service": "~4.5.15",
-    "@vue/compiler-sfc": "^3.0.0",
-    "d3": "^7.4.4",
-    "standard-version": "^9.3.2",
-    "typescript": "^4.1.5"
-  },
-  "browserslist": [
-    "> 1%",
-    "last 2 versions",
-    "not dead"
-  ]
-}
+{
+  "name": "attack-flow-builder",
+  "version": "2.0.1",
+  "private": true,
+  "scripts": {
+    "serve": "vue-cli-service serve",
+    "build": "vue-cli-service build",
+    "release": "standard-version",
+    "update-intel": "node ./attack/update_attack_intel.js"
+  },
+  "author": "mcarenzo",
+  "dependencies": {
+    "vue": "^3.0.0",
+    "vuex": "^4.0.0-0"
+  },
+  "devDependencies": {
+    "@types/d3": "^7.4.0",
+    "@types/resize-observer-browser": "^0.1.7",
+    "@vue/cli-plugin-typescript": "~4.5.15",
+    "@vue/cli-plugin-vuex": "~4.5.15",
+    "@vue/cli-service": "~4.5.15",
+    "@vue/compiler-sfc": "^3.0.0",
+    "d3": "^7.4.4",
+    "ssl-root-cas": "^1.3.1",
+    "standard-version": "^9.3.2",
+    "typescript": "^4.1.5"
+  },
+  "browserslist": [
+    "> 1%",
+    "last 2 versions",
+    "not dead"
+  ]
+}
diff --git a/src/attack_flow_builder/src/assets/builder.config.intel.ts b/src/attack_flow_builder/src/assets/builder.config.intel.ts
new file mode 100644
index 00000000..d7999a17
--- /dev/null
+++ b/src/attack_flow_builder/src/assets/builder.config.intel.ts
@@ -0,0 +1,9534 @@
+export const intel = {
+    "tactics": [
+        {
+            "stixId": "x-mitre-tactic--2558fd61-8c75-4730-94c4-11926db2a263",
+            "name": "Credential Access",
+            "type": "tactic",
+            "id": "TA0006",
+            "url": "https://attack.mitre.org/tactics/TA0006",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5",
+            "name": "Execution",
+            "type": "tactic",
+            "id": "TA0002",
+            "url": "https://attack.mitre.org/tactics/TA0002",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--5569339b-94c2-49ee-afb3-2222936582c8",
+            "name": "Impact",
+            "type": "tactic",
+            "id": "TA0040",
+            "url": "https://attack.mitre.org/tactics/TA0040",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92",
+            "name": "Persistence",
+            "type": "tactic",
+            "id": "TA0003",
+            "url": "https://attack.mitre.org/tactics/TA0003",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--5e29b093-294e-49e9-a803-dab3d73b77dd",
+            "name": "Privilege Escalation",
+            "type": "tactic",
+            "id": "TA0004",
+            "url": "https://attack.mitre.org/tactics/TA0004",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e",
+            "name": "Lateral Movement",
+            "type": "tactic",
+            "id": "TA0008",
+            "url": "https://attack.mitre.org/tactics/TA0008",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--78b23412-0651-46d7-a540-170a1ce8bd5a",
+            "name": "Defense Evasion",
+            "type": "tactic",
+            "id": "TA0005",
+            "url": "https://attack.mitre.org/tactics/TA0005",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--9a4e74ab-5008-408c-84bf-a10dfbc53462",
+            "name": "Exfiltration",
+            "type": "tactic",
+            "id": "TA0010",
+            "url": "https://attack.mitre.org/tactics/TA0010",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--c17c5845-175e-4421-9713-829d0573dbc9",
+            "name": "Discovery",
+            "type": "tactic",
+            "id": "TA0007",
+            "url": "https://attack.mitre.org/tactics/TA0007",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--d108ce10-2419-4cf9-a774-46161d6c6cfe",
+            "name": "Collection",
+            "type": "tactic",
+            "id": "TA0009",
+            "url": "https://attack.mitre.org/tactics/TA0009",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
+            "name": "Resource Development",
+            "type": "tactic",
+            "id": "TA0042",
+            "url": "https://attack.mitre.org/tactics/TA0042",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--daa4cbb1-b4f4-4723-a824-7f1efd6e0592",
+            "name": "Reconnaissance",
+            "type": "tactic",
+            "id": "TA0043",
+            "url": "https://attack.mitre.org/tactics/TA0043",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--f72804c5-f15a-449e-a5da-2eecd181f813",
+            "name": "Command and Control",
+            "type": "tactic",
+            "id": "TA0011",
+            "url": "https://attack.mitre.org/tactics/TA0011",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--ffd5bcee-6e16-4dd2-8eca-7b3beedf33ca",
+            "name": "Initial Access",
+            "type": "tactic",
+            "id": "TA0001",
+            "url": "https://attack.mitre.org/tactics/TA0001",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--298fe907-7931-4fd2-8131-2814dd493134",
+            "name": "Inhibit Response Function",
+            "type": "tactic",
+            "id": "TA0107",
+            "url": "https://attack.mitre.org/tactics/TA0107",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--33752ae7-f875-4f43-bdb6-d8d02d341046",
+            "name": "Privilege Escalation",
+            "type": "tactic",
+            "id": "TA0111",
+            "url": "https://attack.mitre.org/tactics/TA0111",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--51c25a9e-8615-40c0-8afd-1da578847924",
+            "name": "Lateral Movement",
+            "type": "tactic",
+            "id": "TA0109",
+            "url": "https://attack.mitre.org/tactics/TA0109",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--696af733-728e-49d7-8261-75fdc590f453",
+            "name": "Discovery",
+            "type": "tactic",
+            "id": "TA0102",
+            "url": "https://attack.mitre.org/tactics/TA0102",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--69da72d2-f550-41c5-ab9e-e8255707f28a",
+            "name": "Initial Access",
+            "type": "tactic",
+            "id": "TA0108",
+            "url": "https://attack.mitre.org/tactics/TA0108",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--77542f83-70d0-40c2-8a9d-ad2eb8b00279",
+            "name": "Impact",
+            "type": "tactic",
+            "id": "TA0105",
+            "url": "https://attack.mitre.org/tactics/TA0105",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--78f1d2ae-a579-44c4-8fc5-3e1775c73fac",
+            "name": "Persistence",
+            "type": "tactic",
+            "id": "TA0110",
+            "url": "https://attack.mitre.org/tactics/TA0110",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--93bf9a8e-b14c-4587-b6d5-9efc7c12eb45",
+            "name": "Execution",
+            "type": "tactic",
+            "id": "TA0104",
+            "url": "https://attack.mitre.org/tactics/TA0104",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--97c8ff73-bd14-4b6c-ac32-3d91d2c41e3f",
+            "name": "Command and Control",
+            "type": "tactic",
+            "id": "TA0101",
+            "url": "https://attack.mitre.org/tactics/TA0101",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--b2a67b1e-913c-46f6-b219-048a90560bb9",
+            "name": "Collection",
+            "type": "tactic",
+            "id": "TA0100",
+            "url": "https://attack.mitre.org/tactics/TA0100",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--ddf70682-f3ce-479c-a9a4-7eadf9bfead7",
+            "name": "Evasion",
+            "type": "tactic",
+            "id": "TA0103",
+            "url": "https://attack.mitre.org/tactics/TA0103",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--ff048b6c-b872-4218-b68c-3735ebd1f024",
+            "name": "Impair Process Control",
+            "type": "tactic",
+            "id": "TA0106",
+            "url": "https://attack.mitre.org/tactics/TA0106",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6",
+            "name": "Initial Access",
+            "type": "tactic",
+            "id": "TA0027",
+            "url": "https://attack.mitre.org/tactics/TA0027",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981",
+            "name": "Exfiltration",
+            "type": "tactic",
+            "id": "TA0036",
+            "url": "https://attack.mitre.org/tactics/TA0036",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54",
+            "name": "Persistence",
+            "type": "tactic",
+            "id": "TA0028",
+            "url": "https://attack.mitre.org/tactics/TA0028",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8",
+            "name": "Privilege Escalation",
+            "type": "tactic",
+            "id": "TA0029",
+            "url": "https://attack.mitre.org/tactics/TA0029",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3",
+            "name": "Command and Control",
+            "type": "tactic",
+            "id": "TA0037",
+            "url": "https://attack.mitre.org/tactics/TA0037",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756",
+            "name": "Execution",
+            "type": "tactic",
+            "id": "TA0041",
+            "url": "https://attack.mitre.org/tactics/TA0041",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e",
+            "name": "Impact",
+            "type": "tactic",
+            "id": "TA0034",
+            "url": "https://attack.mitre.org/tactics/TA0034",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10",
+            "name": "Credential Access",
+            "type": "tactic",
+            "id": "TA0031",
+            "url": "https://attack.mitre.org/tactics/TA0031",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba",
+            "name": "Collection",
+            "type": "tactic",
+            "id": "TA0035",
+            "url": "https://attack.mitre.org/tactics/TA0035",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f",
+            "name": "Lateral Movement",
+            "type": "tactic",
+            "id": "TA0033",
+            "url": "https://attack.mitre.org/tactics/TA0033",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df",
+            "name": "Defense Evasion",
+            "type": "tactic",
+            "id": "TA0030",
+            "url": "https://attack.mitre.org/tactics/TA0030",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210",
+            "name": "Network Effects",
+            "type": "tactic",
+            "id": "TA0038",
+            "url": "https://attack.mitre.org/tactics/TA0038",
+            "deprecated": true
+        },
+        {
+            "stixId": "x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1",
+            "name": "Discovery",
+            "type": "tactic",
+            "id": "TA0032",
+            "url": "https://attack.mitre.org/tactics/TA0032",
+            "deprecated": false
+        },
+        {
+            "stixId": "x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17",
+            "name": "Remote Service Effects",
+            "type": "tactic",
+            "id": "TA0039",
+            "url": "https://attack.mitre.org/tactics/TA0039",
+            "deprecated": true
+        }
+    ],
+    "tactic_recs": [
+        "TA0001 - Initial Access",
+        "TA0002 - Execution",
+        "TA0003 - Persistence",
+        "TA0004 - Privilege Escalation",
+        "TA0005 - Defense Evasion",
+        "TA0006 - Credential Access",
+        "TA0007 - Discovery",
+        "TA0008 - Lateral Movement",
+        "TA0009 - Collection",
+        "TA0010 - Exfiltration",
+        "TA0011 - Command and Control",
+        "TA0027 - Initial Access",
+        "TA0028 - Persistence",
+        "TA0029 - Privilege Escalation",
+        "TA0030 - Defense Evasion",
+        "TA0031 - Credential Access",
+        "TA0032 - Discovery",
+        "TA0033 - Lateral Movement",
+        "TA0034 - Impact",
+        "TA0035 - Collection",
+        "TA0036 - Exfiltration",
+        "TA0037 - Command and Control",
+        "TA0038 - Network Effects",
+        "TA0039 - Remote Service Effects",
+        "TA0040 - Impact",
+        "TA0041 - Execution",
+        "TA0042 - Resource Development",
+        "TA0043 - Reconnaissance",
+        "TA0100 - Collection",
+        "TA0101 - Command and Control",
+        "TA0102 - Discovery",
+        "TA0103 - Evasion",
+        "TA0104 - Execution",
+        "TA0105 - Impact",
+        "TA0106 - Impair Process Control",
+        "TA0107 - Inhibit Response Function",
+        "TA0108 - Initial Access",
+        "TA0109 - Lateral Movement",
+        "TA0110 - Persistence",
+        "TA0111 - Privilege Escalation"
+    ],
+    "technique": [
+        {
+            "stixId": "attack-pattern--0042a9f5-f053-4769-b3ef-9ad018dfa298",
+            "name": "Extra Window Memory Injection",
+            "type": "technique",
+            "id": "T1055.011",
+            "url": "https://attack.mitre.org/techniques/T1055/011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
+            "name": "Scheduled Task",
+            "type": "technique",
+            "id": "T1053.005",
+            "url": "https://attack.mitre.org/techniques/T1053/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--005cc321-08ce-4d17-b1ea-cb5275926520",
+            "name": "Socket Filters",
+            "type": "technique",
+            "id": "T1205.002",
+            "url": "https://attack.mitre.org/techniques/T1205/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--00d0b012-8a03-410e-95de-5826bf542de6",
+            "name": "Indicator Removal from Tools",
+            "type": "technique",
+            "id": "T1066",
+            "url": "https://attack.mitre.org/techniques/T1066",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--00f90846-cbd1-4fc5-9233-df5c2bf2a662",
+            "name": "Archive via Utility",
+            "type": "technique",
+            "id": "T1560.001",
+            "url": "https://attack.mitre.org/techniques/T1560/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--01327cde-66c4-4123-bf34-5f258d59457b",
+            "name": "VNC",
+            "type": "technique",
+            "id": "T1021.005",
+            "url": "https://attack.mitre.org/techniques/T1021/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--01a5a209-b94c-450b-b7f9-946497d91055",
+            "name": "Windows Management Instrumentation",
+            "type": "technique",
+            "id": "T1047",
+            "url": "https://attack.mitre.org/techniques/T1047",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--01df3350-ce05-4bdf-bdf8-0a919a66d4a8",
+            "name": "Malicious Shell Modification",
+            "type": "technique",
+            "id": "T1156",
+            "url": "https://attack.mitre.org/techniques/T1156",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--0259baeb-9f63-4c69-bf10-eb038c390688",
+            "name": "Screen Capture",
+            "type": "technique",
+            "id": "T1113",
+            "url": "https://attack.mitre.org/techniques/T1113",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--02c5abff-30bf-4703-ab92-1f6072fae939",
+            "name": "Fileless Storage",
+            "type": "technique",
+            "id": "T1027.011",
+            "url": "https://attack.mitre.org/techniques/T1027/011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--02fefddc-fb1b-423f-a76b-7552dd211d4d",
+            "name": "Bootkit",
+            "type": "technique",
+            "id": "T1067",
+            "url": "https://attack.mitre.org/techniques/T1067",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--03259939-0b57-482f-8eb5-87c0e0d54334",
+            "name": "Boot or Logon Initialization Scripts",
+            "type": "technique",
+            "id": "T1037",
+            "url": "https://attack.mitre.org/techniques/T1037",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
+            "name": "Adversary-in-the-Middle",
+            "type": "technique",
+            "id": "T1557",
+            "url": "https://attack.mitre.org/techniques/T1557",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--03d7999c-1f4c-42cc-8373-e7690d318104",
+            "name": "System Owner/User Discovery",
+            "type": "technique",
+            "id": "T1033",
+            "url": "https://attack.mitre.org/techniques/T1033",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2",
+            "name": "Acquire Infrastructure",
+            "type": "technique",
+            "id": "T1583",
+            "url": "https://attack.mitre.org/techniques/T1583",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--045d0922-2310-4e60-b5e4-3302302cb3c5",
+            "name": "Rundll32",
+            "type": "technique",
+            "id": "T1218.011",
+            "url": "https://attack.mitre.org/techniques/T1218/011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0470e792-32f8-46b0-a351-652bc35e9336",
+            "name": "Container and Resource Discovery",
+            "type": "technique",
+            "id": "T1613",
+            "url": "https://attack.mitre.org/techniques/T1613",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--04a5a8ab-3bc8-4c83-95c9-55274a89786d",
+            "name": "Serverless",
+            "type": "technique",
+            "id": "T1583.007",
+            "url": "https://attack.mitre.org/techniques/T1583/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--04ee0cb7-dac3-4c6c-9387-4c6aa096f4cf",
+            "name": "Hidden Window",
+            "type": "technique",
+            "id": "T1143",
+            "url": "https://attack.mitre.org/techniques/T1143",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--04ef4356-8926-45e2-9441-634b6f3dcecb",
+            "name": "LC_LOAD_DYLIB Addition",
+            "type": "technique",
+            "id": "T1161",
+            "url": "https://attack.mitre.org/techniques/T1161",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--04fd5427-79c7-44ea-ae13-11b24778ff1c",
+            "name": "Standard Encoding",
+            "type": "technique",
+            "id": "T1132.001",
+            "url": "https://attack.mitre.org/techniques/T1132/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0533ab23-3f7d-463f-9bd8-634d27e4dee1",
+            "name": "Embedded Payloads",
+            "type": "technique",
+            "id": "T1027.009",
+            "url": "https://attack.mitre.org/techniques/T1027/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--06780952-177c-4247-b978-79c357fb311f",
+            "name": "Plist Modification",
+            "type": "technique",
+            "id": "T1150",
+            "url": "https://attack.mitre.org/techniques/T1150",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--06c00069-771a-4d57-8ef5-d3718c1a8771",
+            "name": "Pluggable Authentication Modules",
+            "type": "technique",
+            "id": "T1556.003",
+            "url": "https://attack.mitre.org/techniques/T1556/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0708ae90-d0eb-4938-9a76-d0fc94f6eec1",
+            "name": "Revert Cloud Instance",
+            "type": "technique",
+            "id": "T1578.004",
+            "url": "https://attack.mitre.org/techniques/T1578/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--086952c4-5b90-4185-b573-02bad8e11953",
+            "name": "HISTCONTROL",
+            "type": "technique",
+            "id": "T1148",
+            "url": "https://attack.mitre.org/techniques/T1148",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--09312b1a-c3c6-4b45-9844-3ccc78e5d82f",
+            "name": "Gather Victim Host Information",
+            "type": "technique",
+            "id": "T1592",
+            "url": "https://attack.mitre.org/techniques/T1592",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0979abf9-4e26-43ec-9b6e-54efc4e70fca",
+            "name": "Digital Certificates",
+            "type": "technique",
+            "id": "T1596.003",
+            "url": "https://attack.mitre.org/techniques/T1596/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--09a60ea3-a8d1-4ae5-976e-5783248b72a4",
+            "name": "Keylogging",
+            "type": "technique",
+            "id": "T1056.001",
+            "url": "https://attack.mitre.org/techniques/T1056/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--09b130a2-a77e-4af0-a361-f46f9aad1345",
+            "name": "Linux and Mac File and Directory Permissions Modification",
+            "type": "technique",
+            "id": "T1222.002",
+            "url": "https://attack.mitre.org/techniques/T1222/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
+            "name": "Password Guessing",
+            "type": "technique",
+            "id": "T1110.001",
+            "url": "https://attack.mitre.org/techniques/T1110/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58",
+            "name": "PubPrn",
+            "type": "technique",
+            "id": "T1216.001",
+            "url": "https://attack.mitre.org/techniques/T1216/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0a241b6c-7bb2-48f9-98f7-128145b4d27f",
+            "name": "Purchase Technical Data",
+            "type": "technique",
+            "id": "T1597.002",
+            "url": "https://attack.mitre.org/techniques/T1597/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
+            "name": "OS Credential Dumping",
+            "type": "technique",
+            "id": "T1003",
+            "url": "https://attack.mitre.org/techniques/T1003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0a5231ec-41af-4a35-83d0-6bdf11f28c65",
+            "name": "Shared Modules",
+            "type": "technique",
+            "id": "T1129",
+            "url": "https://attack.mitre.org/techniques/T1129",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0ad7bc5c-235a-4048-944b-3b286676cb74",
+            "name": "Data from Configuration Repository",
+            "type": "technique",
+            "id": "T1602",
+            "url": "https://attack.mitre.org/techniques/T1602",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0af0ca99-357d-4ba1-805f-674fdfb7bef9",
+            "name": "Disk Structure Wipe",
+            "type": "technique",
+            "id": "T1561.002",
+            "url": "https://attack.mitre.org/techniques/T1561/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0bda01d5-4c1d-4062-8ee2-6872334383c3",
+            "name": "Direct Network Flood",
+            "type": "technique",
+            "id": "T1498.001",
+            "url": "https://attack.mitre.org/techniques/T1498/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0bf78622-e8d2-41da-a857-731472d61a92",
+            "name": "Stored Data Manipulation",
+            "type": "technique",
+            "id": "T1492",
+            "url": "https://attack.mitre.org/techniques/T1492",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--0c2d00da-7742-49e7-9928-4514e5075d32",
+            "name": "Path Interception by PATH Environment Variable",
+            "type": "technique",
+            "id": "T1574.007",
+            "url": "https://attack.mitre.org/techniques/T1574/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0c4b4fda-9062-47da-98b9-ceae2dcf052a",
+            "name": "Sharepoint",
+            "type": "technique",
+            "id": "T1213.002",
+            "url": "https://attack.mitre.org/techniques/T1213/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
+            "name": "Direct Volume Access",
+            "type": "technique",
+            "id": "T1006",
+            "url": "https://attack.mitre.org/techniques/T1006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0ca7beef-9bbc-4e35-97cf-437384ddce6a",
+            "name": "File System Permissions Weakness",
+            "type": "technique",
+            "id": "T1044",
+            "url": "https://attack.mitre.org/techniques/T1044",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--0cf55441-b176-4332-89e7-2c4c7799d0ff",
+            "name": "Email Hiding Rules",
+            "type": "technique",
+            "id": "T1564.008",
+            "url": "https://attack.mitre.org/techniques/T1564/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0cfe31a7-81fc-472c-bc45-e2808d1066a3",
+            "name": "External Defacement",
+            "type": "technique",
+            "id": "T1491.002",
+            "url": "https://attack.mitre.org/techniques/T1491/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0dbf5f1b-a560-4d51-ac1b-d70caab3e1f0",
+            "name": "LLMNR/NBT-NS Poisoning and Relay",
+            "type": "technique",
+            "id": "T1171",
+            "url": "https://attack.mitre.org/techniques/T1171",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--0dda99f0-4701-48ca-9774-8504922e92d3",
+            "name": "IP Addresses",
+            "type": "technique",
+            "id": "T1590.005",
+            "url": "https://attack.mitre.org/techniques/T1590/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0df05477-c572-4ed6-88a9-47c581f548f7",
+            "name": "OS Exhaustion Flood",
+            "type": "technique",
+            "id": "T1499.001",
+            "url": "https://attack.mitre.org/techniques/T1499/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b",
+            "name": "Rootkit",
+            "type": "technique",
+            "id": "T1014",
+            "url": "https://attack.mitre.org/techniques/T1014",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
+            "name": "PowerShell Profile",
+            "type": "technique",
+            "id": "T1546.013",
+            "url": "https://attack.mitre.org/techniques/T1546/013",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
+            "name": "JavaScript",
+            "type": "technique",
+            "id": "T1059.007",
+            "url": "https://attack.mitre.org/techniques/T1059/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0ff59227-8aa8-4c09-bf1f-925605bd07ea",
+            "name": "DNS",
+            "type": "technique",
+            "id": "T1590.002",
+            "url": "https://attack.mitre.org/techniques/T1590/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0fff2797-19cb-41ea-a5f1-8a9303b8158e",
+            "name": "Systemd Service",
+            "type": "technique",
+            "id": "T1501",
+            "url": "https://attack.mitre.org/techniques/T1501",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--101c3a64-9ba5-46c9-b573-5c501053cbca",
+            "name": "Elevated Execution with Prompt",
+            "type": "technique",
+            "id": "T1514",
+            "url": "https://attack.mitre.org/techniques/T1514",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1035cdf2-3e5f-446f-a7a7-e8f6d7925967",
+            "name": "Audio Capture",
+            "type": "technique",
+            "id": "T1123",
+            "url": "https://attack.mitre.org/techniques/T1123",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--106c0cf6-bf73-4601-9aa8-0945c2715ec5",
+            "name": "Create or Modify System Process",
+            "type": "technique",
+            "id": "T1543",
+            "url": "https://attack.mitre.org/techniques/T1543",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--10d51417-ee35-4589-b1ff-b6df1c334e8d",
+            "name": "External Remote Services",
+            "type": "technique",
+            "id": "T1133",
+            "url": "https://attack.mitre.org/techniques/T1133",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44",
+            "name": "Component Firmware",
+            "type": "technique",
+            "id": "T1109",
+            "url": "https://attack.mitre.org/techniques/T1109",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--10ff21b9-5a01-4268-a1b5-3b55015f1847",
+            "name": "LC_LOAD_DYLIB Addition",
+            "type": "technique",
+            "id": "T1546.006",
+            "url": "https://attack.mitre.org/techniques/T1546/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--10ffac09-e42d-4f56-ab20-db94c67d76ff",
+            "name": "Steal Web Session Cookie",
+            "type": "technique",
+            "id": "T1539",
+            "url": "https://attack.mitre.org/techniques/T1539",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1126cab1-c700-412f-a510-61f4937bb096",
+            "name": "Container Orchestration Job",
+            "type": "technique",
+            "id": "T1053.007",
+            "url": "https://attack.mitre.org/techniques/T1053/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--118f61a5-eb3e-4fb6-931f-2096647f4ecd",
+            "name": "Domain Generation Algorithms",
+            "type": "technique",
+            "id": "T1568.002",
+            "url": "https://attack.mitre.org/techniques/T1568/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--11f29a39-0942-4d62-92b6-fe236cf3066e",
+            "name": "Double File Extension",
+            "type": "technique",
+            "id": "T1036.007",
+            "url": "https://attack.mitre.org/techniques/T1036/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--120d5519-3098-4e1c-9191-2aa61232f073",
+            "name": "Bypass User Account Control",
+            "type": "technique",
+            "id": "T1548.002",
+            "url": "https://attack.mitre.org/techniques/T1548/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--128c55d3-aeba-469f-bd3e-c8996ab4112a",
+            "name": "Timestomp",
+            "type": "technique",
+            "id": "T1099",
+            "url": "https://attack.mitre.org/techniques/T1099",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--132d5b37-aac5-4378-a8dc-3127b18a73dc",
+            "name": "Internet Connection Discovery",
+            "type": "technique",
+            "id": "T1016.001",
+            "url": "https://attack.mitre.org/techniques/T1016/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1365fe3b-0f50-455d-b4da-266ce31c23b0",
+            "name": "Sudo and Sudo Caching",
+            "type": "technique",
+            "id": "T1548.003",
+            "url": "https://attack.mitre.org/techniques/T1548/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--143c0cbb-a297-4142-9624-87ffc778980b",
+            "name": "Archive via Custom Method",
+            "type": "technique",
+            "id": "T1560.003",
+            "url": "https://attack.mitre.org/techniques/T1560/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--144e007b-e638-431d-a894-45d90c54ab90",
+            "name": "Modify Cloud Compute Infrastructure",
+            "type": "technique",
+            "id": "T1578",
+            "url": "https://attack.mitre.org/techniques/T1578",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--155207c0-7f53-4f13-a06b-0a9907ef5096",
+            "name": "Malvertising",
+            "type": "technique",
+            "id": "T1583.008",
+            "url": "https://attack.mitre.org/techniques/T1583/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--15dbf668-795c-41e6-8219-f0447c0e64ce",
+            "name": "Permission Groups Discovery",
+            "type": "technique",
+            "id": "T1069",
+            "url": "https://attack.mitre.org/techniques/T1069",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1608f3e1-598a-42f4-a01a-2e252e81728f",
+            "name": "Email Collection",
+            "type": "technique",
+            "id": "T1114",
+            "url": "https://attack.mitre.org/techniques/T1114",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1644e709-12d2-41e5-a60f-3470991f5011",
+            "name": "Security Account Manager",
+            "type": "technique",
+            "id": "T1003.002",
+            "url": "https://attack.mitre.org/techniques/T1003/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--166de1c6-2814-4fe5-8438-4e80f76b169f",
+            "name": "WHOIS",
+            "type": "technique",
+            "id": "T1596.002",
+            "url": "https://attack.mitre.org/techniques/T1596/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--16ab6452-c3c1-497c-a47d-206018ca1ada",
+            "name": "System Firmware",
+            "type": "technique",
+            "id": "T1542.001",
+            "url": "https://attack.mitre.org/techniques/T1542/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--16cdd21f-da65-4e4f-bc04-dd7d198c7b26",
+            "name": "Search Victim-Owned Websites",
+            "type": "technique",
+            "id": "T1594",
+            "url": "https://attack.mitre.org/techniques/T1594",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
+            "name": "Cloud Groups",
+            "type": "technique",
+            "id": "T1069.003",
+            "url": "https://attack.mitre.org/techniques/T1069/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--17cc750b-e95b-4d7d-9dde-49e0de24148c",
+            "name": "Services Registry Permissions Weakness",
+            "type": "technique",
+            "id": "T1574.011",
+            "url": "https://attack.mitre.org/techniques/T1574/011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--17fd695c-b88c-455a-a3d1-43b6cb728532",
+            "name": "DNS/Passive DNS",
+            "type": "technique",
+            "id": "T1596.001",
+            "url": "https://attack.mitre.org/techniques/T1596/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--18cffc21-3260-437e-80e4-4ab8bf2ba5e9",
+            "name": "Application Exhaustion Flood",
+            "type": "technique",
+            "id": "T1499.003",
+            "url": "https://attack.mitre.org/techniques/T1499/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--18d4ab39-12ed-4a16-9fdb-ae311bba4a0f",
+            "name": "Rc.common",
+            "type": "technique",
+            "id": "T1163",
+            "url": "https://attack.mitre.org/techniques/T1163",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--191cc6af-1bb2-4344-ab5f-28e496638720",
+            "name": "Compromise Software Dependencies and Development Tools",
+            "type": "technique",
+            "id": "T1195.001",
+            "url": "https://attack.mitre.org/techniques/T1195/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--19401639-28d0-4c3c-adcc-bc2ba22f6421",
+            "name": "Digital Certificates",
+            "type": "technique",
+            "id": "T1588.004",
+            "url": "https://attack.mitre.org/techniques/T1588/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--197ef1b9-e764-46c3-b96c-23f77985dc81",
+            "name": "DNS Server",
+            "type": "technique",
+            "id": "T1583.002",
+            "url": "https://attack.mitre.org/techniques/T1583/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1988cc35-ced8-4dad-b2d1-7628488fa967",
+            "name": "Disk Wipe",
+            "type": "technique",
+            "id": "T1561",
+            "url": "https://attack.mitre.org/techniques/T1561",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1996eef1-ced3-4d7f-bf94-33298cabbf72",
+            "name": "DNS",
+            "type": "technique",
+            "id": "T1071.004",
+            "url": "https://attack.mitre.org/techniques/T1071/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--19bf235b-8620-4997-b5b4-94e0659ed7c3",
+            "name": "Cloud Instance Metadata API",
+            "type": "technique",
+            "id": "T1552.005",
+            "url": "https://attack.mitre.org/techniques/T1552/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1a80d097-54df-41d8-9d33-34e755ec5e72",
+            "name": "Securityd Memory",
+            "type": "technique",
+            "id": "T1555.002",
+            "url": "https://attack.mitre.org/techniques/T1555/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1b20efbf-8063-4fc3-a07d-b575318a301b",
+            "name": "Group Policy Discovery",
+            "type": "technique",
+            "id": "T1615",
+            "url": "https://attack.mitre.org/techniques/T1615",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1b7b1806-7746-41a1-a35d-e48dae25ddba",
+            "name": "Bootkit",
+            "type": "technique",
+            "id": "T1542.003",
+            "url": "https://attack.mitre.org/techniques/T1542/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1b7ba276-eedc-4951-a762-0ceea2c030ec",
+            "name": "Data from Removable Media",
+            "type": "technique",
+            "id": "T1025",
+            "url": "https://attack.mitre.org/techniques/T1025",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1b84d551-6de8-4b96-9930-d177677c3b1d",
+            "name": "Code Signing",
+            "type": "technique",
+            "id": "T1116",
+            "url": "https://attack.mitre.org/techniques/T1116",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1bae753e-8e52-4055-a66d-2ead90303ca9",
+            "name": "Mavinject",
+            "type": "technique",
+            "id": "T1218.013",
+            "url": "https://attack.mitre.org/techniques/T1218/013",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1c2fd73a-e634-44ed-b1b5-9e7cf7404e9f",
+            "name": "Cloud Instance Metadata API",
+            "type": "technique",
+            "id": "T1522",
+            "url": "https://attack.mitre.org/techniques/T1522",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1c338d0f-a65e-4073-a5c1-c06878849f21",
+            "name": "Process Hollowing",
+            "type": "technique",
+            "id": "T1093",
+            "url": "https://attack.mitre.org/techniques/T1093",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1c34f7aa-9341-4a48-bfab-af22e51aca6c",
+            "name": "Local Data Staging",
+            "type": "technique",
+            "id": "T1074.001",
+            "url": "https://attack.mitre.org/techniques/T1074/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
+            "name": "Match Legitimate Name or Location",
+            "type": "technique",
+            "id": "T1036.005",
+            "url": "https://attack.mitre.org/techniques/T1036/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1ce03c65-5946-4ac9-9d4d-66db87e024bd",
+            "name": "Domain Fronting",
+            "type": "technique",
+            "id": "T1172",
+            "url": "https://attack.mitre.org/techniques/T1172",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1cec9319-743b-4840-bb65-431547bce82a",
+            "name": "Digital Certificates",
+            "type": "technique",
+            "id": "T1587.003",
+            "url": "https://attack.mitre.org/techniques/T1587/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1cfcb312-b8d7-47a4-b560-4b16cc677292",
+            "name": "Stored Data Manipulation",
+            "type": "technique",
+            "id": "T1565.001",
+            "url": "https://attack.mitre.org/techniques/T1565/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1d24cdee-9ea2-4189-b08e-af110bf2435d",
+            "name": "Password Cracking",
+            "type": "technique",
+            "id": "T1110.002",
+            "url": "https://attack.mitre.org/techniques/T1110/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1df0326d-2fbc-4d08-a16b-48365f1e742d",
+            "name": "SID-History Injection",
+            "type": "technique",
+            "id": "T1178",
+            "url": "https://attack.mitre.org/techniques/T1178",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1e9eb839-294b-48cc-b0d3-c45555a2a004",
+            "name": "Local Email Collection",
+            "type": "technique",
+            "id": "T1114.001",
+            "url": "https://attack.mitre.org/techniques/T1114/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1eaebf46-e361-4437-bc23-d5d65a3b92e3",
+            "name": "Keychain",
+            "type": "technique",
+            "id": "T1555.001",
+            "url": "https://attack.mitre.org/techniques/T1555/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
+            "name": "Boot or Logon Autostart Execution",
+            "type": "technique",
+            "id": "T1547",
+            "url": "https://attack.mitre.org/techniques/T1547",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
+            "name": "LSA Secrets",
+            "type": "technique",
+            "id": "T1003.004",
+            "url": "https://attack.mitre.org/techniques/T1003/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1f47e2fd-fa77-4f2f-88ee-e85df308f125",
+            "name": "Port Monitors",
+            "type": "technique",
+            "id": "T1013",
+            "url": "https://attack.mitre.org/techniques/T1013",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1f9012ef-1e10-4e48-915e-e03563435fe8",
+            "name": "Weaken Encryption",
+            "type": "technique",
+            "id": "T1600",
+            "url": "https://attack.mitre.org/techniques/T1600",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1f9c2bae-b441-4f66-a8af-b65946ee72f2",
+            "name": "SAML Tokens",
+            "type": "technique",
+            "id": "T1606.002",
+            "url": "https://attack.mitre.org/techniques/T1606/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--20138b9d-1aac-4a26-8654-a36b6bbf2bba",
+            "name": "Spearphishing Link",
+            "type": "technique",
+            "id": "T1192",
+            "url": "https://attack.mitre.org/techniques/T1192",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--208884f1-7b83-4473-ac22-4e1cf6c41471",
+            "name": "Masquerade File Type",
+            "type": "technique",
+            "id": "T1036.008",
+            "url": "https://attack.mitre.org/techniques/T1036/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--20fb2507-d71c-455d-9b6d-6104461cf26b",
+            "name": "Service Stop",
+            "type": "technique",
+            "id": "T1489",
+            "url": "https://attack.mitre.org/techniques/T1489",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--212306d8-efa4-44c9-8c2d-ed3d2e224aa0",
+            "name": "Malware",
+            "type": "technique",
+            "id": "T1587.001",
+            "url": "https://attack.mitre.org/techniques/T1587/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--215190a9-9f02-4e83-bb5f-e0589965a302",
+            "name": "Regsvcs/Regasm",
+            "type": "technique",
+            "id": "T1121",
+            "url": "https://attack.mitre.org/techniques/T1121",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--215d9700-5881-48b8-8265-6449dbb7195d",
+            "name": "Device Driver Discovery",
+            "type": "technique",
+            "id": "T1652",
+            "url": "https://attack.mitre.org/techniques/T1652",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2169ba87-1146-4fc7-a118-12b72251db7e",
+            "name": "Sudo Caching",
+            "type": "technique",
+            "id": "T1206",
+            "url": "https://attack.mitre.org/techniques/T1206",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--21875073-b0ee-49e3-9077-1e2a885359af",
+            "name": "Domain Account",
+            "type": "technique",
+            "id": "T1087.002",
+            "url": "https://attack.mitre.org/techniques/T1087/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--22522668-ddf6-470b-a027-9d6866679f67",
+            "name": "Active Setup",
+            "type": "technique",
+            "id": "T1547.014",
+            "url": "https://attack.mitre.org/techniques/T1547/014",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--22905430-4901-4c2a-84f6-98243cb173f8",
+            "name": "Hide Artifacts",
+            "type": "technique",
+            "id": "T1564",
+            "url": "https://attack.mitre.org/techniques/T1564",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--232a7e42-cd6e-4902-8fe9-2960f529dd4d",
+            "name": "Dynamic Data Exchange",
+            "type": "technique",
+            "id": "T1559.002",
+            "url": "https://attack.mitre.org/techniques/T1559/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--232b7f21-adf9-4b42-b936-b9d6f7df856e",
+            "name": "Malicious File",
+            "type": "technique",
+            "id": "T1204.002",
+            "url": "https://attack.mitre.org/techniques/T1204/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2339cf19-8f1e-48f7-8a91-0262ba547b6f",
+            "name": "Identify Business Tempo",
+            "type": "technique",
+            "id": "T1591.003",
+            "url": "https://attack.mitre.org/techniques/T1591/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--241814ae-de3f-4656-b49e-f9a80764d4b7",
+            "name": "Security Software Discovery",
+            "type": "technique",
+            "id": "T1063",
+            "url": "https://attack.mitre.org/techniques/T1063",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--24286c33-d4a4-4419-85c2-1d094a896c26",
+            "name": "Hardware",
+            "type": "technique",
+            "id": "T1592.001",
+            "url": "https://attack.mitre.org/techniques/T1592/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
+            "name": "Taint Shared Content",
+            "type": "technique",
+            "id": "T1080",
+            "url": "https://attack.mitre.org/techniques/T1080",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--24769ab5-14bd-4f4e-a752-cfb185da53ee",
+            "name": "Domain Trust Modification",
+            "type": "technique",
+            "id": "T1484.002",
+            "url": "https://attack.mitre.org/techniques/T1484/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--24bfaeba-cb0d-4525-b3dc-507c77ecec41",
+            "name": "Symmetric Cryptography",
+            "type": "technique",
+            "id": "T1573.001",
+            "url": "https://attack.mitre.org/techniques/T1573/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--25659dd6-ea12-45c4-97e6-381e3e4b593e",
+            "name": "Local Account",
+            "type": "technique",
+            "id": "T1087.001",
+            "url": "https://attack.mitre.org/techniques/T1087/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2715c335-1bf2-4efe-9f18-0691317ff83b",
+            "name": "Securityd Memory",
+            "type": "technique",
+            "id": "T1167",
+            "url": "https://attack.mitre.org/techniques/T1167",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--274770e0-2612-4ccf-a678-ef8e7bad365d",
+            "name": "Social Media Accounts",
+            "type": "technique",
+            "id": "T1586.001",
+            "url": "https://attack.mitre.org/techniques/T1586/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--27960489-4e7f-461d-a62a-f5c0cb521e4a",
+            "name": "Application Access Token",
+            "type": "technique",
+            "id": "T1527",
+            "url": "https://attack.mitre.org/techniques/T1527",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--28170e17-8384-415c-8486-2e6b294cb803",
+            "name": "Safe Mode Boot",
+            "type": "technique",
+            "id": "T1562.009",
+            "url": "https://attack.mitre.org/techniques/T1562/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2892b9ee-ca9f-4723-b332-0dc6e843a8ae",
+            "name": "Screensaver",
+            "type": "technique",
+            "id": "T1180",
+            "url": "https://attack.mitre.org/techniques/T1180",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--28abec6c-4443-4b03-8206-07f2e264a6b4",
+            "name": "TFTP Boot",
+            "type": "technique",
+            "id": "T1542.005",
+            "url": "https://attack.mitre.org/techniques/T1542/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2959d63f-73fd-46a1-abd2-109d7dcede32",
+            "name": "Windows Service",
+            "type": "technique",
+            "id": "T1543.003",
+            "url": "https://attack.mitre.org/techniques/T1543/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--29ba5a15-3b7b-4732-b817-65ea8f6468e6",
+            "name": "Fast Flux DNS",
+            "type": "technique",
+            "id": "T1568.001",
+            "url": "https://attack.mitre.org/techniques/T1568/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--29be378d-262d-4e99-b00d-852d573628e6",
+            "name": "System Checks",
+            "type": "technique",
+            "id": "T1497.001",
+            "url": "https://attack.mitre.org/techniques/T1497/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2acf44aa-542f-4366-b4eb-55ef5747759c",
+            "name": "Cron",
+            "type": "technique",
+            "id": "T1053.003",
+            "url": "https://attack.mitre.org/techniques/T1053/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2aed01ad-3df3-4410-a8cb-11ea4ded587c",
+            "name": "Domain Groups",
+            "type": "technique",
+            "id": "T1069.002",
+            "url": "https://attack.mitre.org/techniques/T1069/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2b5aa86b-a0df-4382-848d-30abea443327",
+            "name": "Vulnerabilities",
+            "type": "technique",
+            "id": "T1588.006",
+            "url": "https://attack.mitre.org/techniques/T1588/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2b742742-28c3-4e1b-bab7-8350d6300fa7",
+            "name": "Spearphishing Link",
+            "type": "technique",
+            "id": "T1566.002",
+            "url": "https://attack.mitre.org/techniques/T1566/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2ba5aa71-9d15-4b22-b726-56af06d9ad2f",
+            "name": "Startup Items",
+            "type": "technique",
+            "id": "T1165",
+            "url": "https://attack.mitre.org/techniques/T1165",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--2bce5b30-7014-4a5d-ade7-12913fe6ac36",
+            "name": "Clear Linux or Mac System Logs",
+            "type": "technique",
+            "id": "T1070.002",
+            "url": "https://attack.mitre.org/techniques/T1070/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
+            "name": "Application or System Exploitation",
+            "type": "technique",
+            "id": "T1499.004",
+            "url": "https://attack.mitre.org/techniques/T1499/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2c4d4e92-0ccf-4a97-b54c-86d662988a53",
+            "name": "Office Application Startup",
+            "type": "technique",
+            "id": "T1137",
+            "url": "https://attack.mitre.org/techniques/T1137",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2cd950a6-16c4-404a-aa01-044322395107",
+            "name": "InstallUtil",
+            "type": "technique",
+            "id": "T1218.004",
+            "url": "https://attack.mitre.org/techniques/T1218/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2d3f5b3c-54ca-4f4d-bb1f-849346d31230",
+            "name": "Spearphishing Link",
+            "type": "technique",
+            "id": "T1598.003",
+            "url": "https://attack.mitre.org/techniques/T1598/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2db31dcd-54da-405d-acef-b9129b816ed6",
+            "name": "SSH",
+            "type": "technique",
+            "id": "T1021.004",
+            "url": "https://attack.mitre.org/techniques/T1021/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3",
+            "name": "Additional Cloud Roles",
+            "type": "technique",
+            "id": "T1098.003",
+            "url": "https://attack.mitre.org/techniques/T1098/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2de47683-f398-448f-b947-9abcc3e32fad",
+            "name": "Print Processors",
+            "type": "technique",
+            "id": "T1547.012",
+            "url": "https://attack.mitre.org/techniques/T1547/012",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2e0dd10b-676d-4964-acd0-8a404c92b044",
+            "name": "Disabling Security Tools",
+            "type": "technique",
+            "id": "T1089",
+            "url": "https://attack.mitre.org/techniques/T1089",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--2e114e45-2c50-404c-804a-3af9564d240e",
+            "name": "Disk Structure Wipe",
+            "type": "technique",
+            "id": "T1487",
+            "url": "https://attack.mitre.org/techniques/T1487",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--2e34237d-8574-43f6-aace-ae2915de8597",
+            "name": "Spearphishing Attachment",
+            "type": "technique",
+            "id": "T1566.001",
+            "url": "https://attack.mitre.org/techniques/T1566/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2edd9d6a-5674-4326-a600-ba56de467286",
+            "name": "Credentials in Registry",
+            "type": "technique",
+            "id": "T1214",
+            "url": "https://attack.mitre.org/techniques/T1214",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--2f41939b-54c3-41d6-8f8b-35f1ec18ed97",
+            "name": "Stripped Payloads",
+            "type": "technique",
+            "id": "T1027.008",
+            "url": "https://attack.mitre.org/techniques/T1027/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64",
+            "name": "Component Object Model",
+            "type": "technique",
+            "id": "T1559.001",
+            "url": "https://attack.mitre.org/techniques/T1559/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2fee9321-3e71-4cf4-af24-d4d40d355b34",
+            "name": "DLL Search Order Hijacking",
+            "type": "technique",
+            "id": "T1574.001",
+            "url": "https://attack.mitre.org/techniques/T1574/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--30208d3e-0d6b-43c8-883e-44462a514619",
+            "name": "Automated Collection",
+            "type": "technique",
+            "id": "T1119",
+            "url": "https://attack.mitre.org/techniques/T1119",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--30973a08-aed9-4edf-8604-9084ce1b5c4f",
+            "name": "Clipboard Data",
+            "type": "technique",
+            "id": "T1115",
+            "url": "https://attack.mitre.org/techniques/T1115",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3120b9fa-23b8-4500-ae73-09494f607b7d",
+            "name": "Proc Filesystem",
+            "type": "technique",
+            "id": "T1003.007",
+            "url": "https://attack.mitre.org/techniques/T1003/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--31225cd3-cd46-4575-b287-c2c14011c074",
+            "name": "Botnet",
+            "type": "technique",
+            "id": "T1583.005",
+            "url": "https://attack.mitre.org/techniques/T1583/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--315f51f0-6b03-4c1e-bfb2-84740afb8e21",
+            "name": "Password Managers",
+            "type": "technique",
+            "id": "T1555.005",
+            "url": "https://attack.mitre.org/techniques/T1555/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--317fefa6-46c7-4062-adb6-2008cf6bcb41",
+            "name": "AppInit DLLs",
+            "type": "technique",
+            "id": "T1103",
+            "url": "https://attack.mitre.org/techniques/T1103",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e",
+            "name": "Gatekeeper Bypass",
+            "type": "technique",
+            "id": "T1553.001",
+            "url": "https://attack.mitre.org/techniques/T1553/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--31fe0ba2-62fd-4fd9-9293-4043d84f7fe9",
+            "name": "Drive-by Target",
+            "type": "technique",
+            "id": "T1608.004",
+            "url": "https://attack.mitre.org/techniques/T1608/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--322bad5a-1c49-4d23-ab79-76d641794afa",
+            "name": "System Service Discovery",
+            "type": "technique",
+            "id": "T1007",
+            "url": "https://attack.mitre.org/techniques/T1007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3257eb21-f9a7-4430-8de1-d8b6e288f529",
+            "name": "Network Sniffing",
+            "type": "technique",
+            "id": "T1040",
+            "url": "https://attack.mitre.org/techniques/T1040",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61",
+            "name": "Application Deployment Software",
+            "type": "technique",
+            "id": "T1017",
+            "url": "https://attack.mitre.org/techniques/T1017",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--32901740-b42c-4fdd-bc02-345b5dc57082",
+            "name": "Code Signing",
+            "type": "technique",
+            "id": "T1553.002",
+            "url": "https://attack.mitre.org/techniques/T1553/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3298ce88-1628-43b1-87d9-0b5336b193d7",
+            "name": "Data from Cloud Storage",
+            "type": "technique",
+            "id": "T1530",
+            "url": "https://attack.mitre.org/techniques/T1530",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
+            "name": "Runtime Data Manipulation",
+            "type": "technique",
+            "id": "T1565.003",
+            "url": "https://attack.mitre.org/techniques/T1565/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--341e222a-a6e3-4f6f-b69c-831d792b1580",
+            "name": "Credentials in Registry",
+            "type": "technique",
+            "id": "T1552.002",
+            "url": "https://attack.mitre.org/techniques/T1552/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3489cfc5-640f-4bb3-a103-9137b97de79f",
+            "name": "Network Share Discovery",
+            "type": "technique",
+            "id": "T1135",
+            "url": "https://attack.mitre.org/techniques/T1135",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--348f1eef-964b-4eb6-bb53-69b3dcb0c643",
+            "name": "Peripheral Device Discovery",
+            "type": "technique",
+            "id": "T1120",
+            "url": "https://attack.mitre.org/techniques/T1120",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--34ab90a3-05f6-4259-8f21-621081fdaba5",
+            "name": "Network Topology",
+            "type": "technique",
+            "id": "T1590.004",
+            "url": "https://attack.mitre.org/techniques/T1590/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--34b3f738-bd64-40e5-a112-29b0542bc8bf",
+            "name": "Code Signing Certificates",
+            "type": "technique",
+            "id": "T1587.002",
+            "url": "https://attack.mitre.org/techniques/T1587/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--34e793de-0274-4982-9c1a-246ed1c19dee",
+            "name": "Windows File and Directory Permissions Modification",
+            "type": "technique",
+            "id": "T1222.001",
+            "url": "https://attack.mitre.org/techniques/T1222/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--34f1d81d-fe88-4f97-bd3b-a3164536255d",
+            "name": "Add-ins",
+            "type": "technique",
+            "id": "T1137.006",
+            "url": "https://attack.mitre.org/techniques/T1137/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--35187df2-31ed-43b6-a1f5-2f1d3d58d3f1",
+            "name": "Transport Agent",
+            "type": "technique",
+            "id": "T1505.002",
+            "url": "https://attack.mitre.org/techniques/T1505/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--354a7f88-63fb-41b5-a801-ce3b377b36f1",
+            "name": "System Information Discovery",
+            "type": "technique",
+            "id": "T1082",
+            "url": "https://attack.mitre.org/techniques/T1082",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--355be19c-ffc9-46d5-8d50-d6a036c675b6",
+            "name": "Application Layer Protocol",
+            "type": "technique",
+            "id": "T1071",
+            "url": "https://attack.mitre.org/techniques/T1071",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--359b00ad-9425-420b-bba5-6de8d600cbc0",
+            "name": "Remote Data Staging",
+            "type": "technique",
+            "id": "T1074.002",
+            "url": "https://attack.mitre.org/techniques/T1074/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9",
+            "name": "Scheduled Task/Job",
+            "type": "technique",
+            "id": "T1053",
+            "url": "https://attack.mitre.org/techniques/T1053",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--365be77f-fc0e-42ee-bac8-4faf806d9336",
+            "name": "Msiexec",
+            "type": "technique",
+            "id": "T1218.007",
+            "url": "https://attack.mitre.org/techniques/T1218/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--36675cd3-fe00-454c-8516-aebecacbe9d9",
+            "name": "Login Item",
+            "type": "technique",
+            "id": "T1162",
+            "url": "https://attack.mitre.org/techniques/T1162",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--36aa137f-5166-41f8-b2f0-a4cfa1b4133e",
+            "name": "Network Trust Dependencies",
+            "type": "technique",
+            "id": "T1590.003",
+            "url": "https://attack.mitre.org/techniques/T1590/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--36b2a1d7-e09e-49bf-b45e-477076c2ec01",
+            "name": "Reflection Amplification",
+            "type": "technique",
+            "id": "T1498.002",
+            "url": "https://attack.mitre.org/techniques/T1498/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3731fbcd-0e43-47ae-ae6c-d15e510f0d42",
+            "name": "Password Filter DLL",
+            "type": "technique",
+            "id": "T1556.002",
+            "url": "https://attack.mitre.org/techniques/T1556/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--379809f6-2fac-42c1-bd2e-e9dee70b27f8",
+            "name": "Terminal Services DLL",
+            "type": "technique",
+            "id": "T1505.005",
+            "url": "https://attack.mitre.org/techniques/T1505/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--37b11151-1776-4f8f-b328-30939fbf2ceb",
+            "name": "AppleScript",
+            "type": "technique",
+            "id": "T1059.002",
+            "url": "https://attack.mitre.org/techniques/T1059/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--389735f1-f21c-4208-b8f0-f8031e7169b8",
+            "name": "Browser Extensions",
+            "type": "technique",
+            "id": "T1176",
+            "url": "https://attack.mitre.org/techniques/T1176",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--38eb0c22-6caf-46ce-8869-5964bd735858",
+            "name": "Service Exhaustion Flood",
+            "type": "technique",
+            "id": "T1499.002",
+            "url": "https://attack.mitre.org/techniques/T1499/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--39131305-9282-45e4-ac3b-591d2d4fc3ef",
+            "name": "Compromise Hardware Supply Chain",
+            "type": "technique",
+            "id": "T1195.003",
+            "url": "https://attack.mitre.org/techniques/T1195/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--391d824f-0ef1-47a0-b0ee-c59a75e27670",
+            "name": "Native API",
+            "type": "technique",
+            "id": "T1106",
+            "url": "https://attack.mitre.org/techniques/T1106",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
+            "name": "Clear Network Connection History and Configurations",
+            "type": "technique",
+            "id": "T1070.007",
+            "url": "https://attack.mitre.org/techniques/T1070/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3986e7fd-a8e9-4ecb-bfc6-55920855912b",
+            "name": "AS-REP Roasting",
+            "type": "technique",
+            "id": "T1558.004",
+            "url": "https://attack.mitre.org/techniques/T1558/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--39a130e1-6ab7-434a-8bd2-418e7d9d6427",
+            "name": "Service Registry Permissions Weakness",
+            "type": "technique",
+            "id": "T1058",
+            "url": "https://attack.mitre.org/techniques/T1058",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--39cc9f64-cf74-4a48-a4d8-fe98c54a02e0",
+            "name": "Virtual Private Server",
+            "type": "technique",
+            "id": "T1584.003",
+            "url": "https://attack.mitre.org/techniques/T1584/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3a40f208-a9c1-4efa-a598-4003c3681fb8",
+            "name": "Reduce Key Space",
+            "type": "technique",
+            "id": "T1600.001",
+            "url": "https://attack.mitre.org/techniques/T1600/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3aef9463-9a7a-43ba-8957-a867e07c1e6a",
+            "name": "Clear Command History",
+            "type": "technique",
+            "id": "T1070.003",
+            "url": "https://attack.mitre.org/techniques/T1070/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3b0e52ce-517a-4614-a523-1bd5deef6c5e",
+            "name": "Indirect Command Execution",
+            "type": "technique",
+            "id": "T1202",
+            "url": "https://attack.mitre.org/techniques/T1202",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d",
+            "name": "Custom Cryptographic Protocol",
+            "type": "technique",
+            "id": "T1024",
+            "url": "https://attack.mitre.org/techniques/T1024",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--3b4121aa-fc8b-40c8-ac4f-afcb5838b72c",
+            "name": "Revert Cloud Instance",
+            "type": "technique",
+            "id": "T1536",
+            "url": "https://attack.mitre.org/techniques/T1536",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--3b744087-9945-4a6f-91e8-9dbceda417a4",
+            "name": "Replication Through Removable Media",
+            "type": "technique",
+            "id": "T1091",
+            "url": "https://attack.mitre.org/techniques/T1091",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
+            "name": "Data from Local System",
+            "type": "technique",
+            "id": "T1005",
+            "url": "https://attack.mitre.org/techniques/T1005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3ccef7ae-cb5e-48f6-8302-897105fbf55c",
+            "name": "Deobfuscate/Decode Files or Information",
+            "type": "technique",
+            "id": "T1140",
+            "url": "https://attack.mitre.org/techniques/T1140",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3d1b9d7e-3921-4d25-845a-7d9f15c0da44",
+            "name": "Outlook Rules",
+            "type": "technique",
+            "id": "T1137.005",
+            "url": "https://attack.mitre.org/techniques/T1137/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3d333250-30e4-4a82-9edc-756c68afc529",
+            "name": "Impair Defenses",
+            "type": "technique",
+            "id": "T1562",
+            "url": "https://attack.mitre.org/techniques/T1562",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3d52e51e-f6db-4719-813c-48002a99f43a",
+            "name": "Cloud Accounts",
+            "type": "technique",
+            "id": "T1586.003",
+            "url": "https://attack.mitre.org/techniques/T1586/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b",
+            "name": "Email Accounts",
+            "type": "technique",
+            "id": "T1586.002",
+            "url": "https://attack.mitre.org/techniques/T1586/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3ee16395-03f0-4690-a32e-69ce9ada0f9e",
+            "name": "Upload Malware",
+            "type": "technique",
+            "id": "T1608.001",
+            "url": "https://attack.mitre.org/techniques/T1608/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
+            "name": "Supply Chain Compromise",
+            "type": "technique",
+            "id": "T1195",
+            "url": "https://attack.mitre.org/techniques/T1195",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3f886f2a-874f-4333-b794-aa6075009b1c",
+            "name": "Exploit Public-Facing Application",
+            "type": "technique",
+            "id": "T1190",
+            "url": "https://attack.mitre.org/techniques/T1190",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3fc01293-ef5e-41c6-86ce-61f10706b64a",
+            "name": "Steal or Forge Kerberos Tickets",
+            "type": "technique",
+            "id": "T1558",
+            "url": "https://attack.mitre.org/techniques/T1558",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3fc9b85a-2862-4363-a64d-d692e3ffbee0",
+            "name": "Credentials from Password Stores",
+            "type": "technique",
+            "id": "T1555",
+            "url": "https://attack.mitre.org/techniques/T1555",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--40597f16-0963-4249-bf4c-ac93b7fb9807",
+            "name": "Exfiltration Over Web Service",
+            "type": "technique",
+            "id": "T1567",
+            "url": "https://attack.mitre.org/techniques/T1567",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4061e78c-1284-44b4-9116-73e4ac3912f7",
+            "name": "Remote Access Software",
+            "type": "technique",
+            "id": "T1219",
+            "url": "https://attack.mitre.org/techniques/T1219",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--40f5caa0-4cb7-4117-89fc-d421bb493df3",
+            "name": "Domains",
+            "type": "technique",
+            "id": "T1583.001",
+            "url": "https://attack.mitre.org/techniques/T1583/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--41868330-6ee2-4d0f-b743-9f2294c3c9b6",
+            "name": "Archive via Library",
+            "type": "technique",
+            "id": "T1560.002",
+            "url": "https://attack.mitre.org/techniques/T1560/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--41d9846c-f6af-4302-a654-24bba2729bc6",
+            "name": "Thread Execution Hijacking",
+            "type": "technique",
+            "id": "T1055.003",
+            "url": "https://attack.mitre.org/techniques/T1055/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--428ca9f8-0e33-442a-be87-f869cb4cf73e",
+            "name": "Multilayer Encryption",
+            "type": "technique",
+            "id": "T1079",
+            "url": "https://attack.mitre.org/techniques/T1079",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--42e8de7b-37b2-4258-905a-6897815e58e0",
+            "name": "Masquerading",
+            "type": "technique",
+            "id": "T1036",
+            "url": "https://attack.mitre.org/techniques/T1036",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--42fe883a-21ea-4cfb-b94a-78b6476dcc83",
+            "name": "Application Shimming",
+            "type": "technique",
+            "id": "T1546.011",
+            "url": "https://attack.mitre.org/techniques/T1546/011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--435dfb86-2697-4867-85b5-2fef496c0517",
+            "name": "Unsecured Credentials",
+            "type": "technique",
+            "id": "T1552",
+            "url": "https://attack.mitre.org/techniques/T1552",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--43881e51-ac74-445b-b4c6-f9f9e9bf23fe",
+            "name": "Port Monitors",
+            "type": "technique",
+            "id": "T1547.010",
+            "url": "https://attack.mitre.org/techniques/T1547/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--438c967d-3996-4870-bfc2-3954752a1927",
+            "name": "Clear Mailbox Data",
+            "type": "technique",
+            "id": "T1070.008",
+            "url": "https://attack.mitre.org/techniques/T1070/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
+            "name": "Login Hook",
+            "type": "technique",
+            "id": "T1037.002",
+            "url": "https://attack.mitre.org/techniques/T1037/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
+            "name": "Process Injection",
+            "type": "technique",
+            "id": "T1055",
+            "url": "https://attack.mitre.org/techniques/T1055",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--44dca04b-808d-46ca-b25f-d85236d4b9f8",
+            "name": "Bash History",
+            "type": "technique",
+            "id": "T1139",
+            "url": "https://attack.mitre.org/techniques/T1139",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--451a9977-d255-43c9-b431-66de80130c8c",
+            "name": "Traffic Signaling",
+            "type": "technique",
+            "id": "T1205",
+            "url": "https://attack.mitre.org/techniques/T1205",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4579d9c9-d5b9-45e0-9848-0104637b579f",
+            "name": "Credentials from Web Browsers",
+            "type": "technique",
+            "id": "T1503",
+            "url": "https://attack.mitre.org/techniques/T1503",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--457c7820-d331-465a-915e-42f85500ccc4",
+            "name": "System Binary Proxy Execution",
+            "type": "technique",
+            "id": "T1218",
+            "url": "https://attack.mitre.org/techniques/T1218",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--45d84c8b-c1e2-474d-a14d-69b5de0a2bc0",
+            "name": "Source",
+            "type": "technique",
+            "id": "T1153",
+            "url": "https://attack.mitre.org/techniques/T1153",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--46944654-fcc1-4f63-9dad-628102376586",
+            "name": "DLL Search Order Hijacking",
+            "type": "technique",
+            "id": "T1038",
+            "url": "https://attack.mitre.org/techniques/T1038",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--478aa214-2ca7-4ec0-9978-18798e514790",
+            "name": "New Service",
+            "type": "technique",
+            "id": "T1050",
+            "url": "https://attack.mitre.org/techniques/T1050",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--47f2d673-ca62-47e9-929b-1b0be9657611",
+            "name": "Timestomp",
+            "type": "technique",
+            "id": "T1070.006",
+            "url": "https://attack.mitre.org/techniques/T1070/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4933e63b-9b77-476e-ab29-761bc5b7d15a",
+            "name": "Reflective Code Loading",
+            "type": "technique",
+            "id": "T1620",
+            "url": "https://attack.mitre.org/techniques/T1620",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4a5b7ade-8bb5-4853-84ed-23f262002665",
+            "name": "Escape to Host",
+            "type": "technique",
+            "id": "T1611",
+            "url": "https://attack.mitre.org/techniques/T1611",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
+            "name": "Shortcut Modification",
+            "type": "technique",
+            "id": "T1547.009",
+            "url": "https://attack.mitre.org/techniques/T1547/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4ae4f953-fe58-4cc8-a327-33257e30a830",
+            "name": "Application Window Discovery",
+            "type": "technique",
+            "id": "T1010",
+            "url": "https://attack.mitre.org/techniques/T1010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
+            "name": "Standard Cryptographic Protocol",
+            "type": "technique",
+            "id": "T1032",
+            "url": "https://attack.mitre.org/techniques/T1032",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--4bc31b94-045b-4752-8920-aebaebdb6470",
+            "name": "Email Account",
+            "type": "technique",
+            "id": "T1087.003",
+            "url": "https://attack.mitre.org/techniques/T1087/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4be89c7c-ace6-4876-9377-c8d54cef3d63",
+            "name": "Hypervisor",
+            "type": "technique",
+            "id": "T1062",
+            "url": "https://attack.mitre.org/techniques/T1062",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--4bed873f-0b7d-41d4-b93a-b6905d1f90b0",
+            "name": "Time Based Evasion",
+            "type": "technique",
+            "id": "T1497.003",
+            "url": "https://attack.mitre.org/techniques/T1497/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4bf5845d-a814-4490-bc5c-ccdee6043025",
+            "name": "AppCert DLLs",
+            "type": "technique",
+            "id": "T1182",
+            "url": "https://attack.mitre.org/techniques/T1182",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
+            "name": "CMSTP",
+            "type": "technique",
+            "id": "T1218.003",
+            "url": "https://attack.mitre.org/techniques/T1218/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4d2a5b3e-340d-4600-9123-309dd63c9bf8",
+            "name": "SSH Hijacking",
+            "type": "technique",
+            "id": "T1563.001",
+            "url": "https://attack.mitre.org/techniques/T1563/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4eb28bed-d11a-4641-9863-c2ac017d910a",
+            "name": "Disable Windows Event Logging",
+            "type": "technique",
+            "id": "T1562.002",
+            "url": "https://attack.mitre.org/techniques/T1562/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4eeaf8a9-c86b-4954-a663-9555fb406466",
+            "name": "Scheduled Transfer",
+            "type": "technique",
+            "id": "T1029",
+            "url": "https://attack.mitre.org/techniques/T1029",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4f9ca633-15c5-463c-9724-bdcd54fde541",
+            "name": "SMB/Windows Admin Shares",
+            "type": "technique",
+            "id": "T1021.002",
+            "url": "https://attack.mitre.org/techniques/T1021/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f",
+            "name": "Implant Internal Image",
+            "type": "technique",
+            "id": "T1525",
+            "url": "https://attack.mitre.org/techniques/T1525",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4fe28b27-b13c-453e-a386-c2ef362a573b",
+            "name": "Protocol Tunneling",
+            "type": "technique",
+            "id": "T1572",
+            "url": "https://attack.mitre.org/techniques/T1572",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4ff5d6a8-c062-4c68-a778-36fc5edd564f",
+            "name": "Control Panel",
+            "type": "technique",
+            "id": "T1218.002",
+            "url": "https://attack.mitre.org/techniques/T1218/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4ffc1794-ec3b-45be-9e52-42dbcb2af2de",
+            "name": "Network Address Translation Traversal",
+            "type": "technique",
+            "id": "T1599.001",
+            "url": "https://attack.mitre.org/techniques/T1599/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--506f6f49-7045-4156-9007-7474cb44ad6d",
+            "name": "Upload Tool",
+            "type": "technique",
+            "id": "T1608.002",
+            "url": "https://attack.mitre.org/techniques/T1608/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5095a853-299c-4876-abd7-ac0050fb5462",
+            "name": "Security Support Provider",
+            "type": "technique",
+            "id": "T1547.005",
+            "url": "https://attack.mitre.org/techniques/T1547/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--514ede4c-78b3-4d78-a38b-daddf6217a79",
+            "name": "Winlogon Helper DLL",
+            "type": "technique",
+            "id": "T1004",
+            "url": "https://attack.mitre.org/techniques/T1004",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--519630c5-f03f-4882-825c-3af924935817",
+            "name": "Binary Padding",
+            "type": "technique",
+            "id": "T1009",
+            "url": "https://attack.mitre.org/techniques/T1009",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--51a14c76-dd3b-440b-9c20-2bf91d25a814",
+            "name": "Use Alternate Authentication Material",
+            "type": "technique",
+            "id": "T1550",
+            "url": "https://attack.mitre.org/techniques/T1550",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
+            "name": "Remote Desktop Protocol",
+            "type": "technique",
+            "id": "T1076",
+            "url": "https://attack.mitre.org/techniques/T1076",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--51e54974-a541-4fb6-a61b-0518e4c6de41",
+            "name": "Threat Intel Vendors",
+            "type": "technique",
+            "id": "T1597.001",
+            "url": "https://attack.mitre.org/techniques/T1597/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
+            "name": "Exfiltration Over Other Network Medium",
+            "type": "technique",
+            "id": "T1011",
+            "url": "https://attack.mitre.org/techniques/T1011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
+            "name": "Network Device Configuration Dump",
+            "type": "technique",
+            "id": "T1602.002",
+            "url": "https://attack.mitre.org/techniques/T1602/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5282dd9a-d26d-4e16-88b7-7c0f4553daf4",
+            "name": "Gather Victim Identity Information",
+            "type": "technique",
+            "id": "T1589",
+            "url": "https://attack.mitre.org/techniques/T1589",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--52d40641-c480-4ad5-81a3-c80ccaddf82d",
+            "name": "Authentication Package",
+            "type": "technique",
+            "id": "T1131",
+            "url": "https://attack.mitre.org/techniques/T1131",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--52f3d5a6-8a0f-4f82-977e-750abf90d0b0",
+            "name": "Extra Window Memory Injection",
+            "type": "technique",
+            "id": "T1181",
+            "url": "https://attack.mitre.org/techniques/T1181",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--5372c5fe-f424-4def-bcd5-d3a8e770f07b",
+            "name": "Disable or Modify System Firewall",
+            "type": "technique",
+            "id": "T1562.004",
+            "url": "https://attack.mitre.org/techniques/T1562/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a",
+            "name": "Archive Collected Data",
+            "type": "technique",
+            "id": "T1560",
+            "url": "https://attack.mitre.org/techniques/T1560",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--53bfc8bf-8f76-4cd7-8958-49a884ddb3ee",
+            "name": "Launchctl",
+            "type": "technique",
+            "id": "T1152",
+            "url": "https://attack.mitre.org/techniques/T1152",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--543fceb5-cb92-40cb-aacf-6913d4db58bc",
+            "name": "SIP and Trust Provider Hijacking",
+            "type": "technique",
+            "id": "T1553.003",
+            "url": "https://attack.mitre.org/techniques/T1553/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--54456690-84de-4538-9101-643e26437e09",
+            "name": "Domain Generation Algorithms",
+            "type": "technique",
+            "id": "T1483",
+            "url": "https://attack.mitre.org/techniques/T1483",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--544b0346-29ad-41e1-a808-501bb4193f47",
+            "name": "Browser Session Hijacking",
+            "type": "technique",
+            "id": "T1185",
+            "url": "https://attack.mitre.org/techniques/T1185",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--54a649ff-439a-41a4-9856-8d144a2551ba",
+            "name": "Remote Services",
+            "type": "technique",
+            "id": "T1021",
+            "url": "https://attack.mitre.org/techniques/T1021",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b",
+            "name": "Mail Protocols",
+            "type": "technique",
+            "id": "T1071.003",
+            "url": "https://attack.mitre.org/techniques/T1071/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--54ca26f3-c172-4231-93e5-ccebcac2161f",
+            "name": "Hybrid Identity",
+            "type": "technique",
+            "id": "T1556.007",
+            "url": "https://attack.mitre.org/techniques/T1556/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4",
+            "name": "Vulnerability Scanning",
+            "type": "technique",
+            "id": "T1595.002",
+            "url": "https://attack.mitre.org/techniques/T1595/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--55bb4471-ff1f-43b4-88c1-c9384ec47abf",
+            "name": "Cloud API",
+            "type": "technique",
+            "id": "T1059.009",
+            "url": "https://attack.mitre.org/techniques/T1059/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--55fc4df0-b42c-479a-b860-7a6761bcaad0",
+            "name": "Search Open Technical Databases",
+            "type": "technique",
+            "id": "T1596",
+            "url": "https://attack.mitre.org/techniques/T1596",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--564998d8-ab3e-4123-93fb-eccaa6b9714a",
+            "name": "Rogue Domain Controller",
+            "type": "technique",
+            "id": "T1207",
+            "url": "https://attack.mitre.org/techniques/T1207",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--565275d5-fcc3-4b66-b4e7-928e4cac6b8c",
+            "name": "Code Signing Policy Modification",
+            "type": "technique",
+            "id": "T1553.006",
+            "url": "https://attack.mitre.org/techniques/T1553/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
+            "name": "Deploy Container",
+            "type": "technique",
+            "id": "T1610",
+            "url": "https://attack.mitre.org/techniques/T1610",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--56fca983-1cf1-4fd1-bda0-5e170a37ab59",
+            "name": "File Deletion",
+            "type": "technique",
+            "id": "T1107",
+            "url": "https://attack.mitre.org/techniques/T1107",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--56ff457d-5e39-492b-974c-dfd2b8603ffe",
+            "name": "Private Keys",
+            "type": "technique",
+            "id": "T1145",
+            "url": "https://attack.mitre.org/techniques/T1145",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--57340c81-c025-4189-8fa0-fc7ede51bae4",
+            "name": "Modify Registry",
+            "type": "technique",
+            "id": "T1112",
+            "url": "https://attack.mitre.org/techniques/T1112",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--573ad264-1371-4ae0-8482-d2673b719dba",
+            "name": "Launch Daemon",
+            "type": "technique",
+            "id": "T1543.004",
+            "url": "https://attack.mitre.org/techniques/T1543/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
+            "name": "Cloud Infrastructure Discovery",
+            "type": "technique",
+            "id": "T1580",
+            "url": "https://attack.mitre.org/techniques/T1580",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
+            "name": "Credentials from Web Browsers",
+            "type": "technique",
+            "id": "T1555.003",
+            "url": "https://attack.mitre.org/techniques/T1555/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--58af3705-8740-4c68-9329-ec015a7013c2",
+            "name": "Path Interception by Search Order Hijacking",
+            "type": "technique",
+            "id": "T1574.008",
+            "url": "https://attack.mitre.org/techniques/T1574/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5909f20f-3c39-4795-be06-ef1ea40d350b",
+            "name": "Defacement",
+            "type": "technique",
+            "id": "T1491",
+            "url": "https://attack.mitre.org/techniques/T1491",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--59bd0dec-f8b2-4b9a-9141-37a1e6899761",
+            "name": "Unused/Unsupported Cloud Regions",
+            "type": "technique",
+            "id": "T1535",
+            "url": "https://attack.mitre.org/techniques/T1535",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--59ff91cd-1430-4075-8563-e6f15f4f9ff5",
+            "name": "DHCP Spoofing",
+            "type": "technique",
+            "id": "T1557.003",
+            "url": "https://attack.mitre.org/techniques/T1557/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5ad95aaa-49c1-4784-821d-2e83f47b079b",
+            "name": "AppleScript",
+            "type": "technique",
+            "id": "T1155",
+            "url": "https://attack.mitre.org/techniques/T1155",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
+            "name": "Remote Service Session Hijacking",
+            "type": "technique",
+            "id": "T1563",
+            "url": "https://attack.mitre.org/techniques/T1563",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5bfccc3f-2326-4112-86cc-c1ece9d8a2b5",
+            "name": "Binary Padding",
+            "type": "technique",
+            "id": "T1027.001",
+            "url": "https://attack.mitre.org/techniques/T1027/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
+            "name": "Web Shell",
+            "type": "technique",
+            "id": "T1505.003",
+            "url": "https://attack.mitre.org/techniques/T1505/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5d2be8b9-d24c-4e98-83bf-2f5f79477163",
+            "name": "Group Policy Modification",
+            "type": "technique",
+            "id": "T1484.001",
+            "url": "https://attack.mitre.org/techniques/T1484/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5e4a2073-9643-44cb-a0b5-e7f4048446c7",
+            "name": "Browser Information Discovery",
+            "type": "technique",
+            "id": "T1217",
+            "url": "https://attack.mitre.org/techniques/T1217",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--60b508a1-6a5e-46b1-821a-9f7b78752abf",
+            "name": "Private Keys",
+            "type": "technique",
+            "id": "T1552.004",
+            "url": "https://attack.mitre.org/techniques/T1552/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--60c4b628-4807-4b0b-bbf5-fdac8643c337",
+            "name": "Server",
+            "type": "technique",
+            "id": "T1583.004",
+            "url": "https://attack.mitre.org/techniques/T1583/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
+            "name": "Windows Remote Management",
+            "type": "technique",
+            "id": "T1021.006",
+            "url": "https://attack.mitre.org/techniques/T1021/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--613d08bc-e8f4-4791-80b0-c8b974340dfd",
+            "name": "Exfiltration Over Bluetooth",
+            "type": "technique",
+            "id": "T1011.001",
+            "url": "https://attack.mitre.org/techniques/T1011/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6151cbea-819b-455a-9fa6-99a1cc58797d",
+            "name": "Default Accounts",
+            "type": "technique",
+            "id": "T1078.001",
+            "url": "https://attack.mitre.org/techniques/T1078/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--61afc315-860c-4364-825d-0d62b2e91edc",
+            "name": "Time Providers",
+            "type": "technique",
+            "id": "T1547.003",
+            "url": "https://attack.mitre.org/techniques/T1547/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--62166220-e498-410f-a90a-19d4339d4e99",
+            "name": "Image File Execution Options Injection",
+            "type": "technique",
+            "id": "T1183",
+            "url": "https://attack.mitre.org/techniques/T1183",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--62b8c999-dcc0-4755-bd69-09442d9359f5",
+            "name": "Rundll32",
+            "type": "technique",
+            "id": "T1085",
+            "url": "https://attack.mitre.org/techniques/T1085",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--62dfd1ca-52d5-483c-a84b-d6e80bf94b7b",
+            "name": "Modify Existing Service",
+            "type": "technique",
+            "id": "T1031",
+            "url": "https://attack.mitre.org/techniques/T1031",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--63220765-d418-44de-8fae-694b3912317d",
+            "name": "Trap",
+            "type": "technique",
+            "id": "T1546.005",
+            "url": "https://attack.mitre.org/techniques/T1546/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--633a100c-b2c9-41bf-9be5-905c1b16c825",
+            "name": "Dynamic Linker Hijacking",
+            "type": "technique",
+            "id": "T1574.006",
+            "url": "https://attack.mitre.org/techniques/T1574/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--635cbe30-392d-4e27-978e-66774357c762",
+            "name": "Local Account",
+            "type": "technique",
+            "id": "T1136.001",
+            "url": "https://attack.mitre.org/techniques/T1136/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--64196062-5210-42c3-9a02-563a0d1797ef",
+            "name": "Communication Through Removable Media",
+            "type": "technique",
+            "id": "T1092",
+            "url": "https://attack.mitre.org/techniques/T1092",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6495ae23-3ab4-43c5-a94f-5638a2c31fd2",
+            "name": "Clear Windows Event Logs",
+            "type": "technique",
+            "id": "T1070.001",
+            "url": "https://attack.mitre.org/techniques/T1070/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--65013dd2-bc61-43e3-afb5-a14c4fa7437a",
+            "name": "Email Accounts",
+            "type": "technique",
+            "id": "T1585.002",
+            "url": "https://attack.mitre.org/techniques/T1585/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--650c784b-7504-4df7-ab2c-4ea882384d1e",
+            "name": "LLMNR/NBT-NS Poisoning and SMB Relay",
+            "type": "technique",
+            "id": "T1557.001",
+            "url": "https://attack.mitre.org/techniques/T1557/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--65917ae0-b854-4139-83fe-bf2441cf0196",
+            "name": "File and Directory Permissions Modification",
+            "type": "technique",
+            "id": "T1222",
+            "url": "https://attack.mitre.org/techniques/T1222",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--65f2d882-3f41-4d48-8a06-29af77ec9f90",
+            "name": "LSASS Memory",
+            "type": "technique",
+            "id": "T1003.001",
+            "url": "https://attack.mitre.org/techniques/T1003/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6636bc83-0611-45a6-b74f-1f3daf635b8e",
+            "name": "At (Linux)",
+            "type": "technique",
+            "id": "T1053.001",
+            "url": "https://attack.mitre.org/techniques/T1053/001",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--66f73398-8394-4711-85e5-34c8540b22a5",
+            "name": "Hooking",
+            "type": "technique",
+            "id": "T1179",
+            "url": "https://attack.mitre.org/techniques/T1179",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--67073dde-d720-45ae-83da-b12d5e73ca3b",
+            "name": "Active Scanning",
+            "type": "technique",
+            "id": "T1595",
+            "url": "https://attack.mitre.org/techniques/T1595",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6747daa2-3533-4e78-8fb8-446ebb86448a",
+            "name": "Plist Modification",
+            "type": "technique",
+            "id": "T1547.011",
+            "url": "https://attack.mitre.org/techniques/T1547/011",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--67720091-eee3-4d2d-ae16-8264567f6f5b",
+            "name": "Abuse Elevation Control Mechanism",
+            "type": "technique",
+            "id": "T1548",
+            "url": "https://attack.mitre.org/techniques/T1548",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--677569f9-a8b0-459e-ab24-7f18091fa7bf",
+            "name": "Create Process with Token",
+            "type": "technique",
+            "id": "T1134.002",
+            "url": "https://attack.mitre.org/techniques/T1134/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6831414d-bb70-42b7-8030-d4e06b2660c9",
+            "name": "Setuid and Setgid",
+            "type": "technique",
+            "id": "T1548.001",
+            "url": "https://attack.mitre.org/techniques/T1548/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6836813e-8ec8-4375-b459-abb388cb1a35",
+            "name": "Winlogon Helper DLL",
+            "type": "technique",
+            "id": "T1547.004",
+            "url": "https://attack.mitre.org/techniques/T1547/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6856ddd6-2df3-4379-8b87-284603c189c3",
+            "name": "System Firmware",
+            "type": "technique",
+            "id": "T1019",
+            "url": "https://attack.mitre.org/techniques/T1019",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--68a0c5ed-bee2-4513-830d-5b0d650139bd",
+            "name": "Distributed Component Object Model",
+            "type": "technique",
+            "id": "T1021.003",
+            "url": "https://attack.mitre.org/techniques/T1021/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--68c96494-1a50-403e-8844-69a6af278c68",
+            "name": "Change Default File Association",
+            "type": "technique",
+            "id": "T1042",
+            "url": "https://attack.mitre.org/techniques/T1042",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
+            "name": "Regsvr32",
+            "type": "technique",
+            "id": "T1117",
+            "url": "https://attack.mitre.org/techniques/T1117",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--692074ae-bb62-4a5e-a735-02cb6bde458c",
+            "name": "Password Spraying",
+            "type": "technique",
+            "id": "T1110.003",
+            "url": "https://attack.mitre.org/techniques/T1110/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
+            "name": "External Proxy",
+            "type": "technique",
+            "id": "T1090.002",
+            "url": "https://attack.mitre.org/techniques/T1090/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--69e5226d-05dc-4f15-95d7-44f5ed78d06e",
+            "name": "Web Portal Capture",
+            "type": "technique",
+            "id": "T1056.003",
+            "url": "https://attack.mitre.org/techniques/T1056/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--69f897fd-12a9-4c89-ad6a-46d2f3c38262",
+            "name": "Email Addresses",
+            "type": "technique",
+            "id": "T1589.002",
+            "url": "https://attack.mitre.org/techniques/T1589/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6a3be63a-64c5-4678-a036-03ff8fc35300",
+            "name": "Re-opened Applications",
+            "type": "technique",
+            "id": "T1164",
+            "url": "https://attack.mitre.org/techniques/T1164",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df",
+            "name": "Indicator Blocking",
+            "type": "technique",
+            "id": "T1054",
+            "url": "https://attack.mitre.org/techniques/T1054",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6aabc5ec-eae6-422c-8311-38d45ee9838a",
+            "name": "Redundant Access",
+            "type": "technique",
+            "id": "T1108",
+            "url": "https://attack.mitre.org/techniques/T1108",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
+            "name": "Spearphishing Attachment",
+            "type": "technique",
+            "id": "T1193",
+            "url": "https://attack.mitre.org/techniques/T1193",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6add2ab5-2711-4e9d-87c8-7a0be8531530",
+            "name": "Cached Domain Credentials",
+            "type": "technique",
+            "id": "T1003.005",
+            "url": "https://attack.mitre.org/techniques/T1003/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6b57dc31-b814-4a03-8706-28bc20d739c4",
+            "name": "SSH Authorized Keys",
+            "type": "technique",
+            "id": "T1098.004",
+            "url": "https://attack.mitre.org/techniques/T1098/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6be14413-578e-46c1-8304-310762b3ecd5",
+            "name": "Kernel Modules and Extensions",
+            "type": "technique",
+            "id": "T1215",
+            "url": "https://attack.mitre.org/techniques/T1215",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6c174520-beea-43d9-aac6-28fb77f3e446",
+            "name": "Security Support Provider",
+            "type": "technique",
+            "id": "T1101",
+            "url": "https://attack.mitre.org/techniques/T1101",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6c2957f9-502a-478c-b1dd-d626c0659413",
+            "name": "Network Security Appliances",
+            "type": "technique",
+            "id": "T1590.006",
+            "url": "https://attack.mitre.org/techniques/T1590/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6d4a7fb3-5a24-42be-ae61-6728a2b581f6",
+            "name": "Image File Execution Options Injection",
+            "type": "technique",
+            "id": "T1546.012",
+            "url": "https://attack.mitre.org/techniques/T1546/012",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6e3bd510-6b33-41a4-af80-2d80f3ee0071",
+            "name": "Odbcconf",
+            "type": "technique",
+            "id": "T1218.008",
+            "url": "https://attack.mitre.org/techniques/T1218/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6e561441-8431-4773-a9b8-ccf28ef6a968",
+            "name": "Search Engines",
+            "type": "technique",
+            "id": "T1593.002",
+            "url": "https://attack.mitre.org/techniques/T1593/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6e6845c2-347a-4a6f-a2d1-b74a18ebd352",
+            "name": "LSASS Driver",
+            "type": "technique",
+            "id": "T1177",
+            "url": "https://attack.mitre.org/techniques/T1177",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6ee2dc99-91ad-4534-a7d8-a649358c331f",
+            "name": "Business Relationships",
+            "type": "technique",
+            "id": "T1591.002",
+            "url": "https://attack.mitre.org/techniques/T1591/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6faf650d-bf31-4eb4-802d-1000cf38efaf",
+            "name": "Video Capture",
+            "type": "technique",
+            "id": "T1125",
+            "url": "https://attack.mitre.org/techniques/T1125",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6fb6408c-0db3-41d9-a3a1-a32e5f16454e",
+            "name": "Gatekeeper Bypass",
+            "type": "technique",
+            "id": "T1144",
+            "url": "https://attack.mitre.org/techniques/T1144",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6ff403bc-93e3-48be-8687-e102fdba8c88",
+            "name": "Software Packing",
+            "type": "technique",
+            "id": "T1045",
+            "url": "https://attack.mitre.org/techniques/T1045",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--7007935a-a8a7-4c0b-bd98-4e85be8ed197",
+            "name": "Process Doppelgänging",
+            "type": "technique",
+            "id": "T1055.013",
+            "url": "https://attack.mitre.org/techniques/T1055/013",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--707399d6-ab3e-4963-9315-d9d3818cd6a0",
+            "name": "System Network Configuration Discovery",
+            "type": "technique",
+            "id": "T1016",
+            "url": "https://attack.mitre.org/techniques/T1016",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--70857657-bd0b-4695-ad3e-b13f92cac1b4",
+            "name": "Delete Cloud Instance",
+            "type": "technique",
+            "id": "T1578.003",
+            "url": "https://attack.mitre.org/techniques/T1578/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--70910fbd-58dc-4c1c-8c48-814d11fcd022",
+            "name": "Code Repositories",
+            "type": "technique",
+            "id": "T1593.003",
+            "url": "https://attack.mitre.org/techniques/T1593/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--70d81154-b187-45f9-8ec5-295d01255979",
+            "name": "Executable Installer File Permissions Weakness",
+            "type": "technique",
+            "id": "T1574.005",
+            "url": "https://attack.mitre.org/techniques/T1574/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
+            "name": "Accessibility Features",
+            "type": "technique",
+            "id": "T1546.008",
+            "url": "https://attack.mitre.org/techniques/T1546/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--723e3a2b-ca0d-4daa-ada8-82ea35d3733a",
+            "name": "PowerShell Profile",
+            "type": "technique",
+            "id": "T1504",
+            "url": "https://attack.mitre.org/techniques/T1504",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--72b5ef57-325c-411b-93ca-a3ca6fa17e31",
+            "name": "SIP and Trust Provider Hijacking",
+            "type": "technique",
+            "id": "T1198",
+            "url": "https://attack.mitre.org/techniques/T1198",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--72b74d71-8169-42aa-92e0-e7b04b9f5a08",
+            "name": "Account Discovery",
+            "type": "technique",
+            "id": "T1087",
+            "url": "https://attack.mitre.org/techniques/T1087",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--731f4f55-b6d0-41d1-a7a9-072a66389aea",
+            "name": "Proxy",
+            "type": "technique",
+            "id": "T1090",
+            "url": "https://attack.mitre.org/techniques/T1090",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7385dfaf-6886-4229-9ecd-6fd678040830",
+            "name": "Command and Scripting Interpreter",
+            "type": "technique",
+            "id": "T1059",
+            "url": "https://attack.mitre.org/techniques/T1059",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--74d2a63f-3c7b-4852-92da-02d8fbab16da",
+            "name": "Indicator Blocking",
+            "type": "technique",
+            "id": "T1562.006",
+            "url": "https://attack.mitre.org/techniques/T1562/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7610cada-1499-41a4-b3dd-46467b68d177",
+            "name": "Domain Account",
+            "type": "technique",
+            "id": "T1136.002",
+            "url": "https://attack.mitre.org/techniques/T1136/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--76551c52-b111-4884-bc47-ff3e728f0156",
+            "name": "Employee Names",
+            "type": "technique",
+            "id": "T1589.003",
+            "url": "https://attack.mitre.org/techniques/T1589/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--767dbf9e-df3f-45cb-8998-4903ab5f80c0",
+            "name": "Domain Trust Discovery",
+            "type": "technique",
+            "id": "T1482",
+            "url": "https://attack.mitre.org/techniques/T1482",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--768dce68-8d0d-477a-b01d-0eea98b963a1",
+            "name": "Golden Ticket",
+            "type": "technique",
+            "id": "T1558.001",
+            "url": "https://attack.mitre.org/techniques/T1558/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--772bc7a8-a157-42cc-8728-d648e25c7fe7",
+            "name": "Component Object Model and Distributed COM",
+            "type": "technique",
+            "id": "T1175",
+            "url": "https://attack.mitre.org/techniques/T1175",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
+            "name": "Automated Exfiltration",
+            "type": "technique",
+            "id": "T1020",
+            "url": "https://attack.mitre.org/techniques/T1020",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--774ad5bb-2366-4c13-a8a9-65e50b292e7c",
+            "name": "Client Configurations",
+            "type": "technique",
+            "id": "T1592.004",
+            "url": "https://attack.mitre.org/techniques/T1592/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--77532a55-c283-4cd2-bc5d-2d0b65e9d88c",
+            "name": "Disable or Modify Cloud Firewall",
+            "type": "technique",
+            "id": "T1562.007",
+            "url": "https://attack.mitre.org/techniques/T1562/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--77eae145-55db-4519-8ae5-77b0c7215d69",
+            "name": "Right-to-Left Override",
+            "type": "technique",
+            "id": "T1036.002",
+            "url": "https://attack.mitre.org/techniques/T1036/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7807d3a4-a885-4639-a786-c1ed41484970",
+            "name": "Malware",
+            "type": "technique",
+            "id": "T1588.001",
+            "url": "https://attack.mitre.org/techniques/T1588/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--791481f8-e96a-41be-b089-a088763083d4",
+            "name": "Component Firmware",
+            "type": "technique",
+            "id": "T1542.002",
+            "url": "https://attack.mitre.org/techniques/T1542/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--799ace7f-e227-4411-baa0-8868704f2a69",
+            "name": "Indicator Removal",
+            "type": "technique",
+            "id": "T1070",
+            "url": "https://attack.mitre.org/techniques/T1070",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--79a4052e-1a89-4b09-aea6-51f1d11fe19c",
+            "name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
+            "type": "technique",
+            "id": "T1048.001",
+            "url": "https://attack.mitre.org/techniques/T1048/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--79a47ad0-fc3b-4821-9f01-a026b1ddba21",
+            "name": "Office Template Macros",
+            "type": "technique",
+            "id": "T1137.001",
+            "url": "https://attack.mitre.org/techniques/T1137/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--79da0971-3147-4af6-a4f5-e8cd447cd795",
+            "name": "Virtual Private Server",
+            "type": "technique",
+            "id": "T1583.003",
+            "url": "https://attack.mitre.org/techniques/T1583/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7ad38ef1-381a-406d-872a-38b136eb5ecc",
+            "name": "Confluence",
+            "type": "technique",
+            "id": "T1213.001",
+            "url": "https://attack.mitre.org/techniques/T1213/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7b211ac6-c815-4189-93a9-ab415deca926",
+            "name": "Pass the Ticket",
+            "type": "technique",
+            "id": "T1550.003",
+            "url": "https://attack.mitre.org/techniques/T1550/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7b50a1d3-4ca7-45d1-989d-a6503f04bfe1",
+            "name": "Container Administration Command",
+            "type": "technique",
+            "id": "T1609",
+            "url": "https://attack.mitre.org/techniques/T1609",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7bc57495-ea59-4380-be31-a64af124ef18",
+            "name": "File and Directory Discovery",
+            "type": "technique",
+            "id": "T1083",
+            "url": "https://attack.mitre.org/techniques/T1083",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7bd9c723-2f78-4309-82c5-47cad406572b",
+            "name": "Dynamic Resolution",
+            "type": "technique",
+            "id": "T1568",
+            "url": "https://attack.mitre.org/techniques/T1568",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
+            "name": "Masquerade Task or Service",
+            "type": "technique",
+            "id": "T1036.004",
+            "url": "https://attack.mitre.org/techniques/T1036/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7c0f17c9-1af6-4628-9cbd-9e45482dd605",
+            "name": "Asynchronous Procedure Call",
+            "type": "technique",
+            "id": "T1055.004",
+            "url": "https://attack.mitre.org/techniques/T1055/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7c46b364-8496-4234-8a56-f7e6727e21e1",
+            "name": "Traffic Duplication",
+            "type": "technique",
+            "id": "T1020.001",
+            "url": "https://attack.mitre.org/techniques/T1020/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7c93aa74-4bc0-4a9e-90ea-f25f86301566",
+            "name": "Application Shimming",
+            "type": "technique",
+            "id": "T1138",
+            "url": "https://attack.mitre.org/techniques/T1138",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--7d20fff9-8751-404e-badd-ccd71bda0236",
+            "name": "Plist File Modification",
+            "type": "technique",
+            "id": "T1647",
+            "url": "https://attack.mitre.org/techniques/T1647",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
+            "name": "AppCert DLLs",
+            "type": "technique",
+            "id": "T1546.009",
+            "url": "https://attack.mitre.org/techniques/T1546/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7d6f590f-544b-45b4-9a42-e0805f342af3",
+            "name": "CMSTP",
+            "type": "technique",
+            "id": "T1191",
+            "url": "https://attack.mitre.org/techniques/T1191",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--7d751199-05fa-4a72-920f-85df4506c76c",
+            "name": "Multi-hop Proxy",
+            "type": "technique",
+            "id": "T1188",
+            "url": "https://attack.mitre.org/techniques/T1188",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--7d77a07d-02fe-4e88-8bd9-e9c008c01bf0",
+            "name": "Email Forwarding Rule",
+            "type": "technique",
+            "id": "T1114.003",
+            "url": "https://attack.mitre.org/techniques/T1114/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7dd95ff6-712e-4056-9626-312ea4ab4c5e",
+            "name": "Data Staged",
+            "type": "technique",
+            "id": "T1074",
+            "url": "https://attack.mitre.org/techniques/T1074",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7de1f7ac-5d0c-4c9c-8873-627202205331",
+            "name": "Steal or Forge Authentication Certificates",
+            "type": "technique",
+            "id": "T1649",
+            "url": "https://attack.mitre.org/techniques/T1649",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7decb26c-715c-40cf-b7e0-026f7d7cc215",
+            "name": "Device Registration",
+            "type": "technique",
+            "id": "T1098.005",
+            "url": "https://attack.mitre.org/techniques/T1098/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475",
+            "name": "System Network Connections Discovery",
+            "type": "technique",
+            "id": "T1049",
+            "url": "https://attack.mitre.org/techniques/T1049",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
+            "name": "Compromise Infrastructure",
+            "type": "technique",
+            "id": "T1584",
+            "url": "https://attack.mitre.org/techniques/T1584",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7e7c2fba-7cca-486c-9582-4c1bb2851961",
+            "name": "Mark-of-the-Web Bypass",
+            "type": "technique",
+            "id": "T1553.005",
+            "url": "https://attack.mitre.org/techniques/T1553/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7efba77e-3bc4-4ca5-8292-d8201dcd64b5",
+            "name": "Disable Crypto Hardware",
+            "type": "technique",
+            "id": "T1600.002",
+            "url": "https://attack.mitre.org/techniques/T1600/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
+            "name": "Pre-OS Boot",
+            "type": "technique",
+            "id": "T1542",
+            "url": "https://attack.mitre.org/techniques/T1542",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7fd87010-3a00-4da3-b905-410525e8ec44",
+            "name": "Scripting",
+            "type": "technique",
+            "id": "T1064",
+            "url": "https://attack.mitre.org/techniques/T1064",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--800f9819-7007-4540-a520-40e655876800",
+            "name": "Build Image on Host",
+            "type": "technique",
+            "id": "T1612",
+            "url": "https://attack.mitre.org/techniques/T1612",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--804c042c-cfe6-449e-bc1a-ba0a998a70db",
+            "name": "Shared Webroot",
+            "type": "technique",
+            "id": "T1051",
+            "url": "https://attack.mitre.org/techniques/T1051",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--806a49c4-970d-43f9-9acc-ac0ee11e6662",
+            "name": "Portable Executable Injection",
+            "type": "technique",
+            "id": "T1055.002",
+            "url": "https://attack.mitre.org/techniques/T1055/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--808e6329-ca91-4b87-ac2d-8eadc5f8f327",
+            "name": "Verclsid",
+            "type": "technique",
+            "id": "T1218.012",
+            "url": "https://attack.mitre.org/techniques/T1218/012",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--81033c3b-16a4-46e4-8fed-9b030dd03c4a",
+            "name": "Compromise Accounts",
+            "type": "technique",
+            "id": "T1586",
+            "url": "https://attack.mitre.org/techniques/T1586",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--810aa4ad-61c9-49cb-993f-daa06199421d",
+            "name": "Launchctl",
+            "type": "technique",
+            "id": "T1569.001",
+            "url": "https://attack.mitre.org/techniques/T1569/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--810d8072-afb6-4a56-9ee7-86379ac4a6f3",
+            "name": "Botnet",
+            "type": "technique",
+            "id": "T1584.005",
+            "url": "https://attack.mitre.org/techniques/T1584/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--818302b2-d640-477b-bf88-873120ce85c4",
+            "name": "Network Device CLI",
+            "type": "technique",
+            "id": "T1059.008",
+            "url": "https://attack.mitre.org/techniques/T1059/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8187bd2a-866f-4457-9009-86b0ddedffa3",
+            "name": "Bash History",
+            "type": "technique",
+            "id": "T1552.003",
+            "url": "https://attack.mitre.org/techniques/T1552/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--824add00-99a1-4b15-9a2d-6c5683b7b497",
+            "name": "Downgrade Attack",
+            "type": "technique",
+            "id": "T1562.010",
+            "url": "https://attack.mitre.org/techniques/T1562/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8252f135-ed26-4ce1-ae61-f26e94429a19",
+            "name": "XPC Services",
+            "type": "technique",
+            "id": "T1559.003",
+            "url": "https://attack.mitre.org/techniques/T1559/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--82caa33e-d11a-433a-94ea-9b5a5fbef81d",
+            "name": "Virtualization/Sandbox Evasion",
+            "type": "technique",
+            "id": "T1497",
+            "url": "https://attack.mitre.org/techniques/T1497",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--830c9528-df21-472c-8c14-a036bf17d665",
+            "name": "Web Service",
+            "type": "technique",
+            "id": "T1102",
+            "url": "https://attack.mitre.org/techniques/T1102",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--837f9164-50af-4ac0-8219-379d8a74cefc",
+            "name": "Credentials In Files",
+            "type": "technique",
+            "id": "T1552.001",
+            "url": "https://attack.mitre.org/techniques/T1552/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--83a766f8-1501-4b3a-a2de-2e2849e8dfc1",
+            "name": "DNS Calculation",
+            "type": "technique",
+            "id": "T1568.003",
+            "url": "https://attack.mitre.org/techniques/T1568/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--840a987a-99bd-4a80-a5c9-0cb2baa6cade",
+            "name": "Mshta",
+            "type": "technique",
+            "id": "T1218.005",
+            "url": "https://attack.mitre.org/techniques/T1218/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--84601337-6a55-4ad7-9c35-79e0d1ea2ab3",
+            "name": "Login Items",
+            "type": "technique",
+            "id": "T1547.015",
+            "url": "https://attack.mitre.org/techniques/T1547/015",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--84771bc3-f6a0-403e-b144-01af70e5fda0",
+            "name": "Stage Capabilities",
+            "type": "technique",
+            "id": "T1608",
+            "url": "https://attack.mitre.org/techniques/T1608",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--84ae8255-b4f4-4237-b5c5-e717405a9701",
+            "name": "Link Target",
+            "type": "technique",
+            "id": "T1608.005",
+            "url": "https://attack.mitre.org/techniques/T1608/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--84e02621-8fdf-470f-bd58-993bb6a89d91",
+            "name": "Multi-Stage Channels",
+            "type": "technique",
+            "id": "T1104",
+            "url": "https://attack.mitre.org/techniques/T1104",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--853c4192-4311-43e1-bfbb-b11b14911852",
+            "name": "Execution Guardrails",
+            "type": "technique",
+            "id": "T1480",
+            "url": "https://attack.mitre.org/techniques/T1480",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8565825b-21c8-4518-b75e-cbc4c717a156",
+            "name": "Cloud Storage Object Discovery",
+            "type": "technique",
+            "id": "T1619",
+            "url": "https://attack.mitre.org/techniques/T1619",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a",
+            "name": "Web Cookies",
+            "type": "technique",
+            "id": "T1606.001",
+            "url": "https://attack.mitre.org/techniques/T1606/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--86850eff-2729-40c3-b85e-c4af26da4a2d",
+            "name": "Token Impersonation/Theft",
+            "type": "technique",
+            "id": "T1134.001",
+            "url": "https://attack.mitre.org/techniques/T1134/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--86a96bf6-cf8b-411c-aaeb-8959944d64f7",
+            "name": "Exfiltration to Code Repository",
+            "type": "technique",
+            "id": "T1567.001",
+            "url": "https://attack.mitre.org/techniques/T1567/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8861073d-d1b8-4941-82ce-dce621d398f0",
+            "name": "Cloud Services",
+            "type": "technique",
+            "id": "T1021.007",
+            "url": "https://attack.mitre.org/techniques/T1021/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8868cb5b-d575-4a60-acb2-07d37389a2fd",
+            "name": "Port Knocking",
+            "type": "technique",
+            "id": "T1205.001",
+            "url": "https://attack.mitre.org/techniques/T1205/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--88d31120-5bc7-4ce3-a9c0-7cf147be8e54",
+            "name": "Web Services",
+            "type": "technique",
+            "id": "T1583.006",
+            "url": "https://attack.mitre.org/techniques/T1583/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--890c9858-598c-401d-a4d5-c67ebcdd703a",
+            "name": "Steal Application Access Token",
+            "type": "technique",
+            "id": "T1528",
+            "url": "https://attack.mitre.org/techniques/T1528",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8982a661-d84c-48c0-b4ec-1db29c6cf3bc",
+            "name": "Spearphishing Attachment",
+            "type": "technique",
+            "id": "T1598.002",
+            "url": "https://attack.mitre.org/techniques/T1598/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
+            "name": "Additional Cloud Credentials",
+            "type": "technique",
+            "id": "T1098.001",
+            "url": "https://attack.mitre.org/techniques/T1098/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
+            "name": "User Execution",
+            "type": "technique",
+            "id": "T1204",
+            "url": "https://attack.mitre.org/techniques/T1204",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8c41090b-aa47-4331-986b-8c9a51a91103",
+            "name": "Internal Defacement",
+            "type": "technique",
+            "id": "T1491.001",
+            "url": "https://attack.mitre.org/techniques/T1491/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
+            "name": "Hidden Users",
+            "type": "technique",
+            "id": "T1564.002",
+            "url": "https://attack.mitre.org/techniques/T1564/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8cdeb020-e31e-4f88-a582-f53dcfbda819",
+            "name": "Make and Impersonate Token",
+            "type": "technique",
+            "id": "T1134.003",
+            "url": "https://attack.mitre.org/techniques/T1134/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
+            "name": "Group Policy Preferences",
+            "type": "technique",
+            "id": "T1552.006",
+            "url": "https://attack.mitre.org/techniques/T1552/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8df54627-376c-487c-a09c-7d2b5620f56e",
+            "name": "Control Panel Items",
+            "type": "technique",
+            "id": "T1196",
+            "url": "https://attack.mitre.org/techniques/T1196",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
+            "name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
+            "type": "technique",
+            "id": "T1048.002",
+            "url": "https://attack.mitre.org/techniques/T1048/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8f104855-e5b7-4077-b1f5-bc3103b41abe",
+            "name": "Cloud Account",
+            "type": "technique",
+            "id": "T1087.004",
+            "url": "https://attack.mitre.org/techniques/T1087/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
+            "name": "Process Discovery",
+            "type": "technique",
+            "id": "T1057",
+            "url": "https://attack.mitre.org/techniques/T1057",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8f504411-cb96-4dac-a537-8d2bb7679c59",
+            "name": "Impair Command History Logging",
+            "type": "technique",
+            "id": "T1562.003",
+            "url": "https://attack.mitre.org/techniques/T1562/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8faedf87-dceb-4c35-b2a2-7286f59a3bc3",
+            "name": "Launchd",
+            "type": "technique",
+            "id": "T1053.004",
+            "url": "https://attack.mitre.org/techniques/T1053/004",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--90c4a591-d02d-490b-92aa-619d9701ac04",
+            "name": "Network Provider DLL",
+            "type": "technique",
+            "id": "T1556.008",
+            "url": "https://attack.mitre.org/techniques/T1556/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--910906dd-8c0a-475a-9cc1-5e029e2fad58",
+            "name": "Windows Management Instrumentation Event Subscription",
+            "type": "technique",
+            "id": "T1546.003",
+            "url": "https://attack.mitre.org/techniques/T1546/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--91177e6d-b616-4a03-ba4b-f3b32f7dda75",
+            "name": "CDNs",
+            "type": "technique",
+            "id": "T1596.004",
+            "url": "https://attack.mitre.org/techniques/T1596/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--91541e7e-b969-40c6-bbd8-1b5352ec2938",
+            "name": "User Activity Based Checks",
+            "type": "technique",
+            "id": "T1497.002",
+            "url": "https://attack.mitre.org/techniques/T1497/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--91ce1ede-107f-4d8b-bf4c-735e8789c94b",
+            "name": "Input Prompt",
+            "type": "technique",
+            "id": "T1141",
+            "url": "https://attack.mitre.org/techniques/T1141",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5",
+            "name": "Cloud Accounts",
+            "type": "technique",
+            "id": "T1585.003",
+            "url": "https://attack.mitre.org/techniques/T1585/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--92a78814-b191-47ca-909c-1ccfe3777414",
+            "name": "Software Deployment Tools",
+            "type": "technique",
+            "id": "T1072",
+            "url": "https://attack.mitre.org/techniques/T1072",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--92d7da27-2d91-488e-a00c-059dc162766d",
+            "name": "Exfiltration Over C2 Channel",
+            "type": "technique",
+            "id": "T1041",
+            "url": "https://attack.mitre.org/techniques/T1041",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--93591901-3172-4e94-abf8-6034ab26f44a",
+            "name": "Parent PID Spoofing",
+            "type": "technique",
+            "id": "T1134.004",
+            "url": "https://attack.mitre.org/techniques/T1134/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--937e4772-8441-4e4a-8bf0-8d447d667e23",
+            "name": "Gather Victim Org Information",
+            "type": "technique",
+            "id": "T1591",
+            "url": "https://attack.mitre.org/techniques/T1591",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9422fc14-1c43-410d-ab0f-a709b76c72dc",
+            "name": "Registry Run Keys / Startup Folder",
+            "type": "technique",
+            "id": "T1060",
+            "url": "https://attack.mitre.org/techniques/T1060",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--94cb00a4-b295-4d06-aa2b-5653b9c1be9c",
+            "name": "Forge Web Credentials",
+            "type": "technique",
+            "id": "T1606",
+            "url": "https://attack.mitre.org/techniques/T1606",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--954a1639-f2d6-407d-aef3-4917622ca493",
+            "name": "Multi-Factor Authentication Request Generation",
+            "type": "technique",
+            "id": "T1621",
+            "url": "https://attack.mitre.org/techniques/T1621",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--960c3c86-1480-4d72-b4e0-8c242e84a5c5",
+            "name": "Compromise Client Software Binary",
+            "type": "technique",
+            "id": "T1554",
+            "url": "https://attack.mitre.org/techniques/T1554",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9664ad0e-789e-40ac-82e2-d7b17fbe8fb3",
+            "name": "Chat Messages",
+            "type": "technique",
+            "id": "T1552.008",
+            "url": "https://attack.mitre.org/techniques/T1552/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--970a3432-3237-47ad-bcca-7d8cbb217736",
+            "name": "PowerShell",
+            "type": "technique",
+            "id": "T1059.001",
+            "url": "https://attack.mitre.org/techniques/T1059/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--970cdb5c-02fb-4c38-b17e-d6327cf3c810",
+            "name": "Shortcut Modification",
+            "type": "technique",
+            "id": "T1023",
+            "url": "https://attack.mitre.org/techniques/T1023",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--98034fef-d9fb-4667-8dc4-2eab6231724c",
+            "name": "Change Default File Association",
+            "type": "technique",
+            "id": "T1546.001",
+            "url": "https://attack.mitre.org/techniques/T1546/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--98be40f2-c86b-4ade-b6fc-4964932040e5",
+            "name": "VDSO Hijacking",
+            "type": "technique",
+            "id": "T1055.014",
+            "url": "https://attack.mitre.org/techniques/T1055/014",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--99709758-2b96-48f2-a68a-ad7fbd828091",
+            "name": "Multiband Communication",
+            "type": "technique",
+            "id": "T1026",
+            "url": "https://attack.mitre.org/techniques/T1026",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9a60a291-8960-4387-8a4a-2ab5c18bb50b",
+            "name": "File Transfer Protocols",
+            "type": "technique",
+            "id": "T1071.002",
+            "url": "https://attack.mitre.org/techniques/T1071/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9b52fca7-1a36-4da0-b62d-da5bd83b4d69",
+            "name": "Component Object Model Hijacking",
+            "type": "technique",
+            "id": "T1122",
+            "url": "https://attack.mitre.org/techniques/T1122",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9b99b83a-1aac-4e29-b975-b374950551a3",
+            "name": "Accessibility Features",
+            "type": "technique",
+            "id": "T1015",
+            "url": "https://attack.mitre.org/techniques/T1015",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9c306d8d-cde7-4b4c-b6e8-d0bb16caca36",
+            "name": "Exploitation for Credential Access",
+            "type": "technique",
+            "id": "T1212",
+            "url": "https://attack.mitre.org/techniques/T1212",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9c45eaa3-8604-4780-8988-b5074dbb9ecd",
+            "name": "Emond",
+            "type": "technique",
+            "id": "T1546.014",
+            "url": "https://attack.mitre.org/techniques/T1546/014",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9c99724c-a483-4d60-ad9d-7f004e42e8e8",
+            "name": "One-Way Communication",
+            "type": "technique",
+            "id": "T1102.003",
+            "url": "https://attack.mitre.org/techniques/T1102/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9d48cab2-7929-4812-ad22-f536665f0109",
+            "name": "Gather Victim Network Information",
+            "type": "technique",
+            "id": "T1590",
+            "url": "https://attack.mitre.org/techniques/T1590",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9db0cf3a-a3c9-4012-8268-123b9db6fd82",
+            "name": "Exploitation of Remote Services",
+            "type": "technique",
+            "id": "T1210",
+            "url": "https://attack.mitre.org/techniques/T1210",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9ddc2534-e91c-4dab-a8f6-43dab81e8142",
+            "name": "Parent PID Spoofing",
+            "type": "technique",
+            "id": "T1502",
+            "url": "https://attack.mitre.org/techniques/T1502",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9e09ddb2-1746-4448-9cad-7f8b41777d6d",
+            "name": "Keychain",
+            "type": "technique",
+            "id": "T1142",
+            "url": "https://attack.mitre.org/techniques/T1142",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9e7452df-5144-4b6e-b04a-b66dd4016747",
+            "name": "Internal Spearphishing",
+            "type": "technique",
+            "id": "T1534",
+            "url": "https://attack.mitre.org/techniques/T1534",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9e80ddfb-ce32-4961-a778-ca6a10cfae72",
+            "name": "Sudo",
+            "type": "technique",
+            "id": "T1169",
+            "url": "https://attack.mitre.org/techniques/T1169",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd",
+            "name": "Services File Permissions Weakness",
+            "type": "technique",
+            "id": "T1574.010",
+            "url": "https://attack.mitre.org/techniques/T1574/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9efb1ea7-c37b-4595-9640-b7680cd84279",
+            "name": "Registry Run Keys / Startup Folder",
+            "type": "technique",
+            "id": "T1547.001",
+            "url": "https://attack.mitre.org/techniques/T1547/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9fa07bef-9c81-421e-a8e5-ad4366c5a925",
+            "name": "Trusted Relationship",
+            "type": "technique",
+            "id": "T1199",
+            "url": "https://attack.mitre.org/techniques/T1199",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a009cb25-4801-4116-9105-80a91cf15c1b",
+            "name": "Cloud Account",
+            "type": "technique",
+            "id": "T1136.003",
+            "url": "https://attack.mitre.org/techniques/T1136/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a01bf75f-00b2-4568-a58f-565ff9bf202b",
+            "name": "Local Groups",
+            "type": "technique",
+            "id": "T1069.001",
+            "url": "https://attack.mitre.org/techniques/T1069/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a0a189c8-d3bd-4991-bf6f-153d185ee373",
+            "name": "LC_MAIN Hijacking",
+            "type": "technique",
+            "id": "T1149",
+            "url": "https://attack.mitre.org/techniques/T1149",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a0e6614a-7740-4b24-bd65-f1bde09fc365",
+            "name": "Search Open Websites/Domains",
+            "type": "technique",
+            "id": "T1593",
+            "url": "https://attack.mitre.org/techniques/T1593",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a10641f4-87b4-45a3-a906-92a149cb2c27",
+            "name": "Account Manipulation",
+            "type": "technique",
+            "id": "T1098",
+            "url": "https://attack.mitre.org/techniques/T1098",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a127c32c-cbb0-4f9d-be07-881a792408ec",
+            "name": "Mshta",
+            "type": "technique",
+            "id": "T1170",
+            "url": "https://attack.mitre.org/techniques/T1170",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
+            "name": "Exfiltration Over Alternative Protocol",
+            "type": "technique",
+            "id": "T1048",
+            "url": "https://attack.mitre.org/techniques/T1048",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a1b52199-c8c5-438a-9ded-656f1d0888c6",
+            "name": "Kernel Modules and Extensions",
+            "type": "technique",
+            "id": "T1547.006",
+            "url": "https://attack.mitre.org/techniques/T1547/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a2029942-0a85-4947-b23c-ca434698171d",
+            "name": "GUI Input Capture",
+            "type": "technique",
+            "id": "T1056.002",
+            "url": "https://attack.mitre.org/techniques/T1056/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a257ed11-ff3b-4216-8c9d-3938ef57064c",
+            "name": "Pass the Ticket",
+            "type": "technique",
+            "id": "T1097",
+            "url": "https://attack.mitre.org/techniques/T1097",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a2fdce72-04b2-409a-ac10-cc1695f4fce0",
+            "name": "Tool",
+            "type": "technique",
+            "id": "T1588.002",
+            "url": "https://attack.mitre.org/techniques/T1588/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
+            "name": "Exfiltration over USB",
+            "type": "technique",
+            "id": "T1052.001",
+            "url": "https://attack.mitre.org/techniques/T1052/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde",
+            "name": "KernelCallbackTable",
+            "type": "technique",
+            "id": "T1574.013",
+            "url": "https://attack.mitre.org/techniques/T1574/013",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a51eb150-93b1-484b-a503-e51453b127a4",
+            "name": "Search Closed Sources",
+            "type": "technique",
+            "id": "T1597",
+            "url": "https://attack.mitre.org/techniques/T1597",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a542bac9-7bc1-4da7-9a09-96f69e23cc21",
+            "name": "Systemd Timers",
+            "type": "technique",
+            "id": "T1053.006",
+            "url": "https://attack.mitre.org/techniques/T1053/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
+            "name": "Phishing",
+            "type": "technique",
+            "id": "T1566",
+            "url": "https://attack.mitre.org/techniques/T1566",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a6525aec-acc4-47fe-92f9-b9b4de4b9228",
+            "name": "Graphical User Interface",
+            "type": "technique",
+            "id": "T1061",
+            "url": "https://attack.mitre.org/techniques/T1061",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a6557c75-798f-42e4-be70-ab4502e0a3bc",
+            "name": "ROMMONkit",
+            "type": "technique",
+            "id": "T1542.004",
+            "url": "https://attack.mitre.org/techniques/T1542/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
+            "name": "Compiled HTML File",
+            "type": "technique",
+            "id": "T1218.001",
+            "url": "https://attack.mitre.org/techniques/T1218/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
+            "name": "Network Share Connection Removal",
+            "type": "technique",
+            "id": "T1070.005",
+            "url": "https://attack.mitre.org/techniques/T1070/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a782ebe2-daba-42c7-bc82-e8e9d923162d",
+            "name": "Multi-hop Proxy",
+            "type": "technique",
+            "id": "T1090.003",
+            "url": "https://attack.mitre.org/techniques/T1090/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a93494bb-4b80-4ea1-8695-3236a49916fd",
+            "name": "Brute Force",
+            "type": "technique",
+            "id": "T1110",
+            "url": "https://attack.mitre.org/techniques/T1110",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a9d4b653-6915-42af-98b2-5758c4ceee56",
+            "name": "Unix Shell",
+            "type": "technique",
+            "id": "T1059.004",
+            "url": "https://attack.mitre.org/techniques/T1059/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a9e2cea0-c805-4bf8-9e31-f5f0513a3634",
+            "name": "Outlook Forms",
+            "type": "technique",
+            "id": "T1137.003",
+            "url": "https://attack.mitre.org/techniques/T1137/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--aa8bfbc9-78dc-41a4-a03b-7453e0fdccda",
+            "name": "Dylib Hijacking",
+            "type": "technique",
+            "id": "T1157",
+            "url": "https://attack.mitre.org/techniques/T1157",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ac08589e-ee59-4935-8667-d845e38fe579",
+            "name": "Disable or Modify Tools",
+            "type": "technique",
+            "id": "T1562.001",
+            "url": "https://attack.mitre.org/techniques/T1562/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ac9e6b22-11bf-45d7-9181-c1cb08360931",
+            "name": "Data Manipulation",
+            "type": "technique",
+            "id": "T1565",
+            "url": "https://attack.mitre.org/techniques/T1565",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--acd0ba37-7ba9-4cc5-ac61-796586cd856d",
+            "name": "Inter-Process Communication",
+            "type": "technique",
+            "id": "T1559",
+            "url": "https://attack.mitre.org/techniques/T1559",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ad255bfe-a9e6-4b52-a258-8d3462abe842",
+            "name": "Data Obfuscation",
+            "type": "technique",
+            "id": "T1001",
+            "url": "https://attack.mitre.org/techniques/T1001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c",
+            "name": "Data from Network Shared Drive",
+            "type": "technique",
+            "id": "T1039",
+            "url": "https://attack.mitre.org/techniques/T1039",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ae797531-3219-49a4-bccf-324ad7a4c7b2",
+            "name": "Web Services",
+            "type": "technique",
+            "id": "T1584.006",
+            "url": "https://attack.mitre.org/techniques/T1584/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ae7f3575-0a5e-427e-991b-fe03ad44c754",
+            "name": "Modify System Image",
+            "type": "technique",
+            "id": "T1601",
+            "url": "https://attack.mitre.org/techniques/T1601",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
+            "name": "Hijack Execution Flow",
+            "type": "technique",
+            "id": "T1574",
+            "url": "https://attack.mitre.org/techniques/T1574",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b0533c6e-8fea-4788-874f-b799cacc4b92",
+            "name": "Indicator Removal from Tools",
+            "type": "technique",
+            "id": "T1027.005",
+            "url": "https://attack.mitre.org/techniques/T1027/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b0c74ef9-c61e-4986-88cb-78da98a355ec",
+            "name": "Malicious Image",
+            "type": "technique",
+            "id": "T1204.003",
+            "url": "https://attack.mitre.org/techniques/T1204/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b17a1a56-e99c-403c-8948-561df0cffe81",
+            "name": "Valid Accounts",
+            "type": "technique",
+            "id": "T1078",
+            "url": "https://attack.mitre.org/techniques/T1078",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b18eae87-b469-4e14-b454-b171b416bc18",
+            "name": "Non-Standard Port",
+            "type": "technique",
+            "id": "T1571",
+            "url": "https://attack.mitre.org/techniques/T1571",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b1ccd744-3f78-4a0e-9bb2-2002057f7928",
+            "name": "Social Media Accounts",
+            "type": "technique",
+            "id": "T1585.001",
+            "url": "https://attack.mitre.org/techniques/T1585/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b2001907-166b-4d71-bb3c-9d26c871de09",
+            "name": "DLL Side-Loading",
+            "type": "technique",
+            "id": "T1073",
+            "url": "https://attack.mitre.org/techniques/T1073",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b200542e-e877-4395-875b-cf1a44537ca4",
+            "name": "Process Hollowing",
+            "type": "technique",
+            "id": "T1055.012",
+            "url": "https://attack.mitre.org/techniques/T1055/012",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b21c3b2d-02e6-45b1-980b-e69051040839",
+            "name": "Exploitation for Privilege Escalation",
+            "type": "technique",
+            "id": "T1068",
+            "url": "https://attack.mitre.org/techniques/T1068",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b22e5153-ac28-4cc6-865c-2054e36285cb",
+            "name": "Resource Forking",
+            "type": "technique",
+            "id": "T1564.009",
+            "url": "https://attack.mitre.org/techniques/T1564/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b24e2a20-3b3d-4bf0-823b-1ed765398fb0",
+            "name": "Account Access Removal",
+            "type": "technique",
+            "id": "T1531",
+            "url": "https://attack.mitre.org/techniques/T1531",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
+            "name": "Credential Stuffing",
+            "type": "technique",
+            "id": "T1110.004",
+            "url": "https://attack.mitre.org/techniques/T1110/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b39d03cb-7b98-41c4-a878-c40c1a913dc0",
+            "name": "Kerberoasting",
+            "type": "technique",
+            "id": "T1208",
+            "url": "https://attack.mitre.org/techniques/T1208",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
+            "name": "Obfuscated Files or Information",
+            "type": "technique",
+            "id": "T1027",
+            "url": "https://attack.mitre.org/techniques/T1027",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b4409cd8-0da9-46e1-a401-a241afd4d1cc",
+            "name": "Multi-Factor Authentication",
+            "type": "technique",
+            "id": "T1556.006",
+            "url": "https://attack.mitre.org/techniques/T1556/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b4694861-542c-48ea-9eb1-10d356e7140a",
+            "name": "Remote Email Collection",
+            "type": "technique",
+            "id": "T1114.002",
+            "url": "https://attack.mitre.org/techniques/T1114/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b46a801b-fd98-491c-a25a-bca25d6e3001",
+            "name": "IIS Components",
+            "type": "technique",
+            "id": "T1505.004",
+            "url": "https://attack.mitre.org/techniques/T1505/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b4b7458f-81f2-4d38-84be-1c5ba0167a52",
+            "name": "Invalid Code Signature",
+            "type": "technique",
+            "id": "T1036.001",
+            "url": "https://attack.mitre.org/techniques/T1036/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
+            "name": "Run Virtual Instance",
+            "type": "technique",
+            "id": "T1564.006",
+            "url": "https://attack.mitre.org/techniques/T1564/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b53dbcc6-147d-48bb-9df4-bcb8bb808ff6",
+            "name": "Trap",
+            "type": "technique",
+            "id": "T1154",
+            "url": "https://attack.mitre.org/techniques/T1154",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b6075259-dba3-44e9-87c7-e954f37ec0d5",
+            "name": "Password Policy Discovery",
+            "type": "technique",
+            "id": "T1201",
+            "url": "https://attack.mitre.org/techniques/T1201",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b6301b64-ef57-4cce-bb0b-77026f14a8db",
+            "name": "Event Triggered Execution",
+            "type": "technique",
+            "id": "T1546",
+            "url": "https://attack.mitre.org/techniques/T1546",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
+            "name": "Unix Shell Configuration Modification",
+            "type": "technique",
+            "id": "T1546.004",
+            "url": "https://attack.mitre.org/techniques/T1546/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
+            "name": "Forced Authentication",
+            "type": "technique",
+            "id": "T1187",
+            "url": "https://attack.mitre.org/techniques/T1187",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b7dc639b-24cd-482d-a7f1-8897eda21023",
+            "name": "SID-History Injection",
+            "type": "technique",
+            "id": "T1134.005",
+            "url": "https://attack.mitre.org/techniques/T1134/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b8017880-4b1e-42de-ad10-ae7ac6705166",
+            "name": "Network Boundary Bridging",
+            "type": "technique",
+            "id": "T1599",
+            "url": "https://attack.mitre.org/techniques/T1599",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b80d107d-fa0d-4b60-9684-b0433e8bdba0",
+            "name": "Data Encrypted for Impact",
+            "type": "technique",
+            "id": "T1486",
+            "url": "https://attack.mitre.org/techniques/T1486",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b82f7d37-b826-4ec9-9391-8e121c78aed7",
+            "name": "Disk Content Wipe",
+            "type": "technique",
+            "id": "T1488",
+            "url": "https://attack.mitre.org/techniques/T1488",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b83e166d-13d7-4b52-8677-dff90c548fd7",
+            "name": "Subvert Trust Controls",
+            "type": "technique",
+            "id": "T1553",
+            "url": "https://attack.mitre.org/techniques/T1553",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b84903f0-c7d5-435d-a69e-de47cc3578c0",
+            "name": "Elevated Execution with Prompt",
+            "type": "technique",
+            "id": "T1548.004",
+            "url": "https://attack.mitre.org/techniques/T1548/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d",
+            "name": "Firmware",
+            "type": "technique",
+            "id": "T1592.003",
+            "url": "https://attack.mitre.org/techniques/T1592/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b8902400-e6c5-4ba2-95aa-2d35b442b118",
+            "name": "Encrypted Channel",
+            "type": "technique",
+            "id": "T1573",
+            "url": "https://attack.mitre.org/techniques/T1573",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b8c5c9dd-a662-479d-9428-ae745872537c",
+            "name": "Password Filter DLL",
+            "type": "technique",
+            "id": "T1174",
+            "url": "https://attack.mitre.org/techniques/T1174",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b8cfed42-6a8a-4989-ad72-541af74475ec",
+            "name": "Authentication Package",
+            "type": "technique",
+            "id": "T1547.002",
+            "url": "https://attack.mitre.org/techniques/T1547/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b97f1d35-4249-4486-a6b5-ee60ccf24fab",
+            "name": "Regsvr32",
+            "type": "technique",
+            "id": "T1218.010",
+            "url": "https://attack.mitre.org/techniques/T1218/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
+            "name": "Data Compressed",
+            "type": "technique",
+            "id": "T1002",
+            "url": "https://attack.mitre.org/techniques/T1002",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ba04e672-da86-4e69-aa15-0eca5db25f43",
+            "name": "Exfiltration to Text Storage Sites",
+            "type": "technique",
+            "id": "T1567.003",
+            "url": "https://attack.mitre.org/techniques/T1567/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ba8e391f-14b5-496f-81f2-2d5ecd646c1c",
+            "name": "Credentials in Files",
+            "type": "technique",
+            "id": "T1081",
+            "url": "https://attack.mitre.org/techniques/T1081",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--baf60e1a-afe5-4d31-830f-1b1ba2351884",
+            "name": "Software",
+            "type": "technique",
+            "id": "T1592.002",
+            "url": "https://attack.mitre.org/techniques/T1592/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bb0e0cb5-f3e4-4118-a4cb-6bf13bfbc9f2",
+            "name": "Netsh Helper DLL",
+            "type": "technique",
+            "id": "T1128",
+            "url": "https://attack.mitre.org/techniques/T1128",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--bb5a00de-e086-4859-a231-fa793f6797e2",
+            "name": "Input Capture",
+            "type": "technique",
+            "id": "T1056",
+            "url": "https://attack.mitre.org/techniques/T1056",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bbc3cba7-84ae-410d-b18b-16750731dfa2",
+            "name": "Exploits",
+            "type": "technique",
+            "id": "T1587.004",
+            "url": "https://attack.mitre.org/techniques/T1587/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bbe5b322-e2af-4a5e-9625-a4e62bf84ed3",
+            "name": "Social Media",
+            "type": "technique",
+            "id": "T1593.001",
+            "url": "https://attack.mitre.org/techniques/T1593/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bc0f5e80-91c0-4e04-9fbb-e4e332c85dae",
+            "name": "Component Object Model Hijacking",
+            "type": "technique",
+            "id": "T1546.015",
+            "url": "https://attack.mitre.org/techniques/T1546/015",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bc76d0a4-db11-4551-9ac4-01a469cfb161",
+            "name": "Credentials",
+            "type": "technique",
+            "id": "T1589.001",
+            "url": "https://attack.mitre.org/techniques/T1589/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bd369cd9-abb8-41ce-b5bb-fff23ee86c00",
+            "name": "Compromise Software Supply Chain",
+            "type": "technique",
+            "id": "T1195.002",
+            "url": "https://attack.mitre.org/techniques/T1195/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
+            "name": "Rename System Utilities",
+            "type": "technique",
+            "id": "T1036.003",
+            "url": "https://attack.mitre.org/techniques/T1036/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--be055942-6e63-49d7-9fa1-9cb7d8a8f3f4",
+            "name": "Bidirectional Communication",
+            "type": "technique",
+            "id": "T1102.002",
+            "url": "https://attack.mitre.org/techniques/T1102/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
+            "name": "Exploitation for Client Execution",
+            "type": "technique",
+            "id": "T1203",
+            "url": "https://attack.mitre.org/techniques/T1203",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bed04f7d-e48a-4e76-bd0f-4c57fe31fc46",
+            "name": "Wordlist Scanning",
+            "type": "technique",
+            "id": "T1595.003",
+            "url": "https://attack.mitre.org/techniques/T1595/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bef8aaee-961d-4359-a308-4c2182bcedff",
+            "name": "Spoof Security Alerting",
+            "type": "technique",
+            "id": "T1562.011",
+            "url": "https://attack.mitre.org/techniques/T1562/011",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bf147104-abf9-4221-95d1-e81585859441",
+            "name": "Outlook Home Page",
+            "type": "technique",
+            "id": "T1137.004",
+            "url": "https://attack.mitre.org/techniques/T1137/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bf176076-b789-408e-8cba-7275e81c0ada",
+            "name": "Asymmetric Cryptography",
+            "type": "technique",
+            "id": "T1573.002",
+            "url": "https://attack.mitre.org/techniques/T1573/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bf1b6176-597c-4600-bfcd-ac989670f96b",
+            "name": "Exfiltration to Cloud Storage",
+            "type": "technique",
+            "id": "T1567.002",
+            "url": "https://attack.mitre.org/techniques/T1567/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bf90d72c-c00b-45e3-b3aa-68560560d4c5",
+            "name": "Lateral Tool Transfer",
+            "type": "technique",
+            "id": "T1570",
+            "url": "https://attack.mitre.org/techniques/T1570",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bf96a5a3-3bce-43b7-8597-88545984c07b",
+            "name": "Path Interception by Unquoted Path",
+            "type": "technique",
+            "id": "T1574.009",
+            "url": "https://attack.mitre.org/techniques/T1574/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c071d8c1-3b3a-4f22-9407-ca4e96921069",
+            "name": "Install Digital Certificate",
+            "type": "technique",
+            "id": "T1608.003",
+            "url": "https://attack.mitre.org/techniques/T1608/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c0a384a4-9a25-40e1-97b6-458388474bc8",
+            "name": "Local Job Scheduling",
+            "type": "technique",
+            "id": "T1168",
+            "url": "https://attack.mitre.org/techniques/T1168",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c0df6533-30ee-4a4a-9c6d-17af5abdf0b2",
+            "name": "Setuid and Setgid",
+            "type": "technique",
+            "id": "T1166",
+            "url": "https://attack.mitre.org/techniques/T1166",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c0dfe7b0-b873-4618-9ff8-53e31f70907f",
+            "name": "Startup Items",
+            "type": "technique",
+            "id": "T1037.005",
+            "url": "https://attack.mitre.org/techniques/T1037/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c16e5409-ee53-4d79-afdc-4099dc9292df",
+            "name": "Web Shell",
+            "type": "technique",
+            "id": "T1100",
+            "url": "https://attack.mitre.org/techniques/T1100",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c1a452f3-6499-4c12-b7e9-a6a0a102af76",
+            "name": "Process Doppelgänging",
+            "type": "technique",
+            "id": "T1186",
+            "url": "https://attack.mitre.org/techniques/T1186",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c1b11bf7-c68e-4fbf-a95b-28efbe7953bb",
+            "name": "SSH Hijacking",
+            "type": "technique",
+            "id": "T1184",
+            "url": "https://attack.mitre.org/techniques/T1184",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c1b68a96-3c48-49ea-a6c0-9b27359f9c19",
+            "name": "System Language Discovery",
+            "type": "technique",
+            "id": "T1614.001",
+            "url": "https://attack.mitre.org/techniques/T1614/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c21d5a77-d422-4a69-acd7-2c53c1faa34b",
+            "name": "Non-Application Layer Protocol",
+            "type": "technique",
+            "id": "T1095",
+            "url": "https://attack.mitre.org/techniques/T1095",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c23b740b-a42b-47a1-aec2-9d48ddd547ff",
+            "name": "Pass the Hash",
+            "type": "technique",
+            "id": "T1075",
+            "url": "https://attack.mitre.org/techniques/T1075",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c2e147a9-d1a8-4074-811a-d8789202d916",
+            "name": "Steganography",
+            "type": "technique",
+            "id": "T1027.003",
+            "url": "https://attack.mitre.org/techniques/T1027/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c2f59d25-87fe-44aa-8f83-e8e59d077bf5",
+            "name": "DNS Server",
+            "type": "technique",
+            "id": "T1584.002",
+            "url": "https://attack.mitre.org/techniques/T1584/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c325b232-d5bc-4dde-a3ec-71f3db9e8adc",
+            "name": "Protocol Impersonation",
+            "type": "technique",
+            "id": "T1001.003",
+            "url": "https://attack.mitre.org/techniques/T1001/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c32f7008-9fea-41f7-8366-5eb9b74bd896",
+            "name": "Query Registry",
+            "type": "technique",
+            "id": "T1012",
+            "url": "https://attack.mitre.org/techniques/T1012",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c3888c54-775d-4b2f-b759-75a2ececcbfd",
+            "name": "Data Transfer Size Limits",
+            "type": "technique",
+            "id": "T1030",
+            "url": "https://attack.mitre.org/techniques/T1030",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c3bce4f4-9795-46c6-976e-8676300bbc39",
+            "name": "Windows Remote Management",
+            "type": "technique",
+            "id": "T1028",
+            "url": "https://attack.mitre.org/techniques/T1028",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c3c8c916-2f3c-4e71-94b2-240bdfc996f0",
+            "name": "Web Session Cookie",
+            "type": "technique",
+            "id": "T1550.004",
+            "url": "https://attack.mitre.org/techniques/T1550/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
+            "name": "Domain Accounts",
+            "type": "technique",
+            "id": "T1078.002",
+            "url": "https://attack.mitre.org/techniques/T1078/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c48a67ee-b657-45c1-91bf-6cdbe27205f8",
+            "name": "Regsvcs/Regasm",
+            "type": "technique",
+            "id": "T1218.009",
+            "url": "https://attack.mitre.org/techniques/T1218/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c4ad009b-6e13-4419-8d21-918a1652de02",
+            "name": "Path Interception",
+            "type": "technique",
+            "id": "T1034",
+            "url": "https://attack.mitre.org/techniques/T1034",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c5e31fb5-fcbd-48a4-af8c-5a6ed5b932e5",
+            "name": "Web Session Cookie",
+            "type": "technique",
+            "id": "T1506",
+            "url": "https://attack.mitre.org/techniques/T1506",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c615231b-f253-4f58-9d47-d5b4cbdb6839",
+            "name": "Install Root Certificate",
+            "type": "technique",
+            "id": "T1553.004",
+            "url": "https://attack.mitre.org/techniques/T1553/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
+            "name": "Network Logon Script",
+            "type": "technique",
+            "id": "T1037.003",
+            "url": "https://attack.mitre.org/techniques/T1037/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c675646d-e204-4aa8-978d-e3d6d65885c4",
+            "name": "Endpoint Denial of Service",
+            "type": "technique",
+            "id": "T1499",
+            "url": "https://attack.mitre.org/techniques/T1499",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c726e0a2-a57a-4b7b-a973-d0f013246617",
+            "name": "Compile After Delivery",
+            "type": "technique",
+            "id": "T1027.004",
+            "url": "https://attack.mitre.org/techniques/T1027/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c848fcf7-6b62-4bde-8216-b6c157d48da0",
+            "name": "Uncommonly Used Port",
+            "type": "technique",
+            "id": "T1065",
+            "url": "https://attack.mitre.org/techniques/T1065",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c877e33f-1df6-40d6-b1e7-ce70f16f4979",
+            "name": "System Location Discovery",
+            "type": "technique",
+            "id": "T1614",
+            "url": "https://attack.mitre.org/techniques/T1614",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b",
+            "name": "VBA Stomping",
+            "type": "technique",
+            "id": "T1564.007",
+            "url": "https://attack.mitre.org/techniques/T1564/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c8e87b83-edbb-48d4-9295-4974897525b7",
+            "name": "BITS Jobs",
+            "type": "technique",
+            "id": "T1197",
+            "url": "https://attack.mitre.org/techniques/T1197",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c92e3d68-2349-49e4-a341-7edca2deff96",
+            "name": "MSBuild",
+            "type": "technique",
+            "id": "T1127.001",
+            "url": "https://attack.mitre.org/techniques/T1127/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
+            "name": "Bypass User Account Control",
+            "type": "technique",
+            "id": "T1088",
+            "url": "https://attack.mitre.org/techniques/T1088",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ca205a36-c1ad-488b-aa6c-ab34bdd3a36b",
+            "name": "Runtime Data Manipulation",
+            "type": "technique",
+            "id": "T1494",
+            "url": "https://attack.mitre.org/techniques/T1494",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ca9d3402-ada3-484d-876a-d717bd6e05f2",
+            "name": "Domain Fronting",
+            "type": "technique",
+            "id": "T1090.004",
+            "url": "https://attack.mitre.org/techniques/T1090/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cabe189c-a0e3-4965-a473-dcff00f17213",
+            "name": "ARP Cache Poisoning",
+            "type": "technique",
+            "id": "T1557.002",
+            "url": "https://attack.mitre.org/techniques/T1557/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cacc40da-4c9e-462c-80d5-fd70a178b12d",
+            "name": "Disable Cloud Logs",
+            "type": "technique",
+            "id": "T1562.008",
+            "url": "https://attack.mitre.org/techniques/T1562/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cba37adb-d6fb-4610-b069-dd04c0643384",
+            "name": "Security Software Discovery",
+            "type": "technique",
+            "id": "T1518.001",
+            "url": "https://attack.mitre.org/techniques/T1518/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cbb66055-0325-4111-aca0-40547b6ad5b0",
+            "name": "Hidden Window",
+            "type": "technique",
+            "id": "T1564.003",
+            "url": "https://attack.mitre.org/techniques/T1564/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cc1e737c-236c-4e3b-83ba-32039a626ef8",
+            "name": "Transmitted Data Manipulation",
+            "type": "technique",
+            "id": "T1493",
+            "url": "https://attack.mitre.org/techniques/T1493",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
+            "name": "Python",
+            "type": "technique",
+            "id": "T1059.006",
+            "url": "https://attack.mitre.org/techniques/T1059/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cc723aff-ec88-40e3-a224-5af9fd983cc4",
+            "name": "Identify Roles",
+            "type": "technique",
+            "id": "T1591.004",
+            "url": "https://attack.mitre.org/techniques/T1591/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
+            "name": "Data Encoding",
+            "type": "technique",
+            "id": "T1132",
+            "url": "https://attack.mitre.org/techniques/T1132",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cc89ecbd-3d33-4a41-bcca-001e702d18fd",
+            "name": "AppInit DLLs",
+            "type": "technique",
+            "id": "T1546.010",
+            "url": "https://attack.mitre.org/techniques/T1546/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cca0ccb6-a068-4574-a722-b1556f86833a",
+            "name": "Phishing for Information",
+            "type": "technique",
+            "id": "T1598",
+            "url": "https://attack.mitre.org/techniques/T1598",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
+            "name": "Resource Hijacking",
+            "type": "technique",
+            "id": "T1496",
+            "url": "https://attack.mitre.org/techniques/T1496",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8",
+            "name": "Establish Accounts",
+            "type": "technique",
+            "id": "T1585",
+            "url": "https://attack.mitre.org/techniques/T1585",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ce0687a0-e692-4b77-964a-0784a8e54ff1",
+            "name": "Obtain Capabilities",
+            "type": "technique",
+            "id": "T1588",
+            "url": "https://attack.mitre.org/techniques/T1588",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ce4b7013-640e-48a9-b501-d0025a95f4bf",
+            "name": "Screensaver",
+            "type": "technique",
+            "id": "T1546.002",
+            "url": "https://attack.mitre.org/techniques/T1546/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ce73ea43-8e77-47ba-9c11-5e9c9c58b9ff",
+            "name": "Hidden Users",
+            "type": "technique",
+            "id": "T1147",
+            "url": "https://attack.mitre.org/techniques/T1147",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--cf1c2504-433f-4c4e-a1f8-91de45a0318c",
+            "name": "Create Cloud Instance",
+            "type": "technique",
+            "id": "T1578.002",
+            "url": "https://attack.mitre.org/techniques/T1578/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cf7b3a06-8b42-4c33-bbe9-012120027925",
+            "name": "Compile After Delivery",
+            "type": "technique",
+            "id": "T1500",
+            "url": "https://attack.mitre.org/techniques/T1500",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--cff94884-3b1c-4987-a70b-6d5643c621c3",
+            "name": "Code Repositories",
+            "type": "technique",
+            "id": "T1213.003",
+            "url": "https://attack.mitre.org/techniques/T1213/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d0613359-5781-4fd2-b5be-c269270be1f6",
+            "name": "Transmitted Data Manipulation",
+            "type": "technique",
+            "id": "T1565.002",
+            "url": "https://attack.mitre.org/techniques/T1565/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4",
+            "name": "/etc/passwd and /etc/shadow",
+            "type": "technique",
+            "id": "T1003.008",
+            "url": "https://attack.mitre.org/techniques/T1003/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d10cbd34-42e3-45c0-84d2-535a09849584",
+            "name": "Launch Agent",
+            "type": "technique",
+            "id": "T1543.001",
+            "url": "https://attack.mitre.org/techniques/T1543/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d157f9d2-d09a-4efa-bb2a-64963f94e253",
+            "name": "System Services",
+            "type": "technique",
+            "id": "T1569",
+            "url": "https://attack.mitre.org/techniques/T1569",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d1fcf083-a721-4223-aedf-bf8960798d62",
+            "name": "Windows Command Shell",
+            "type": "technique",
+            "id": "T1059.003",
+            "url": "https://attack.mitre.org/techniques/T1059/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d201d4cc-214d-4a74-a1ba-b3fa09fd4591",
+            "name": "Proc Memory",
+            "type": "technique",
+            "id": "T1055.009",
+            "url": "https://attack.mitre.org/techniques/T1055/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d21a2069-23d5-4043-ad6d-64f6b644cb1a",
+            "name": "Compiled HTML File",
+            "type": "technique",
+            "id": "T1223",
+            "url": "https://attack.mitre.org/techniques/T1223",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d21bb61f-08ad-4dc1-b001-81ca6cb79954",
+            "name": "Acquire Access",
+            "type": "technique",
+            "id": "T1650",
+            "url": "https://attack.mitre.org/techniques/T1650",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d245808a-7086-4310-984a-a84aaaa43f8f",
+            "name": "Patch System Image",
+            "type": "technique",
+            "id": "T1601.001",
+            "url": "https://attack.mitre.org/techniques/T1601/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d273434a-448e-4598-8e14-607f4a0d5e27",
+            "name": "Silver Ticket",
+            "type": "technique",
+            "id": "T1558.002",
+            "url": "https://attack.mitre.org/techniques/T1558/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d28ef391-8ed4-45dc-bc4a-2f43abf54416",
+            "name": "Data from Information Repositories",
+            "type": "technique",
+            "id": "T1213",
+            "url": "https://attack.mitre.org/techniques/T1213",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
+            "name": "Clear Persistence",
+            "type": "technique",
+            "id": "T1070.009",
+            "url": "https://attack.mitre.org/techniques/T1070/009",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d3046a90-580c-4004-8208-66915bc29830",
+            "name": "Clear Command History",
+            "type": "technique",
+            "id": "T1146",
+            "url": "https://attack.mitre.org/techniques/T1146",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d336b553-5da9-46ca-98a8-0b23f49fb447",
+            "name": "Windows Credential Manager",
+            "type": "technique",
+            "id": "T1555.004",
+            "url": "https://attack.mitre.org/techniques/T1555/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d376668f-b208-42de-b1f5-fdfe0ad4b753",
+            "name": "Emond",
+            "type": "technique",
+            "id": "T1519",
+            "url": "https://attack.mitre.org/techniques/T1519",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d3df754e-997b-4cf9-97d4-70feb3120847",
+            "name": "Spearphishing via Service",
+            "type": "technique",
+            "id": "T1194",
+            "url": "https://attack.mitre.org/techniques/T1194",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d40239b3-05ff-46d8-9bdd-b46d13463ef9",
+            "name": "Hardware Additions",
+            "type": "technique",
+            "id": "T1200",
+            "url": "https://attack.mitre.org/techniques/T1200",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d456de47-a16f-4e46-8980-e67478a12dcb",
+            "name": "Server Software Component",
+            "type": "technique",
+            "id": "T1505",
+            "url": "https://attack.mitre.org/techniques/T1505",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
+            "name": "Data Destruction",
+            "type": "technique",
+            "id": "T1485",
+            "url": "https://attack.mitre.org/techniques/T1485",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d467bc38-284b-4a00-96ac-125f447799fc",
+            "name": "Non-Standard Encoding",
+            "type": "technique",
+            "id": "T1132.002",
+            "url": "https://attack.mitre.org/techniques/T1132/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d4b96d2c-1032-4b22-9235-2b5b649d0605",
+            "name": "Domain Controller Authentication",
+            "type": "technique",
+            "id": "T1556.001",
+            "url": "https://attack.mitre.org/techniques/T1556/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
+            "name": "Transfer Data to Cloud Account",
+            "type": "technique",
+            "id": "T1537",
+            "url": "https://attack.mitre.org/techniques/T1537",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d4dc46e3-5ba5-45b9-8204-010867cacfcb",
+            "name": "HTML Smuggling",
+            "type": "technique",
+            "id": "T1027.006",
+            "url": "https://attack.mitre.org/techniques/T1027/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d50955c2-272d-4ac8-95da-10c29dda1c48",
+            "name": "Reversible Encryption",
+            "type": "technique",
+            "id": "T1556.005",
+            "url": "https://attack.mitre.org/techniques/T1556/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d511a6f6-4a33-41d5-bc95-c343875d1377",
+            "name": "Command Obfuscation",
+            "type": "technique",
+            "id": "T1027.010",
+            "url": "https://attack.mitre.org/techniques/T1027/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d519cfd5-f3a8-43a9-a846-ed0bb40672b1",
+            "name": "Install Root Certificate",
+            "type": "technique",
+            "id": "T1130",
+            "url": "https://attack.mitre.org/techniques/T1130",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d54416bd-0803-41ca-870a-ce1af7c05638",
+            "name": "Data Encrypted",
+            "type": "technique",
+            "id": "T1022",
+            "url": "https://attack.mitre.org/techniques/T1022",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d63a3fb8-9452-4e9d-a60a-54be68d5998c",
+            "name": "File Deletion",
+            "type": "technique",
+            "id": "T1070.004",
+            "url": "https://attack.mitre.org/techniques/T1070/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d742a578-d70e-4d0e-96a6-02a9c30204e6",
+            "name": "Drive-by Compromise",
+            "type": "technique",
+            "id": "T1189",
+            "url": "https://attack.mitre.org/techniques/T1189",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
+            "name": "Network Denial of Service",
+            "type": "technique",
+            "id": "T1498",
+            "url": "https://attack.mitre.org/techniques/T1498",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d94b3ae9-8059-4989-8e9f-ea0f601f80a7",
+            "name": "Cloud Administration Command",
+            "type": "technique",
+            "id": "T1651",
+            "url": "https://attack.mitre.org/techniques/T1651",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--da051493-ae9c-4b1b-9760-c009c46c9b56",
+            "name": "Installer Packages",
+            "type": "technique",
+            "id": "T1546.016",
+            "url": "https://attack.mitre.org/techniques/T1546/016",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--db8f5003-3b20-48f0-9b76-123e44208120",
+            "name": "Scanning IP Blocks",
+            "type": "technique",
+            "id": "T1595.001",
+            "url": "https://attack.mitre.org/techniques/T1595/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dc27c2ec-c5f9-4228-ba57-d67b590bda93",
+            "name": "Hidden Files and Directories",
+            "type": "technique",
+            "id": "T1158",
+            "url": "https://attack.mitre.org/techniques/T1158",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--dc31fe1e-d722-49da-8f5f-92c7b5aff534",
+            "name": "Template Injection",
+            "type": "technique",
+            "id": "T1221",
+            "url": "https://attack.mitre.org/techniques/T1221",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dca670cf-eeec-438f-8185-fd959d9ef211",
+            "name": "RC Scripts",
+            "type": "technique",
+            "id": "T1037.004",
+            "url": "https://attack.mitre.org/techniques/T1037/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dcaa092b-7de9-4a21-977f-7fcb77e89c48",
+            "name": "Access Token Manipulation",
+            "type": "technique",
+            "id": "T1134",
+            "url": "https://attack.mitre.org/techniques/T1134",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dce31a00-1e90-4655-b0f9-e2e71a748a87",
+            "name": "Time Providers",
+            "type": "technique",
+            "id": "T1209",
+            "url": "https://attack.mitre.org/techniques/T1209",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--dd43c543-bb85-4a6f-aa6e-160d90d06a49",
+            "name": "Multi-Factor Authentication Interception",
+            "type": "technique",
+            "id": "T1111",
+            "url": "https://attack.mitre.org/techniques/T1111",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dd901512-6e37-4155-943b-453e3777b125",
+            "name": "Launch Agent",
+            "type": "technique",
+            "id": "T1159",
+            "url": "https://attack.mitre.org/techniques/T1159",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--deb98323-e13f-4b0c-8d94-175379069062",
+            "name": "Software Packing",
+            "type": "technique",
+            "id": "T1027.002",
+            "url": "https://attack.mitre.org/techniques/T1027/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--df1bc34d-1634-4c93-b89e-8120994fce77",
+            "name": "Serverless",
+            "type": "technique",
+            "id": "T1584.007",
+            "url": "https://attack.mitre.org/techniques/T1584/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--df8b2a25-8bdf-4856-953c-a04372b1c161",
+            "name": "Web Protocols",
+            "type": "technique",
+            "id": "T1071.001",
+            "url": "https://attack.mitre.org/techniques/T1071/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
+            "name": "Visual Basic",
+            "type": "technique",
+            "id": "T1059.005",
+            "url": "https://attack.mitre.org/techniques/T1059/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dfebc3b7-d19d-450b-81c7-6dafe4184c04",
+            "name": "Hidden File System",
+            "type": "technique",
+            "id": "T1564.005",
+            "url": "https://attack.mitre.org/techniques/T1564/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dfefe2ed-4389-4318-8762-f0272b350a1b",
+            "name": "Systemd Service",
+            "type": "technique",
+            "id": "T1543.002",
+            "url": "https://attack.mitre.org/techniques/T1543/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e0033c16-a07e-48aa-8204-7c3ca669998c",
+            "name": "RDP Hijacking",
+            "type": "technique",
+            "id": "T1563.002",
+            "url": "https://attack.mitre.org/techniques/T1563/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e01be9c5-e763-4caf-aeb7-000b416aef67",
+            "name": "Create Account",
+            "type": "technique",
+            "id": "T1136",
+            "url": "https://attack.mitre.org/techniques/T1136",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
+            "name": "XDG Autostart Entries",
+            "type": "technique",
+            "id": "T1547.013",
+            "url": "https://attack.mitre.org/techniques/T1547/013",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e196b5c5-8118-4a1c-ab8a-936586ce3db5",
+            "name": "Server",
+            "type": "technique",
+            "id": "T1584.004",
+            "url": "https://attack.mitre.org/techniques/T1584/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e24fcba8-2557-4442-a139-1ee2f2e784db",
+            "name": "Cloud Service Discovery",
+            "type": "technique",
+            "id": "T1526",
+            "url": "https://attack.mitre.org/techniques/T1526",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e2907cea-4b43-4ed7-a570-0fdf0fbeea00",
+            "name": "Space after Filename",
+            "type": "technique",
+            "id": "T1151",
+            "url": "https://attack.mitre.org/techniques/T1151",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e358d692-23c0-4a31-9eb6-ecc13a8d7735",
+            "name": "Remote System Discovery",
+            "type": "technique",
+            "id": "T1018",
+            "url": "https://attack.mitre.org/techniques/T1018",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e3a12395-188d-4051-9a16-ea8e14d07b88",
+            "name": "Network Service Discovery",
+            "type": "technique",
+            "id": "T1046",
+            "url": "https://attack.mitre.org/techniques/T1046",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e3b168bd-fcd7-439e-9382-2e6c2f63514d",
+            "name": "Domain Properties",
+            "type": "technique",
+            "id": "T1590.001",
+            "url": "https://attack.mitre.org/techniques/T1590/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e3b6daca-e963-4a69-aee6-ed4fd653ad58",
+            "name": "Software Discovery",
+            "type": "technique",
+            "id": "T1518",
+            "url": "https://attack.mitre.org/techniques/T1518",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e49920b0-6c54-40c1-9571-73723653205f",
+            "name": "Cloud Service Dashboard",
+            "type": "technique",
+            "id": "T1538",
+            "url": "https://attack.mitre.org/techniques/T1538",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e49ee9d2-0d98-44ef-85e5-5d3100065744",
+            "name": "Thread Local Storage",
+            "type": "technique",
+            "id": "T1055.005",
+            "url": "https://attack.mitre.org/techniques/T1055/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e4dc8c01-417f-458d-9ee0-bb0617c1b391",
+            "name": "Debugger Evasion",
+            "type": "technique",
+            "id": "T1622",
+            "url": "https://attack.mitre.org/techniques/T1622",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e51137a5-1cdc-499e-911a-abaedaa5ac86",
+            "name": "Space after Filename",
+            "type": "technique",
+            "id": "T1036.006",
+            "url": "https://attack.mitre.org/techniques/T1036/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e5cc9e7a-e61a-46a1-b869-55fb6eab058e",
+            "name": "Re-opened Applications",
+            "type": "technique",
+            "id": "T1547.007",
+            "url": "https://attack.mitre.org/techniques/T1547/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e5d550f3-2202-4634-85f2-4a200a1d49b3",
+            "name": "SEO Poisoning",
+            "type": "technique",
+            "id": "T1608.006",
+            "url": "https://attack.mitre.org/techniques/T1608/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e624264c-033a-424d-9fd7-fc9c3bbdb03e",
+            "name": "Pass the Hash",
+            "type": "technique",
+            "id": "T1550.002",
+            "url": "https://attack.mitre.org/techniques/T1550/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e6415f09-df0e-48de-9aba-928c902b7549",
+            "name": "Exfiltration Over Physical Medium",
+            "type": "technique",
+            "id": "T1052",
+            "url": "https://attack.mitre.org/techniques/T1052",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
+            "name": "DLL Side-Loading",
+            "type": "technique",
+            "id": "T1574.002",
+            "url": "https://attack.mitre.org/techniques/T1574/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e6919abc-99f9-4c6c-95a5-14761e7b2add",
+            "name": "Ingress Tool Transfer",
+            "type": "technique",
+            "id": "T1105",
+            "url": "https://attack.mitre.org/techniques/T1105",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e74de37c-a829-446c-937d-56a44f0e9306",
+            "name": "Additional Email Delegate Permissions",
+            "type": "technique",
+            "id": "T1098.002",
+            "url": "https://attack.mitre.org/techniques/T1098/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e7cbc1de-1f79-48ee-abfd-da1241c65a15",
+            "name": "Code Signing Certificates",
+            "type": "technique",
+            "id": "T1588.003",
+            "url": "https://attack.mitre.org/techniques/T1588/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e7eab98d-ae11-4491-bd28-a53ba875865a",
+            "name": "Network Share Connection Removal",
+            "type": "technique",
+            "id": "T1126",
+            "url": "https://attack.mitre.org/techniques/T1126",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e848506b-8484-4410-8017-3d235a52f5b3",
+            "name": "Serverless Execution",
+            "type": "technique",
+            "id": "T1648",
+            "url": "https://attack.mitre.org/techniques/T1648",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e906ae4d-1d3a-4675-be23-22f7311c0da4",
+            "name": "Windows Management Instrumentation Event Subscription",
+            "type": "technique",
+            "id": "T1084",
+            "url": "https://attack.mitre.org/techniques/T1084",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e99ec083-abdd-48de-ad87-4dbf6f8ba2a4",
+            "name": "Launch Daemon",
+            "type": "technique",
+            "id": "T1160",
+            "url": "https://attack.mitre.org/techniques/T1160",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ea016b56-ae0e-47fe-967a-cc0ad51af67f",
+            "name": "Ptrace System Calls",
+            "type": "technique",
+            "id": "T1055.008",
+            "url": "https://attack.mitre.org/techniques/T1055/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ea4c2f9c-9df1-477c-8c42-6da1118f2ac4",
+            "name": "Dynamic API Resolution",
+            "type": "technique",
+            "id": "T1027.007",
+            "url": "https://attack.mitre.org/techniques/T1027/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--eb062747-2193-45de-8fa2-e62549c37ddf",
+            "name": "Remote Desktop Protocol",
+            "type": "technique",
+            "id": "T1021.001",
+            "url": "https://attack.mitre.org/techniques/T1021/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--eb125d40-0b2d-41ac-a71a-3229241c2cd3",
+            "name": "Logon Script (Windows)",
+            "type": "technique",
+            "id": "T1037.001",
+            "url": "https://attack.mitre.org/techniques/T1037/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--eb2cb5cb-ae87-4de0-8c35-da2a17aafb99",
+            "name": "ListPlanting",
+            "type": "technique",
+            "id": "T1055.015",
+            "url": "https://attack.mitre.org/techniques/T1055/015",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
+            "name": "Domain Policy Modification",
+            "type": "technique",
+            "id": "T1484",
+            "url": "https://attack.mitre.org/techniques/T1484",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ebbe170d-aa74-4946-8511-9921243415a3",
+            "name": "XSL Script Processing",
+            "type": "technique",
+            "id": "T1220",
+            "url": "https://attack.mitre.org/techniques/T1220",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ec4be82f-940c-4dcb-87fe-2bbdd17c692f",
+            "name": "Scan Databases",
+            "type": "technique",
+            "id": "T1596.005",
+            "url": "https://attack.mitre.org/techniques/T1596/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ec8fc7e2-b356-455c-8db5-2e37be158e7d",
+            "name": "Hidden Files and Directories",
+            "type": "technique",
+            "id": "T1564.001",
+            "url": "https://attack.mitre.org/techniques/T1564/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1",
+            "name": "Create Snapshot",
+            "type": "technique",
+            "id": "T1578.001",
+            "url": "https://attack.mitre.org/techniques/T1578/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ed730f20-0e44-48b9-85f8-0e2adeb76867",
+            "name": "Determine Physical Locations",
+            "type": "technique",
+            "id": "T1591.001",
+            "url": "https://attack.mitre.org/techniques/T1591/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
+            "name": "Office Test",
+            "type": "technique",
+            "id": "T1137.002",
+            "url": "https://attack.mitre.org/techniques/T1137/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--edadea33-549c-4ed1-9783-8f5a5853cbdf",
+            "name": "Develop Capabilities",
+            "type": "technique",
+            "id": "T1587",
+            "url": "https://attack.mitre.org/techniques/T1587",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
+            "name": "Dynamic Data Exchange",
+            "type": "technique",
+            "id": "T1173",
+            "url": "https://attack.mitre.org/techniques/T1173",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--edf91964-b26e-4b4a-9600-ccacd7d7df24",
+            "name": "NTDS",
+            "type": "technique",
+            "id": "T1003.003",
+            "url": "https://attack.mitre.org/techniques/T1003/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ee7ff928-801c-4f34-8a99-3df965e581a5",
+            "name": "SNMP (MIB Dump)",
+            "type": "technique",
+            "id": "T1602.001",
+            "url": "https://attack.mitre.org/techniques/T1602/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--eec23884-3fa1-4d8a-ac50-6f104d51e235",
+            "name": "Steganography",
+            "type": "technique",
+            "id": "T1001.002",
+            "url": "https://attack.mitre.org/techniques/T1001/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ef67e13e-5598-4adc-bdb2-998225874fa9",
+            "name": "Malicious Link",
+            "type": "technique",
+            "id": "T1204.001",
+            "url": "https://attack.mitre.org/techniques/T1204/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f005e783-57d4-4837-88ad-dbe7faee1c51",
+            "name": "Application Access Token",
+            "type": "technique",
+            "id": "T1550.001",
+            "url": "https://attack.mitre.org/techniques/T1550/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f0589bc3-a6ae-425a-a3d5-5659bfee07f4",
+            "name": "LSASS Driver",
+            "type": "technique",
+            "id": "T1547.008",
+            "url": "https://attack.mitre.org/techniques/T1547/008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f1951e8a-500e-4a26-8803-76d95c4554b4",
+            "name": "Service Execution",
+            "type": "technique",
+            "id": "T1569.002",
+            "url": "https://attack.mitre.org/techniques/T1569/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f232fa7a-025c-4d43-abc7-318e81a73d65",
+            "name": "Cloud Accounts",
+            "type": "technique",
+            "id": "T1078.004",
+            "url": "https://attack.mitre.org/techniques/T1078/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f244b8dd-af6c-4391-a497-fc03627ce995",
+            "name": "Environmental Keying",
+            "type": "technique",
+            "id": "T1480.001",
+            "url": "https://attack.mitre.org/techniques/T1480/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f24faf46-3b26-4dbb-98f2-63460498e433",
+            "name": "Fallback Channels",
+            "type": "technique",
+            "id": "T1008",
+            "url": "https://attack.mitre.org/techniques/T1008",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f2857333-11d4-45bf-b064-2c28d8525be5",
+            "name": "NTFS File Attributes",
+            "type": "technique",
+            "id": "T1564.004",
+            "url": "https://attack.mitre.org/techniques/T1564/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f2877f7f-9a4c-4251-879f-1224e3006bee",
+            "name": "Kerberoasting",
+            "type": "technique",
+            "id": "T1558.003",
+            "url": "https://attack.mitre.org/techniques/T1558/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f2d44246-91f1-478a-b6c8-1227e0ca109d",
+            "name": "NTFS File Attributes",
+            "type": "technique",
+            "id": "T1096",
+            "url": "https://attack.mitre.org/techniques/T1096",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f303a39a-6255-4b89-aecc-18c4d8ca7163",
+            "name": "DCSync",
+            "type": "technique",
+            "id": "T1003.006",
+            "url": "https://attack.mitre.org/techniques/T1003/006",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f3c544dc-673c-4ef3-accb-53229f1ae077",
+            "name": "System Time Discovery",
+            "type": "technique",
+            "id": "T1124",
+            "url": "https://attack.mitre.org/techniques/T1124",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
+            "name": "At",
+            "type": "technique",
+            "id": "T1053.002",
+            "url": "https://attack.mitre.org/techniques/T1053/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f44731de-ea9f-406d-9b83-30ecbb9b4392",
+            "name": "Service Execution",
+            "type": "technique",
+            "id": "T1035",
+            "url": "https://attack.mitre.org/techniques/T1035",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f4599aa0-4f85-4a32-80ea-fc39dc965945",
+            "name": "Dynamic-link Library Injection",
+            "type": "technique",
+            "id": "T1055.001",
+            "url": "https://attack.mitre.org/techniques/T1055/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
+            "name": "PowerShell",
+            "type": "technique",
+            "id": "T1086",
+            "url": "https://attack.mitre.org/techniques/T1086",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f4b843c1-7e92-4701-8fed-ce82f8be2636",
+            "name": "Exploits",
+            "type": "technique",
+            "id": "T1588.005",
+            "url": "https://attack.mitre.org/techniques/T1588/005",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f4c1826f-a322-41cd-9557-562100848c84",
+            "name": "Modify Authentication Process",
+            "type": "technique",
+            "id": "T1556",
+            "url": "https://attack.mitre.org/techniques/T1556",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f5946b5e-9408-485f-a7f7-b5efc88909b6",
+            "name": "Credential API Hooking",
+            "type": "technique",
+            "id": "T1056.004",
+            "url": "https://attack.mitre.org/techniques/T1056/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f5bb433e-bdf6-4781-84bc-35e97e43be89",
+            "name": "Firmware Corruption",
+            "type": "technique",
+            "id": "T1495",
+            "url": "https://attack.mitre.org/techniques/T1495",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
+            "name": "Inhibit System Recovery",
+            "type": "technique",
+            "id": "T1490",
+            "url": "https://attack.mitre.org/techniques/T1490",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
+            "name": "Netsh Helper DLL",
+            "type": "technique",
+            "id": "T1546.007",
+            "url": "https://attack.mitre.org/techniques/T1546/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
+            "name": "Spearphishing via Service",
+            "type": "technique",
+            "id": "T1566.003",
+            "url": "https://attack.mitre.org/techniques/T1566/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f6dacc85-b37d-458e-b58d-74fc4bbf5755",
+            "name": "Internal Proxy",
+            "type": "technique",
+            "id": "T1090.001",
+            "url": "https://attack.mitre.org/techniques/T1090/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f6fe9070-7a65-49ea-ae72-76292f42cebe",
+            "name": "System Script Proxy Execution",
+            "type": "technique",
+            "id": "T1216",
+            "url": "https://attack.mitre.org/techniques/T1216",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f72eb8a8-cd4c-461d-a814-3f862befbf00",
+            "name": "Custom Command and Control Protocol",
+            "type": "technique",
+            "id": "T1094",
+            "url": "https://attack.mitre.org/techniques/T1094",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f7827069-0bf2-4764-af4f-23fae0d181b7",
+            "name": "Dead Drop Resolver",
+            "type": "technique",
+            "id": "T1102.001",
+            "url": "https://attack.mitre.org/techniques/T1102/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f792d02f-813d-402b-86a5-ab98cb391d3b",
+            "name": "InstallUtil",
+            "type": "technique",
+            "id": "T1118",
+            "url": "https://attack.mitre.org/techniques/T1118",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f7c0689c-4dbd-489b-81be-7cb7c7079ade",
+            "name": "Junk Data",
+            "type": "technique",
+            "id": "T1001.001",
+            "url": "https://attack.mitre.org/techniques/T1001/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f870408c-b1cd-49c7-a5c7-0ef0fc496cc6",
+            "name": "Spearphishing Service",
+            "type": "technique",
+            "id": "T1598.001",
+            "url": "https://attack.mitre.org/techniques/T1598/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f879d51c-5476-431c-aedf-f14d207e4d1e",
+            "name": "Commonly Used Port",
+            "type": "technique",
+            "id": "T1043",
+            "url": "https://attack.mitre.org/techniques/T1043",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f8ef3a62-3f44-40a4-abca-761ab235c436",
+            "name": "Container API",
+            "type": "technique",
+            "id": "T1552.007",
+            "url": "https://attack.mitre.org/techniques/T1552/007",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f9cc4d06-775f-4ee1-b401-4e2cc0da30ba",
+            "name": "Domains",
+            "type": "technique",
+            "id": "T1584.001",
+            "url": "https://attack.mitre.org/techniques/T1584/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f9e9365a-9ca2-4d9c-8e7c-050d73d1101a",
+            "name": "SQL Stored Procedures",
+            "type": "technique",
+            "id": "T1505.001",
+            "url": "https://attack.mitre.org/techniques/T1505/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fa44a152-ac48-441e-a524-dd7b04b8adcd",
+            "name": "Network Device Authentication",
+            "type": "technique",
+            "id": "T1556.004",
+            "url": "https://attack.mitre.org/techniques/T1556/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fb640c43-aa6b-431e-a961-a279010424ac",
+            "name": "Disk Content Wipe",
+            "type": "technique",
+            "id": "T1561.001",
+            "url": "https://attack.mitre.org/techniques/T1561/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fb8d023d-45be-47e9-bc51-f56bcae6435b",
+            "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
+            "type": "technique",
+            "id": "T1048.003",
+            "url": "https://attack.mitre.org/techniques/T1048/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fc742192-19e3-466c-9eb5-964a97b29490",
+            "name": "Dylib Hijacking",
+            "type": "technique",
+            "id": "T1574.004",
+            "url": "https://attack.mitre.org/techniques/T1574/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fc74ba38-dc98-461f-8611-b3dbf9978e3d",
+            "name": "Downgrade System Image",
+            "type": "technique",
+            "id": "T1601.002",
+            "url": "https://attack.mitre.org/techniques/T1601/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fdc47f44-dd32-4b99-af5f-209f556f63c2",
+            "name": "Local Accounts",
+            "type": "technique",
+            "id": "T1078.003",
+            "url": "https://attack.mitre.org/techniques/T1078/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fe926152-f431-4baf-956c-4ad3cb0bf23b",
+            "name": "Exploitation for Defense Evasion",
+            "type": "technique",
+            "id": "T1211",
+            "url": "https://attack.mitre.org/techniques/T1211",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ff25900d-76d5-449b-a351-8824e62fc81b",
+            "name": "Trusted Developer Utilities Proxy Execution",
+            "type": "technique",
+            "id": "T1127",
+            "url": "https://attack.mitre.org/techniques/T1127",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ff73aa03-0090-4464-83ac-f89e233c02bc",
+            "name": "System Shutdown/Reboot",
+            "type": "technique",
+            "id": "T1529",
+            "url": "https://attack.mitre.org/techniques/T1529",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ffbcfdb0-de22-4106-9ed3-fc23c8a01407",
+            "name": "MMC",
+            "type": "technique",
+            "id": "T1218.014",
+            "url": "https://attack.mitre.org/techniques/T1218/014",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1",
+            "name": "Process Argument Spoofing",
+            "type": "technique",
+            "id": "T1564.010",
+            "url": "https://attack.mitre.org/techniques/T1564/010",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ffe742ed-9100-4686-9e00-c331da544787",
+            "name": "Windows Admin Shares",
+            "type": "technique",
+            "id": "T1077",
+            "url": "https://attack.mitre.org/techniques/T1077",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ffeb0780-356e-4261-b036-cfb6bd234335",
+            "name": "COR_PROFILER",
+            "type": "technique",
+            "id": "T1574.012",
+            "url": "https://attack.mitre.org/techniques/T1574/012",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--008b8f56-6107-48be-aa9f-746f927dbb61",
+            "name": "Block Command Message",
+            "type": "technique",
+            "id": "T0803",
+            "url": "https://attack.mitre.org/techniques/T0803",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--063b5b92-5361-481a-9c3f-95492ed9a2d8",
+            "name": "Service Stop",
+            "type": "technique",
+            "id": "T0881",
+            "url": "https://attack.mitre.org/techniques/T0881",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--097924ce-a9a9-4039-8591-e0deedfb8722",
+            "name": "Modify Parameter",
+            "type": "technique",
+            "id": "T0836",
+            "url": "https://attack.mitre.org/techniques/T0836",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--09a61657-46e1-439e-b3ed-3e4556a78243",
+            "name": "Modify Controller Tasking",
+            "type": "technique",
+            "id": "T0821",
+            "url": "https://attack.mitre.org/techniques/T0821",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0fe075d5-beac-4d02-b93e-0f874997db72",
+            "name": "Wireless Sniffing",
+            "type": "technique",
+            "id": "T0887",
+            "url": "https://attack.mitre.org/techniques/T0887",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--138979ba-0430-4de6-a128-2fc0b056ba36",
+            "name": "Loss of View",
+            "type": "technique",
+            "id": "T0829",
+            "url": "https://attack.mitre.org/techniques/T0829",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--19a71d1e-6334-4233-8260-b749cae37953",
+            "name": "Activate Firmware Update Mode",
+            "type": "technique",
+            "id": "T0800",
+            "url": "https://attack.mitre.org/techniques/T0800",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1af9e3fd-2bcc-414d-adbd-fe3b95c02ca1",
+            "name": "Manipulation of Control",
+            "type": "technique",
+            "id": "T0831",
+            "url": "https://attack.mitre.org/techniques/T0831",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1b22b676-9347-4c55-9a35-ef0dc653db5b",
+            "name": "Denial of Service",
+            "type": "technique",
+            "id": "T0814",
+            "url": "https://attack.mitre.org/techniques/T0814",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1c478716-71d9-46a4-9a53-fa5d576adb60",
+            "name": "Block Serial COM",
+            "type": "technique",
+            "id": "T0805",
+            "url": "https://attack.mitre.org/techniques/T0805",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--23270e54-1d68-4c3b-b763-b25607bcef80",
+            "name": "Role Identification",
+            "type": "technique",
+            "id": "T0850",
+            "url": "https://attack.mitre.org/techniques/T0850",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--24a9253e-8948-4c98-b751-8e2aee53127c",
+            "name": "Command-Line Interface",
+            "type": "technique",
+            "id": "T0807",
+            "url": "https://attack.mitre.org/techniques/T0807",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--25852363-5968-4673-b81d-341d5ed90bd1",
+            "name": "Point & Tag Identification",
+            "type": "technique",
+            "id": "T0861",
+            "url": "https://attack.mitre.org/techniques/T0861",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--25dfc8ad-bd73-4dfd-84a9-3c3d383f76e9",
+            "name": "Device Restart/Shutdown",
+            "type": "technique",
+            "id": "T0816",
+            "url": "https://attack.mitre.org/techniques/T0816",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2736b752-4ec5-4421-a230-8977dea7649c",
+            "name": "User Execution",
+            "type": "technique",
+            "id": "T0863",
+            "url": "https://attack.mitre.org/techniques/T0863",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2877063e-1851-48d2-bcc6-bc1d2733157e",
+            "name": "Wireless Compromise",
+            "type": "technique",
+            "id": "T0860",
+            "url": "https://attack.mitre.org/techniques/T0860",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2883c520-7957-46ca-89bd-dab1ad53b601",
+            "name": "Change Operating Mode",
+            "type": "technique",
+            "id": "T0858",
+            "url": "https://attack.mitre.org/techniques/T0858",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2900bbd8-308a-4274-b074-5b8bde8347bc",
+            "name": "Alarm Suppression",
+            "type": "technique",
+            "id": "T0878",
+            "url": "https://attack.mitre.org/techniques/T0878",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2aa406ed-81c3-4c1d-ba83-cfbee5a2847a",
+            "name": "Detect Operating Mode",
+            "type": "technique",
+            "id": "T0868",
+            "url": "https://attack.mitre.org/techniques/T0868",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2bb4d762-bf4a-4bc3-9318-15cc6a354163",
+            "name": "Loss of Protection",
+            "type": "technique",
+            "id": "T0837",
+            "url": "https://attack.mitre.org/techniques/T0837",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2d0d40ad-22fa-4cc8-b264-072557e1364b",
+            "name": "Monitor Process State",
+            "type": "technique",
+            "id": "T0801",
+            "url": "https://attack.mitre.org/techniques/T0801",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2dc2b567-8821-49f9-9045-8740f3d0b958",
+            "name": "Scripting",
+            "type": "technique",
+            "id": "T0853",
+            "url": "https://attack.mitre.org/techniques/T0853",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2fedbe69-581f-447d-8a78-32ee7db939a9",
+            "name": "Remote System Information Discovery",
+            "type": "technique",
+            "id": "T0888",
+            "url": "https://attack.mitre.org/techniques/T0888",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3067b85e-271e-4bc5-81ad-ab1a81d411e3",
+            "name": "Program Upload",
+            "type": "technique",
+            "id": "T0845",
+            "url": "https://attack.mitre.org/techniques/T0845",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--32632a95-6856-47b9-9ab7-fea5cd7dce00",
+            "name": "Exploit Public-Facing Application",
+            "type": "technique",
+            "id": "T0819",
+            "url": "https://attack.mitre.org/techniques/T0819",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3405891b-16aa-4bd7-bd7c-733501f9b20f",
+            "name": "Data from Information Repositories",
+            "type": "technique",
+            "id": "T0811",
+            "url": "https://attack.mitre.org/techniques/T0811",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--35392fb4-a31d-4c6a-b9f2-1c65b7f5e6b9",
+            "name": "Transient Cyber Asset",
+            "type": "technique",
+            "id": "T0864",
+            "url": "https://attack.mitre.org/techniques/T0864",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--36e9f5bc-ac13-4da4-a2f4-01f4877d9004",
+            "name": "Manipulate I/O Image",
+            "type": "technique",
+            "id": "T0835",
+            "url": "https://attack.mitre.org/techniques/T0835",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--38213338-1aab-479d-949b-c81b66ccca5c",
+            "name": "Network Sniffing",
+            "type": "technique",
+            "id": "T0842",
+            "url": "https://attack.mitre.org/techniques/T0842",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3b6b9246-43f8-4c69-ad7a-2b11cfe0a0d9",
+            "name": "Rootkit",
+            "type": "technique",
+            "id": "T0851",
+            "url": "https://attack.mitre.org/techniques/T0851",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3de230d4-3e42-4041-b089-17e1128feded",
+            "name": "Automated Collection",
+            "type": "technique",
+            "id": "T0802",
+            "url": "https://attack.mitre.org/techniques/T0802",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3f1f4ccb-9be2-4ff8-8f69-dd972221169b",
+            "name": "Block Reporting Message",
+            "type": "technique",
+            "id": "T0804",
+            "url": "https://attack.mitre.org/techniques/T0804",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--40b300ba-f553-48bf-862e-9471b220d455",
+            "name": "Unauthorized Command Message",
+            "type": "technique",
+            "id": "T0855",
+            "url": "https://attack.mitre.org/techniques/T0855",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--493832d9-cea6-4b63-abe7-9a65a6473675",
+            "name": "Data Destruction",
+            "type": "technique",
+            "id": "T0809",
+            "url": "https://attack.mitre.org/techniques/T0809",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4c2e1408-9d68-4187-8e6b-a77bc52700ec",
+            "name": "Manipulation of View",
+            "type": "technique",
+            "id": "T0832",
+            "url": "https://attack.mitre.org/techniques/T0832",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--50d3222f-7550-4a3c-94e1-78cb6c81d064",
+            "name": "Data Historian Compromise",
+            "type": "technique",
+            "id": "T0810",
+            "url": "https://attack.mitre.org/techniques/T0810",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--539d0484-fe95-485a-b654-86991c0d0d00",
+            "name": "Network Service Scanning",
+            "type": "technique",
+            "id": "T0841",
+            "url": "https://attack.mitre.org/techniques/T0841",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--53a26eee-1080-4d17-9762-2027d5a1b805",
+            "name": "Indicator Removal on Host",
+            "type": "technique",
+            "id": "T0872",
+            "url": "https://attack.mitre.org/techniques/T0872",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--53a48c74-0025-45f4-b04a-baa853df8204",
+            "name": "I/O Image",
+            "type": "technique",
+            "id": "T0877",
+            "url": "https://attack.mitre.org/techniques/T0877",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--56ddc820-6cfb-407f-850b-52c035d123ac",
+            "name": "Denial of View",
+            "type": "technique",
+            "id": "T0815",
+            "url": "https://attack.mitre.org/techniques/T0815",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5a2610f6-9fff-41e1-bc27-575ca20383d4",
+            "name": "Execution through API",
+            "type": "technique",
+            "id": "T0871",
+            "url": "https://attack.mitre.org/techniques/T0871",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5e0f75da-e108-4688-a6de-a4f07cc2cbe3",
+            "name": "Supply Chain Compromise",
+            "type": "technique",
+            "id": "T0862",
+            "url": "https://attack.mitre.org/techniques/T0862",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--5f3da2f3-91c8-4d8b-a02f-bf43a11def55",
+            "name": "Serial Connection Enumeration",
+            "type": "technique",
+            "id": "T0854",
+            "url": "https://attack.mitre.org/techniques/T0854",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--5fa00fdd-4a55-4191-94a0-564181d7fec2",
+            "name": "Loss of Safety",
+            "type": "technique",
+            "id": "T0880",
+            "url": "https://attack.mitre.org/techniques/T0880",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--63b6942d-8359-4506-bfb3-cf87aa8120ee",
+            "name": "Loss of Productivity and Revenue",
+            "type": "technique",
+            "id": "T0828",
+            "url": "https://attack.mitre.org/techniques/T0828",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--648f995e-9c3a-41e4-aeee-98bb41037426",
+            "name": "Spearphishing Attachment",
+            "type": "technique",
+            "id": "T0865",
+            "url": "https://attack.mitre.org/techniques/T0865",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--7374ab87-0782-41f8-b415-678c0950bb2a",
+            "name": "Location Identification",
+            "type": "technique",
+            "id": "T0825",
+            "url": "https://attack.mitre.org/techniques/T0825",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--7830cfcf-b268-4ac0-a69e-73c6affbae9a",
+            "name": "Drive-by Compromise",
+            "type": "technique",
+            "id": "T0817",
+            "url": "https://attack.mitre.org/techniques/T0817",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--83ebd22f-b401-4d59-8219-2294172cf916",
+            "name": "Damage to Property",
+            "type": "technique",
+            "id": "T0879",
+            "url": "https://attack.mitre.org/techniques/T0879",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8535b71e-3c12-4258-a4ab-40257a1becc4",
+            "name": "Spoof Reporting Message",
+            "type": "technique",
+            "id": "T0856",
+            "url": "https://attack.mitre.org/techniques/T0856",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--85a45294-08f1-4539-bf00-7da08aa7b0ee",
+            "name": "Exploitation of Remote Services",
+            "type": "technique",
+            "id": "T0866",
+            "url": "https://attack.mitre.org/techniques/T0866",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8bb4538f-f16f-49f0-a431-70b5444c7349",
+            "name": "Default Credentials",
+            "type": "technique",
+            "id": "T0812",
+            "url": "https://attack.mitre.org/techniques/T0812",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8d2f3bab-507c-4424-b58b-edc977bd215c",
+            "name": "External Remote Services",
+            "type": "technique",
+            "id": "T0822",
+            "url": "https://attack.mitre.org/techniques/T0822",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--8e7089d3-fba2-44f8-94a8-9a79c53920c4",
+            "name": "Brute Force I/O",
+            "type": "technique",
+            "id": "T0806",
+            "url": "https://attack.mitre.org/techniques/T0806",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--94f042ae-3033-4a8d-9ec3-26396533a541",
+            "name": "Detect Program State",
+            "type": "technique",
+            "id": "T0870",
+            "url": "https://attack.mitre.org/techniques/T0870",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9a505987-ab05-4f46-a9a6-6441442eec3b",
+            "name": "Adversary-in-the-Middle",
+            "type": "technique",
+            "id": "T0830",
+            "url": "https://attack.mitre.org/techniques/T0830",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9f947a1c-3860-48a8-8af0-a2dfa3efde03",
+            "name": "Exploitation for Evasion",
+            "type": "technique",
+            "id": "T0820",
+            "url": "https://attack.mitre.org/techniques/T0820",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a81696ef-c106-482c-8f80-59c30f2569fb",
+            "name": "Loss of Control",
+            "type": "technique",
+            "id": "T0827",
+            "url": "https://attack.mitre.org/techniques/T0827",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a8cfd474-9358-464f-a169-9c6f099a8e8a",
+            "name": "Change Program State",
+            "type": "technique",
+            "id": "T0875",
+            "url": "https://attack.mitre.org/techniques/T0875",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ab390887-afc0-4715-826d-b1b167d522ae",
+            "name": "Hooking",
+            "type": "technique",
+            "id": "T0874",
+            "url": "https://attack.mitre.org/techniques/T0874",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--abb0a255-eb9c-48d0-8f5c-874bb84c0e45",
+            "name": "Control Device Identification",
+            "type": "technique",
+            "id": "T0808",
+            "url": "https://attack.mitre.org/techniques/T0808",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--ae62fe1a-ea1a-479b-8dc0-65d250bd8bc7",
+            "name": "Program Organization Units",
+            "type": "technique",
+            "id": "T0844",
+            "url": "https://attack.mitre.org/techniques/T0844",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b0628bfc-5376-4a38-9182-f324501cb4cf",
+            "name": "Graphical User Interface",
+            "type": "technique",
+            "id": "T0823",
+            "url": "https://attack.mitre.org/techniques/T0823",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b14395bd-5419-4ef4-9bd8-696936f509bb",
+            "name": "Rogue Master",
+            "type": "technique",
+            "id": "T0848",
+            "url": "https://attack.mitre.org/techniques/T0848",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b52870cc-83f3-473c-b895-72d91751030b",
+            "name": "Native API",
+            "type": "technique",
+            "id": "T0834",
+            "url": "https://attack.mitre.org/techniques/T0834",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b5b9bacb-97f2-4249-b804-47fd44de1f95",
+            "name": "Loss of Availability",
+            "type": "technique",
+            "id": "T0826",
+            "url": "https://attack.mitre.org/techniques/T0826",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b7e13ee8-182c-4f19-92a4-a88d7d855d54",
+            "name": "Theft of Operational Information",
+            "type": "technique",
+            "id": "T0882",
+            "url": "https://attack.mitre.org/techniques/T0882",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b9160e77-ea9e-4ba9-b1c8-53a3c466b13d",
+            "name": "System Firmware",
+            "type": "technique",
+            "id": "T0857",
+            "url": "https://attack.mitre.org/techniques/T0857",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ba203963-3182-41ac-af14-7e7ebc83cd61",
+            "name": "Masquerading",
+            "type": "technique",
+            "id": "T0849",
+            "url": "https://attack.mitre.org/techniques/T0849",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--be69c571-d746-4b1f-bdd0-c0c9817e9068",
+            "name": "Program Download",
+            "type": "technique",
+            "id": "T0843",
+            "url": "https://attack.mitre.org/techniques/T0843",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c267bbee-bb59-47fe-85e0-3ed210337c21",
+            "name": "Replication Through Removable Media",
+            "type": "technique",
+            "id": "T0847",
+            "url": "https://attack.mitre.org/techniques/T0847",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c5e3cdbc-0387-4be9-8f83-ff5c0865f377",
+            "name": "Screen Capture",
+            "type": "technique",
+            "id": "T0852",
+            "url": "https://attack.mitre.org/techniques/T0852",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c9a8d958-fcdb-40d2-af4c-461c8031651a",
+            "name": "Hardcoded Credentials",
+            "type": "technique",
+            "id": "T0891",
+            "url": "https://attack.mitre.org/techniques/T0891",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cd2c76a4-5e23-4ca5-9c40-d5e0604f7101",
+            "name": "Valid Accounts",
+            "type": "technique",
+            "id": "T0859",
+            "url": "https://attack.mitre.org/techniques/T0859",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cfe68e93-ce94-4c0f-a57d-3aa72cedd618",
+            "name": "Exploitation for Privilege Escalation",
+            "type": "technique",
+            "id": "T0890",
+            "url": "https://attack.mitre.org/techniques/T0890",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d5a69cfb-fc2a-46cb-99eb-74b236db5061",
+            "name": "Remote System Discovery",
+            "type": "technique",
+            "id": "T0846",
+            "url": "https://attack.mitre.org/techniques/T0846",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d614a9cf-18eb-4800-81e4-ab8ddf0baa73",
+            "name": "Engineering Workstation Compromise",
+            "type": "technique",
+            "id": "T0818",
+            "url": "https://attack.mitre.org/techniques/T0818",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d67adac8-e3b9-44f9-9e6d-6c2a7d69dbe4",
+            "name": "Connection Proxy",
+            "type": "technique",
+            "id": "T0884",
+            "url": "https://attack.mitre.org/techniques/T0884",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e076cca8-2f08-45c9-aff7-ea5ac798b387",
+            "name": "Standard Application Layer Protocol",
+            "type": "technique",
+            "id": "T0869",
+            "url": "https://attack.mitre.org/techniques/T0869",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e0d74479-86d2-465d-bf36-903ebecef43e",
+            "name": "Modify Control Logic",
+            "type": "technique",
+            "id": "T0833",
+            "url": "https://attack.mitre.org/techniques/T0833",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e1f9cdd2-9511-4fca-90d7-f3e92cfdd0bf",
+            "name": "Remote Services",
+            "type": "technique",
+            "id": "T0886",
+            "url": "https://attack.mitre.org/techniques/T0886",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e2994b6a-122b-4043-b654-7411c5198ec0",
+            "name": "I/O Module Discovery",
+            "type": "technique",
+            "id": "T0824",
+            "url": "https://attack.mitre.org/techniques/T0824",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e33c7ecc-5a38-497f-beb2-a9a2049a4c20",
+            "name": "Denial of Control",
+            "type": "technique",
+            "id": "T0813",
+            "url": "https://attack.mitre.org/techniques/T0813",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e5de767e-f513-41cd-aa15-33f6ce5fbf92",
+            "name": "Modify Alarm Settings",
+            "type": "technique",
+            "id": "T0838",
+            "url": "https://attack.mitre.org/techniques/T0838",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e6c31185-8040-4267-83d3-b217b8a92f07",
+            "name": "Commonly Used Port",
+            "type": "technique",
+            "id": "T0885",
+            "url": "https://attack.mitre.org/techniques/T0885",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e72425f8-9ae6-41d3-bfdb-e1b865e60722",
+            "name": "Project File Infection",
+            "type": "technique",
+            "id": "T0873",
+            "url": "https://attack.mitre.org/techniques/T0873",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ea0c980c-5cf0-43a7-a049-59c4c207566e",
+            "name": "Network Connection Enumeration",
+            "type": "technique",
+            "id": "T0840",
+            "url": "https://attack.mitre.org/techniques/T0840",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ead7bd34-186e-4c79-9a4d-b65bcce6ed9d",
+            "name": "Lateral Tool Transfer",
+            "type": "technique",
+            "id": "T0867",
+            "url": "https://attack.mitre.org/techniques/T0867",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--efbf7888-f61b-4572-9c80-7e2965c60707",
+            "name": "Module Firmware",
+            "type": "technique",
+            "id": "T0839",
+            "url": "https://attack.mitre.org/techniques/T0839",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f8df6b57-14bc-425f-9a91-6f59f6799307",
+            "name": "Internet Accessible Device",
+            "type": "technique",
+            "id": "T0883",
+            "url": "https://attack.mitre.org/techniques/T0883",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fa3aa267-da22-4bdd-961f-03223322a8d5",
+            "name": "Data from Local System",
+            "type": "technique",
+            "id": "T0893",
+            "url": "https://attack.mitre.org/techniques/T0893",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fab8fc7d-f27f-4fbb-9de6-44740aade05f",
+            "name": "Change Credential",
+            "type": "technique",
+            "id": "T0892",
+            "url": "https://attack.mitre.org/techniques/T0892",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fc5fda7e-6b2c-4457-b036-759896a2efa2",
+            "name": "Modify Program",
+            "type": "technique",
+            "id": "T0889",
+            "url": "https://attack.mitre.org/techniques/T0889",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+            "name": "Scheduled Task/Job",
+            "type": "technique",
+            "id": "T1603",
+            "url": "https://attack.mitre.org/techniques/T1603",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
+            "name": "Code Injection",
+            "type": "technique",
+            "id": "T1540",
+            "url": "https://attack.mitre.org/techniques/T1540",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+            "name": "Adversary-in-the-Middle",
+            "type": "technique",
+            "id": "T1638",
+            "url": "https://attack.mitre.org/techniques/T1638",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+            "name": "Abuse Elevation Control Mechanism",
+            "type": "technique",
+            "id": "T1626",
+            "url": "https://attack.mitre.org/techniques/T1626",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d",
+            "name": "Malicious SMS Message",
+            "type": "technique",
+            "id": "T1454",
+            "url": "https://attack.mitre.org/techniques/T1454",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d",
+            "name": "Obtain Device Cloud Backups",
+            "type": "technique",
+            "id": "T1470",
+            "url": "https://attack.mitre.org/techniques/T1470",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+            "name": "Uninstall Malicious Application",
+            "type": "technique",
+            "id": "T1630.001",
+            "url": "https://attack.mitre.org/techniques/T1630/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+            "name": "Indicator Removal on Host",
+            "type": "technique",
+            "id": "T1630",
+            "url": "https://attack.mitre.org/techniques/T1630",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+            "name": "Supply Chain Compromise",
+            "type": "technique",
+            "id": "T1474",
+            "url": "https://attack.mitre.org/techniques/T1474",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+            "name": "Impersonate SS7 Nodes",
+            "type": "technique",
+            "id": "T1430.002",
+            "url": "https://attack.mitre.org/techniques/T1430/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
+            "name": "Insecure Third-Party Libraries",
+            "type": "technique",
+            "id": "T1425",
+            "url": "https://attack.mitre.org/techniques/T1425",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+            "name": "Protected User Data",
+            "type": "technique",
+            "id": "T1636",
+            "url": "https://attack.mitre.org/techniques/T1636",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+            "name": "Asymmetric Cryptography",
+            "type": "technique",
+            "id": "T1521.002",
+            "url": "https://attack.mitre.org/techniques/T1521/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+            "name": "Software Discovery",
+            "type": "technique",
+            "id": "T1418",
+            "url": "https://attack.mitre.org/techniques/T1418",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+            "name": "Process Discovery",
+            "type": "technique",
+            "id": "T1424",
+            "url": "https://attack.mitre.org/techniques/T1424",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+            "name": "Call Log",
+            "type": "technique",
+            "id": "T1636.002",
+            "url": "https://attack.mitre.org/techniques/T1636/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+            "name": "Security Software Discovery",
+            "type": "technique",
+            "id": "T1418.001",
+            "url": "https://attack.mitre.org/techniques/T1418/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2",
+            "name": "App Delivered via Email Attachment",
+            "type": "technique",
+            "id": "T1434",
+            "url": "https://attack.mitre.org/techniques/T1434",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+            "name": "Ptrace System Calls",
+            "type": "technique",
+            "id": "T1631.001",
+            "url": "https://attack.mitre.org/techniques/T1631/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+            "name": "Impair Defenses",
+            "type": "technique",
+            "id": "T1629",
+            "url": "https://attack.mitre.org/techniques/T1629",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a",
+            "name": "Abuse Accessibility Features",
+            "type": "technique",
+            "id": "T1453",
+            "url": "https://attack.mitre.org/techniques/T1453",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+            "name": "Exploitation of Remote Services",
+            "type": "technique",
+            "id": "T1428",
+            "url": "https://attack.mitre.org/techniques/T1428",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+            "name": "Web Protocols",
+            "type": "technique",
+            "id": "T1437.001",
+            "url": "https://attack.mitre.org/techniques/T1437/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+            "name": "Steal Application Access Token",
+            "type": "technique",
+            "id": "T1635",
+            "url": "https://attack.mitre.org/techniques/T1635",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+            "name": "User Evasion",
+            "type": "technique",
+            "id": "T1628.002",
+            "url": "https://attack.mitre.org/techniques/T1628/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
+            "name": "Virtualization/Sandbox Evasion",
+            "type": "technique",
+            "id": "T1633",
+            "url": "https://attack.mitre.org/techniques/T1633",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
+            "name": "Keychain",
+            "type": "technique",
+            "id": "T1579",
+            "url": "https://attack.mitre.org/techniques/T1579",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3",
+            "name": "Access Sensitive Data in Device Logs",
+            "type": "technique",
+            "id": "T1413",
+            "url": "https://attack.mitre.org/techniques/T1413",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+            "name": "Command and Scripting Interpreter",
+            "type": "technique",
+            "id": "T1623",
+            "url": "https://attack.mitre.org/techniques/T1623",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+            "name": "Disable or Modify Tools",
+            "type": "technique",
+            "id": "T1629.003",
+            "url": "https://attack.mitre.org/techniques/T1629/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+            "name": "Ingress Tool Transfer",
+            "type": "technique",
+            "id": "T1544",
+            "url": "https://attack.mitre.org/techniques/T1544",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
+            "name": "Dynamic Resolution",
+            "type": "technique",
+            "id": "T1637",
+            "url": "https://attack.mitre.org/techniques/T1637",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5",
+            "name": "Exploit via Radio Interfaces",
+            "type": "technique",
+            "id": "T1477",
+            "url": "https://attack.mitre.org/techniques/T1477",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790",
+            "name": "Network Service Scanning",
+            "type": "technique",
+            "id": "T1423",
+            "url": "https://attack.mitre.org/techniques/T1423",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
+            "name": "User Evasion",
+            "type": "technique",
+            "id": "T1618",
+            "url": "https://attack.mitre.org/techniques/T1618",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "name": "Exfiltration Over C2 Channel",
+            "type": "technique",
+            "id": "T1646",
+            "url": "https://attack.mitre.org/techniques/T1646",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+            "name": "Exploitation for Privilege Escalation",
+            "type": "technique",
+            "id": "T1404",
+            "url": "https://attack.mitre.org/techniques/T1404",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+            "name": "Call Control",
+            "type": "technique",
+            "id": "T1616",
+            "url": "https://attack.mitre.org/techniques/T1616",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+            "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
+            "type": "technique",
+            "id": "T1639.001",
+            "url": "https://attack.mitre.org/techniques/T1639/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+            "name": "Broadcast Receivers",
+            "type": "technique",
+            "id": "T1624.001",
+            "url": "https://attack.mitre.org/techniques/T1624/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad",
+            "name": "Commonly Used Port",
+            "type": "technique",
+            "id": "T1436",
+            "url": "https://attack.mitre.org/techniques/T1436",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
+            "name": "Eavesdrop on Insecure Network Communication",
+            "type": "technique",
+            "id": "T1439",
+            "url": "https://attack.mitre.org/techniques/T1439",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+            "name": "Access Notifications",
+            "type": "technique",
+            "id": "T1517",
+            "url": "https://attack.mitre.org/techniques/T1517",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
+            "name": "Network Traffic Capture or Redirection",
+            "type": "technique",
+            "id": "T1410",
+            "url": "https://attack.mitre.org/techniques/T1410",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
+            "name": "Input Prompt",
+            "type": "technique",
+            "id": "T1411",
+            "url": "https://attack.mitre.org/techniques/T1411",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
+            "name": "Exfiltration Over Alternative Protocol",
+            "type": "technique",
+            "id": "T1639",
+            "url": "https://attack.mitre.org/techniques/T1639",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
+            "name": "Biometric Spoofing",
+            "type": "technique",
+            "id": "T1460",
+            "url": "https://attack.mitre.org/techniques/T1460",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+            "name": "Boot or Logon Initialization Scripts",
+            "type": "technique",
+            "id": "T1398",
+            "url": "https://attack.mitre.org/techniques/T1398",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+            "name": "Execution Guardrails",
+            "type": "technique",
+            "id": "T1627",
+            "url": "https://attack.mitre.org/techniques/T1627",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+            "name": "GUI Input Capture",
+            "type": "technique",
+            "id": "T1417.002",
+            "url": "https://attack.mitre.org/techniques/T1417/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
+            "name": "Access Contact List",
+            "type": "technique",
+            "id": "T1432",
+            "url": "https://attack.mitre.org/techniques/T1432",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+            "name": "Compromise Client Software Binary",
+            "type": "technique",
+            "id": "T1645",
+            "url": "https://attack.mitre.org/techniques/T1645",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+            "name": "Software Packing",
+            "type": "technique",
+            "id": "T1406.002",
+            "url": "https://attack.mitre.org/techniques/T1406/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
+            "name": "Abuse of iOS Enterprise App Signing Key",
+            "type": "technique",
+            "id": "T1445",
+            "url": "https://attack.mitre.org/techniques/T1445",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
+            "name": "Exploit SS7 to Track Device Location",
+            "type": "technique",
+            "id": "T1450",
+            "url": "https://attack.mitre.org/techniques/T1450",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+            "name": "Native API",
+            "type": "technique",
+            "id": "T1575",
+            "url": "https://attack.mitre.org/techniques/T1575",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+            "name": "Deliver Malicious App via Other Means",
+            "type": "technique",
+            "id": "T1476",
+            "url": "https://attack.mitre.org/techniques/T1476",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067",
+            "name": "Remotely Wipe Data Without Authorization",
+            "type": "technique",
+            "id": "T1469",
+            "url": "https://attack.mitre.org/techniques/T1469",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+            "name": "Proxy Through Victim",
+            "type": "technique",
+            "id": "T1604",
+            "url": "https://attack.mitre.org/techniques/T1604",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
+            "name": "Domain Generation Algorithms",
+            "type": "technique",
+            "id": "T1520",
+            "url": "https://attack.mitre.org/techniques/T1520",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
+            "name": "Access Calendar Entries",
+            "type": "technique",
+            "id": "T1435",
+            "url": "https://attack.mitre.org/techniques/T1435",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
+            "name": "Rogue Wi-Fi Access Points",
+            "type": "technique",
+            "id": "T1465",
+            "url": "https://attack.mitre.org/techniques/T1465",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+            "name": "Foreground Persistence",
+            "type": "technique",
+            "id": "T1541",
+            "url": "https://attack.mitre.org/techniques/T1541",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+            "name": "Replication Through Removable Media",
+            "type": "technique",
+            "id": "T1458",
+            "url": "https://attack.mitre.org/techniques/T1458",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+            "name": "Audio Capture",
+            "type": "technique",
+            "id": "T1429",
+            "url": "https://attack.mitre.org/techniques/T1429",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+            "name": "Hijack Execution Flow",
+            "type": "technique",
+            "id": "T1625",
+            "url": "https://attack.mitre.org/techniques/T1625",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+            "name": "Unix Shell",
+            "type": "technique",
+            "id": "T1623.001",
+            "url": "https://attack.mitre.org/techniques/T1623/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+            "name": "Application Layer Protocol",
+            "type": "technique",
+            "id": "T1437",
+            "url": "https://attack.mitre.org/techniques/T1437",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2",
+            "name": "App Delivered via Web Download",
+            "type": "technique",
+            "id": "T1431",
+            "url": "https://attack.mitre.org/techniques/T1431",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+            "name": "Download New Code at Runtime",
+            "type": "technique",
+            "id": "T1407",
+            "url": "https://attack.mitre.org/techniques/T1407",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
+            "name": "Remotely Track Device Without Authorization",
+            "type": "technique",
+            "id": "T1468",
+            "url": "https://attack.mitre.org/techniques/T1468",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+            "name": "System Checks",
+            "type": "technique",
+            "id": "T1633.001",
+            "url": "https://attack.mitre.org/techniques/T1633/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+            "name": "Stored Application Data",
+            "type": "technique",
+            "id": "T1409",
+            "url": "https://attack.mitre.org/techniques/T1409",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+            "name": "Screen Capture",
+            "type": "technique",
+            "id": "T1513",
+            "url": "https://attack.mitre.org/techniques/T1513",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+            "name": "Transmitted Data Manipulation",
+            "type": "technique",
+            "id": "T1641.001",
+            "url": "https://attack.mitre.org/techniques/T1641/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
+            "name": "Manipulate App Store Rankings or Ratings",
+            "type": "technique",
+            "id": "T1452",
+            "url": "https://attack.mitre.org/techniques/T1452",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
+            "name": "URI Hijacking",
+            "type": "technique",
+            "id": "T1416",
+            "url": "https://attack.mitre.org/techniques/T1416",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+            "name": "Compromise Software Dependencies and Development Tools",
+            "type": "technique",
+            "id": "T1474.001",
+            "url": "https://attack.mitre.org/techniques/T1474/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
+            "name": "Evade Analysis Environment",
+            "type": "technique",
+            "id": "T1523",
+            "url": "https://attack.mitre.org/techniques/T1523",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+            "name": "URI Hijacking",
+            "type": "technique",
+            "id": "T1635.001",
+            "url": "https://attack.mitre.org/techniques/T1635/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+            "name": "Subvert Trust Controls",
+            "type": "technique",
+            "id": "T1632",
+            "url": "https://attack.mitre.org/techniques/T1632",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
+            "name": "Access Call Log",
+            "type": "technique",
+            "id": "T1433",
+            "url": "https://attack.mitre.org/techniques/T1433",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
+            "name": "Geofencing",
+            "type": "technique",
+            "id": "T1581",
+            "url": "https://attack.mitre.org/techniques/T1581",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
+            "name": "Device Administrator Permissions",
+            "type": "technique",
+            "id": "T1401",
+            "url": "https://attack.mitre.org/techniques/T1401",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16",
+            "name": "Remotely Install Application",
+            "type": "technique",
+            "id": "T1443",
+            "url": "https://attack.mitre.org/techniques/T1443",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+            "name": "Keychain",
+            "type": "technique",
+            "id": "T1634.001",
+            "url": "https://attack.mitre.org/techniques/T1634/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6",
+            "name": "Modify Cached Executable Code",
+            "type": "technique",
+            "id": "T1403",
+            "url": "https://attack.mitre.org/techniques/T1403",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05",
+            "name": "Device Type Discovery",
+            "type": "technique",
+            "id": "T1419",
+            "url": "https://attack.mitre.org/techniques/T1419",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
+            "name": "Uninstall Malicious Application",
+            "type": "technique",
+            "id": "T1576",
+            "url": "https://attack.mitre.org/techniques/T1576",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
+            "name": "Delete Device Data",
+            "type": "technique",
+            "id": "T1447",
+            "url": "https://attack.mitre.org/techniques/T1447",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
+            "name": "Carrier Billing Fraud",
+            "type": "technique",
+            "id": "T1448",
+            "url": "https://attack.mitre.org/techniques/T1448",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e",
+            "name": "URL Scheme Hijacking",
+            "type": "technique",
+            "id": "T1415",
+            "url": "https://attack.mitre.org/techniques/T1415",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+            "name": "Bidirectional Communication",
+            "type": "technique",
+            "id": "T1481.002",
+            "url": "https://attack.mitre.org/techniques/T1481/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+            "name": "Non-Standard Port",
+            "type": "technique",
+            "id": "T1509",
+            "url": "https://attack.mitre.org/techniques/T1509",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+            "name": "Compromise Software Supply Chain",
+            "type": "technique",
+            "id": "T1474.003",
+            "url": "https://attack.mitre.org/techniques/T1474/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+            "name": "Dead Drop Resolver",
+            "type": "technique",
+            "id": "T1481.001",
+            "url": "https://attack.mitre.org/techniques/T1481/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "name": "Location Tracking",
+            "type": "technique",
+            "id": "T1430",
+            "url": "https://attack.mitre.org/techniques/T1430",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+            "name": "Device Administrator Permissions",
+            "type": "technique",
+            "id": "T1626.001",
+            "url": "https://attack.mitre.org/techniques/T1626/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
+            "name": "Device Lockout",
+            "type": "technique",
+            "id": "T1446",
+            "url": "https://attack.mitre.org/techniques/T1446",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+            "name": "Remote Device Management Services",
+            "type": "technique",
+            "id": "T1430.001",
+            "url": "https://attack.mitre.org/techniques/T1430/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a0464539-e1b7-4455-a355-12495987c300",
+            "name": "Attack PC via USB Connection",
+            "type": "technique",
+            "id": "T1427",
+            "url": "https://attack.mitre.org/techniques/T1427",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881",
+            "name": "Stolen Developer Credentials or Signing Keys",
+            "type": "technique",
+            "id": "T1441",
+            "url": "https://attack.mitre.org/techniques/T1441",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
+            "name": "Rogue Cellular Base Station",
+            "type": "technique",
+            "id": "T1467",
+            "url": "https://attack.mitre.org/techniques/T1467",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5",
+            "name": "SIM Card Swap",
+            "type": "technique",
+            "id": "T1451",
+            "url": "https://attack.mitre.org/techniques/T1451",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+            "name": "Input Capture",
+            "type": "technique",
+            "id": "T1417",
+            "url": "https://attack.mitre.org/techniques/T1417",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+            "name": "Generate Traffic from Victim",
+            "type": "technique",
+            "id": "T1643",
+            "url": "https://attack.mitre.org/techniques/T1643",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+            "name": "Disguise Root/Jailbreak Indicators",
+            "type": "technique",
+            "id": "T1630.003",
+            "url": "https://attack.mitre.org/techniques/T1630/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
+            "name": "Masquerade as Legitimate Application",
+            "type": "technique",
+            "id": "T1444",
+            "url": "https://attack.mitre.org/techniques/T1444",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
+            "name": "Malicious Media Content",
+            "type": "technique",
+            "id": "T1457",
+            "url": "https://attack.mitre.org/techniques/T1457",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+            "name": "Calendar Entries",
+            "type": "technique",
+            "id": "T1636.001",
+            "url": "https://attack.mitre.org/techniques/T1636/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+            "name": "File Deletion",
+            "type": "technique",
+            "id": "T1630.002",
+            "url": "https://attack.mitre.org/techniques/T1630/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+            "name": "Device Lockout",
+            "type": "technique",
+            "id": "T1629.002",
+            "url": "https://attack.mitre.org/techniques/T1629/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+            "name": "Keylogging",
+            "type": "technique",
+            "id": "T1417.001",
+            "url": "https://attack.mitre.org/techniques/T1417/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+            "name": "SMS Control",
+            "type": "technique",
+            "id": "T1582",
+            "url": "https://attack.mitre.org/techniques/T1582",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
+            "name": "Disguise Root/Jailbreak Indicators",
+            "type": "technique",
+            "id": "T1408",
+            "url": "https://attack.mitre.org/techniques/T1408",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
+            "name": "Exfiltration Over Other Network Medium",
+            "type": "technique",
+            "id": "T1438",
+            "url": "https://attack.mitre.org/techniques/T1438",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b",
+            "name": "Detect App Analysis Environment",
+            "type": "technique",
+            "id": "T1440",
+            "url": "https://attack.mitre.org/techniques/T1440",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
+            "name": "Process Injection",
+            "type": "technique",
+            "id": "T1631",
+            "url": "https://attack.mitre.org/techniques/T1631",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
+            "name": "Malicious Software Development Tools",
+            "type": "technique",
+            "id": "T1462",
+            "url": "https://attack.mitre.org/techniques/T1462",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+            "name": "Symmetric Cryptography",
+            "type": "technique",
+            "id": "T1521.001",
+            "url": "https://attack.mitre.org/techniques/T1521/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
+            "name": "Broadcast Receivers",
+            "type": "technique",
+            "id": "T1402",
+            "url": "https://attack.mitre.org/techniques/T1402",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+            "name": "Compromise Hardware Supply Chain",
+            "type": "technique",
+            "id": "T1474.002",
+            "url": "https://attack.mitre.org/techniques/T1474/002",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+            "name": "Clipboard Data",
+            "type": "technique",
+            "id": "T1414",
+            "url": "https://attack.mitre.org/techniques/T1414",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0",
+            "name": "Modify System Partition",
+            "type": "technique",
+            "id": "T1400",
+            "url": "https://attack.mitre.org/techniques/T1400",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+            "name": "Data Manipulation",
+            "type": "technique",
+            "id": "T1641",
+            "url": "https://attack.mitre.org/techniques/T1641",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+            "name": "SMS Messages",
+            "type": "technique",
+            "id": "T1636.004",
+            "url": "https://attack.mitre.org/techniques/T1636/004",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+            "name": "Web Service",
+            "type": "technique",
+            "id": "T1481",
+            "url": "https://attack.mitre.org/techniques/T1481",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+            "name": "System Runtime API Hijacking",
+            "type": "technique",
+            "id": "T1625.001",
+            "url": "https://attack.mitre.org/techniques/T1625/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f",
+            "name": "Exploit Baseband Vulnerability",
+            "type": "technique",
+            "id": "T1455",
+            "url": "https://attack.mitre.org/techniques/T1455",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+            "name": "Credentials from Password Store",
+            "type": "technique",
+            "id": "T1634",
+            "url": "https://attack.mitre.org/techniques/T1634",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+            "name": "Hooking",
+            "type": "technique",
+            "id": "T1617",
+            "url": "https://attack.mitre.org/techniques/T1617",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
+            "name": "Install Insecure or Malicious Configuration",
+            "type": "technique",
+            "id": "T1478",
+            "url": "https://attack.mitre.org/techniques/T1478",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+            "name": "File and Directory Discovery",
+            "type": "technique",
+            "id": "T1420",
+            "url": "https://attack.mitre.org/techniques/T1420",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+            "name": "Obfuscated Files or Information",
+            "type": "technique",
+            "id": "T1406",
+            "url": "https://attack.mitre.org/techniques/T1406",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+            "name": "Input Injection",
+            "type": "technique",
+            "id": "T1516",
+            "url": "https://attack.mitre.org/techniques/T1516",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
+            "name": "Network Denial of Service",
+            "type": "technique",
+            "id": "T1464",
+            "url": "https://attack.mitre.org/techniques/T1464",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+            "name": "Compromise Application Executable",
+            "type": "technique",
+            "id": "T1577",
+            "url": "https://attack.mitre.org/techniques/T1577",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+            "name": "Event Triggered Execution",
+            "type": "technique",
+            "id": "T1624",
+            "url": "https://attack.mitre.org/techniques/T1624",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+            "name": "System Network Configuration Discovery",
+            "type": "technique",
+            "id": "T1422",
+            "url": "https://attack.mitre.org/techniques/T1422",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
+            "name": "Manipulate Device Communication",
+            "type": "technique",
+            "id": "T1463",
+            "url": "https://attack.mitre.org/techniques/T1463",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+            "name": "Video Capture",
+            "type": "technique",
+            "id": "T1512",
+            "url": "https://attack.mitre.org/techniques/T1512",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+            "name": "One-Way Communication",
+            "type": "technique",
+            "id": "T1481.003",
+            "url": "https://attack.mitre.org/techniques/T1481/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+            "name": "Deliver Malicious App via Authorized App Store",
+            "type": "technique",
+            "id": "T1475",
+            "url": "https://attack.mitre.org/techniques/T1475",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+            "name": "Data Encrypted for Impact",
+            "type": "technique",
+            "id": "T1471",
+            "url": "https://attack.mitre.org/techniques/T1471",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+            "name": "Prevent Application Removal",
+            "type": "technique",
+            "id": "T1629.001",
+            "url": "https://attack.mitre.org/techniques/T1629/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+            "name": "System Network Connections Discovery",
+            "type": "technique",
+            "id": "T1421",
+            "url": "https://attack.mitre.org/techniques/T1421",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+            "name": "Lockscreen Bypass",
+            "type": "technique",
+            "id": "T1461",
+            "url": "https://attack.mitre.org/techniques/T1461",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
+            "name": "Command-Line Interface",
+            "type": "technique",
+            "id": "T1605",
+            "url": "https://attack.mitre.org/techniques/T1605",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+            "name": "Contact List",
+            "type": "technique",
+            "id": "T1636.003",
+            "url": "https://attack.mitre.org/techniques/T1636/003",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "name": "Data from Local System",
+            "type": "technique",
+            "id": "T1533",
+            "url": "https://attack.mitre.org/techniques/T1533",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+            "name": "Account Access Removal",
+            "type": "technique",
+            "id": "T1640",
+            "url": "https://attack.mitre.org/techniques/T1640",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+            "name": "System Information Discovery",
+            "type": "technique",
+            "id": "T1426",
+            "url": "https://attack.mitre.org/techniques/T1426",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9",
+            "name": "Fake Developer Accounts",
+            "type": "technique",
+            "id": "T1442",
+            "url": "https://attack.mitre.org/techniques/T1442",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
+            "name": "Clipboard Modification",
+            "type": "technique",
+            "id": "T1510",
+            "url": "https://attack.mitre.org/techniques/T1510",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+            "name": "Archive Collected Data",
+            "type": "technique",
+            "id": "T1532",
+            "url": "https://attack.mitre.org/techniques/T1532",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+            "name": "Geofencing",
+            "type": "technique",
+            "id": "T1627.001",
+            "url": "https://attack.mitre.org/techniques/T1627/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
+            "name": "Network Information Discovery",
+            "type": "technique",
+            "id": "T1507",
+            "url": "https://attack.mitre.org/techniques/T1507",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
+            "name": "Capture SMS Messages",
+            "type": "technique",
+            "id": "T1412",
+            "url": "https://attack.mitre.org/techniques/T1412",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+            "name": "Endpoint Denial of Service",
+            "type": "technique",
+            "id": "T1642",
+            "url": "https://attack.mitre.org/techniques/T1642",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+            "name": "Out of Band Data",
+            "type": "technique",
+            "id": "T1644",
+            "url": "https://attack.mitre.org/techniques/T1644",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+            "name": "Encrypted Channel",
+            "type": "technique",
+            "id": "T1521",
+            "url": "https://attack.mitre.org/techniques/T1521",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884",
+            "name": "Exploit TEE Vulnerability",
+            "type": "technique",
+            "id": "T1405",
+            "url": "https://attack.mitre.org/techniques/T1405",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+            "name": "Suppress Application Icon",
+            "type": "technique",
+            "id": "T1628.001",
+            "url": "https://attack.mitre.org/techniques/T1628/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468",
+            "name": "Modify Trusted Execution Environment",
+            "type": "technique",
+            "id": "T1399",
+            "url": "https://attack.mitre.org/techniques/T1399",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
+            "name": "Device Unlock Code Guessing or Brute Force",
+            "type": "technique",
+            "id": "T1459",
+            "url": "https://attack.mitre.org/techniques/T1459",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
+            "name": "Downgrade to Insecure Protocols",
+            "type": "technique",
+            "id": "T1466",
+            "url": "https://attack.mitre.org/techniques/T1466",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
+            "name": "Generate Fraudulent Advertising Revenue",
+            "type": "technique",
+            "id": "T1472",
+            "url": "https://attack.mitre.org/techniques/T1472",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
+            "name": "Malicious or Vulnerable Built-in Device Functionality",
+            "type": "technique",
+            "id": "T1473",
+            "url": "https://attack.mitre.org/techniques/T1473",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
+            "name": "Steganography",
+            "type": "technique",
+            "id": "T1406.001",
+            "url": "https://attack.mitre.org/techniques/T1406/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d",
+            "name": "Exploit SS7 to Redirect Phone Calls/SMS",
+            "type": "technique",
+            "id": "T1449",
+            "url": "https://attack.mitre.org/techniques/T1449",
+            "deprecated": true
+        },
+        {
+            "stixId": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+            "name": "Hide Artifacts",
+            "type": "technique",
+            "id": "T1628",
+            "url": "https://attack.mitre.org/techniques/T1628",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+            "name": "Code Signing Policy Modification",
+            "type": "technique",
+            "id": "T1632.001",
+            "url": "https://attack.mitre.org/techniques/T1632/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+            "name": "Domain Generation Algorithms",
+            "type": "technique",
+            "id": "T1637.001",
+            "url": "https://attack.mitre.org/techniques/T1637/001",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+            "name": "Drive-By Compromise",
+            "type": "technique",
+            "id": "T1456",
+            "url": "https://attack.mitre.org/techniques/T1456",
+            "deprecated": false
+        },
+        {
+            "stixId": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
+            "name": "Suppress Application Icon",
+            "type": "technique",
+            "id": "T1508",
+            "url": "https://attack.mitre.org/techniques/T1508",
+            "deprecated": true
+        }
+    ],
+    "technique_recs": [
+        "T0800 - Activate Firmware Update Mode",
+        "T0801 - Monitor Process State",
+        "T0802 - Automated Collection",
+        "T0803 - Block Command Message",
+        "T0804 - Block Reporting Message",
+        "T0805 - Block Serial COM",
+        "T0806 - Brute Force I/O",
+        "T0807 - Command-Line Interface",
+        "T0808 - Control Device Identification",
+        "T0809 - Data Destruction",
+        "T0810 - Data Historian Compromise",
+        "T0811 - Data from Information Repositories",
+        "T0812 - Default Credentials",
+        "T0813 - Denial of Control",
+        "T0814 - Denial of Service",
+        "T0815 - Denial of View",
+        "T0816 - Device Restart/Shutdown",
+        "T0817 - Drive-by Compromise",
+        "T0818 - Engineering Workstation Compromise",
+        "T0819 - Exploit Public-Facing Application",
+        "T0820 - Exploitation for Evasion",
+        "T0821 - Modify Controller Tasking",
+        "T0822 - External Remote Services",
+        "T0823 - Graphical User Interface",
+        "T0824 - I/O Module Discovery",
+        "T0825 - Location Identification",
+        "T0826 - Loss of Availability",
+        "T0827 - Loss of Control",
+        "T0828 - Loss of Productivity and Revenue",
+        "T0829 - Loss of View",
+        "T0830 - Adversary-in-the-Middle",
+        "T0831 - Manipulation of Control",
+        "T0832 - Manipulation of View",
+        "T0833 - Modify Control Logic",
+        "T0834 - Native API",
+        "T0835 - Manipulate I/O Image",
+        "T0836 - Modify Parameter",
+        "T0837 - Loss of Protection",
+        "T0838 - Modify Alarm Settings",
+        "T0839 - Module Firmware",
+        "T0840 - Network Connection Enumeration",
+        "T0841 - Network Service Scanning",
+        "T0842 - Network Sniffing",
+        "T0843 - Program Download",
+        "T0844 - Program Organization Units",
+        "T0845 - Program Upload",
+        "T0846 - Remote System Discovery",
+        "T0847 - Replication Through Removable Media",
+        "T0848 - Rogue Master",
+        "T0849 - Masquerading",
+        "T0850 - Role Identification",
+        "T0851 - Rootkit",
+        "T0852 - Screen Capture",
+        "T0853 - Scripting",
+        "T0854 - Serial Connection Enumeration",
+        "T0855 - Unauthorized Command Message",
+        "T0856 - Spoof Reporting Message",
+        "T0857 - System Firmware",
+        "T0858 - Change Operating Mode",
+        "T0859 - Valid Accounts",
+        "T0860 - Wireless Compromise",
+        "T0861 - Point & Tag Identification",
+        "T0862 - Supply Chain Compromise",
+        "T0863 - User Execution",
+        "T0864 - Transient Cyber Asset",
+        "T0865 - Spearphishing Attachment",
+        "T0866 - Exploitation of Remote Services",
+        "T0867 - Lateral Tool Transfer",
+        "T0868 - Detect Operating Mode",
+        "T0869 - Standard Application Layer Protocol",
+        "T0870 - Detect Program State",
+        "T0871 - Execution through API",
+        "T0872 - Indicator Removal on Host",
+        "T0873 - Project File Infection",
+        "T0874 - Hooking",
+        "T0875 - Change Program State",
+        "T0877 - I/O Image",
+        "T0878 - Alarm Suppression",
+        "T0879 - Damage to Property",
+        "T0880 - Loss of Safety",
+        "T0881 - Service Stop",
+        "T0882 - Theft of Operational Information",
+        "T0883 - Internet Accessible Device",
+        "T0884 - Connection Proxy",
+        "T0885 - Commonly Used Port",
+        "T0886 - Remote Services",
+        "T0887 - Wireless Sniffing",
+        "T0888 - Remote System Information Discovery",
+        "T0889 - Modify Program",
+        "T0890 - Exploitation for Privilege Escalation",
+        "T0891 - Hardcoded Credentials",
+        "T0892 - Change Credential",
+        "T0893 - Data from Local System",
+        "T1001 - Data Obfuscation",
+        "T1001.001 - Junk Data",
+        "T1001.002 - Steganography",
+        "T1001.003 - Protocol Impersonation",
+        "T1002 - Data Compressed",
+        "T1003 - OS Credential Dumping",
+        "T1003.001 - LSASS Memory",
+        "T1003.002 - Security Account Manager",
+        "T1003.003 - NTDS",
+        "T1003.004 - LSA Secrets",
+        "T1003.005 - Cached Domain Credentials",
+        "T1003.006 - DCSync",
+        "T1003.007 - Proc Filesystem",
+        "T1003.008 - /etc/passwd and /etc/shadow",
+        "T1004 - Winlogon Helper DLL",
+        "T1005 - Data from Local System",
+        "T1006 - Direct Volume Access",
+        "T1007 - System Service Discovery",
+        "T1008 - Fallback Channels",
+        "T1009 - Binary Padding",
+        "T1010 - Application Window Discovery",
+        "T1011 - Exfiltration Over Other Network Medium",
+        "T1011.001 - Exfiltration Over Bluetooth",
+        "T1012 - Query Registry",
+        "T1013 - Port Monitors",
+        "T1014 - Rootkit",
+        "T1015 - Accessibility Features",
+        "T1016 - System Network Configuration Discovery",
+        "T1016.001 - Internet Connection Discovery",
+        "T1017 - Application Deployment Software",
+        "T1018 - Remote System Discovery",
+        "T1019 - System Firmware",
+        "T1020 - Automated Exfiltration",
+        "T1020.001 - Traffic Duplication",
+        "T1021 - Remote Services",
+        "T1021.001 - Remote Desktop Protocol",
+        "T1021.002 - SMB/Windows Admin Shares",
+        "T1021.003 - Distributed Component Object Model",
+        "T1021.004 - SSH",
+        "T1021.005 - VNC",
+        "T1021.006 - Windows Remote Management",
+        "T1021.007 - Cloud Services",
+        "T1022 - Data Encrypted",
+        "T1023 - Shortcut Modification",
+        "T1024 - Custom Cryptographic Protocol",
+        "T1025 - Data from Removable Media",
+        "T1026 - Multiband Communication",
+        "T1027 - Obfuscated Files or Information",
+        "T1027.001 - Binary Padding",
+        "T1027.002 - Software Packing",
+        "T1027.003 - Steganography",
+        "T1027.004 - Compile After Delivery",
+        "T1027.005 - Indicator Removal from Tools",
+        "T1027.006 - HTML Smuggling",
+        "T1027.007 - Dynamic API Resolution",
+        "T1027.008 - Stripped Payloads",
+        "T1027.009 - Embedded Payloads",
+        "T1027.010 - Command Obfuscation",
+        "T1027.011 - Fileless Storage",
+        "T1028 - Windows Remote Management",
+        "T1029 - Scheduled Transfer",
+        "T1030 - Data Transfer Size Limits",
+        "T1031 - Modify Existing Service",
+        "T1032 - Standard Cryptographic Protocol",
+        "T1033 - System Owner/User Discovery",
+        "T1034 - Path Interception",
+        "T1035 - Service Execution",
+        "T1036 - Masquerading",
+        "T1036.001 - Invalid Code Signature",
+        "T1036.002 - Right-to-Left Override",
+        "T1036.003 - Rename System Utilities",
+        "T1036.004 - Masquerade Task or Service",
+        "T1036.005 - Match Legitimate Name or Location",
+        "T1036.006 - Space after Filename",
+        "T1036.007 - Double File Extension",
+        "T1036.008 - Masquerade File Type",
+        "T1037 - Boot or Logon Initialization Scripts",
+        "T1037.001 - Logon Script (Windows)",
+        "T1037.002 - Login Hook",
+        "T1037.003 - Network Logon Script",
+        "T1037.004 - RC Scripts",
+        "T1037.005 - Startup Items",
+        "T1038 - DLL Search Order Hijacking",
+        "T1039 - Data from Network Shared Drive",
+        "T1040 - Network Sniffing",
+        "T1041 - Exfiltration Over C2 Channel",
+        "T1042 - Change Default File Association",
+        "T1043 - Commonly Used Port",
+        "T1044 - File System Permissions Weakness",
+        "T1045 - Software Packing",
+        "T1046 - Network Service Discovery",
+        "T1047 - Windows Management Instrumentation",
+        "T1048 - Exfiltration Over Alternative Protocol",
+        "T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
+        "T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
+        "T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol",
+        "T1049 - System Network Connections Discovery",
+        "T1050 - New Service",
+        "T1051 - Shared Webroot",
+        "T1052 - Exfiltration Over Physical Medium",
+        "T1052.001 - Exfiltration over USB",
+        "T1053 - Scheduled Task/Job",
+        "T1053.001 - At (Linux)",
+        "T1053.002 - At",
+        "T1053.003 - Cron",
+        "T1053.004 - Launchd",
+        "T1053.005 - Scheduled Task",
+        "T1053.006 - Systemd Timers",
+        "T1053.007 - Container Orchestration Job",
+        "T1054 - Indicator Blocking",
+        "T1055 - Process Injection",
+        "T1055.001 - Dynamic-link Library Injection",
+        "T1055.002 - Portable Executable Injection",
+        "T1055.003 - Thread Execution Hijacking",
+        "T1055.004 - Asynchronous Procedure Call",
+        "T1055.005 - Thread Local Storage",
+        "T1055.008 - Ptrace System Calls",
+        "T1055.009 - Proc Memory",
+        "T1055.011 - Extra Window Memory Injection",
+        "T1055.012 - Process Hollowing",
+        "T1055.013 - Process Doppelgänging",
+        "T1055.014 - VDSO Hijacking",
+        "T1055.015 - ListPlanting",
+        "T1056 - Input Capture",
+        "T1056.001 - Keylogging",
+        "T1056.002 - GUI Input Capture",
+        "T1056.003 - Web Portal Capture",
+        "T1056.004 - Credential API Hooking",
+        "T1057 - Process Discovery",
+        "T1058 - Service Registry Permissions Weakness",
+        "T1059 - Command and Scripting Interpreter",
+        "T1059.001 - PowerShell",
+        "T1059.002 - AppleScript",
+        "T1059.003 - Windows Command Shell",
+        "T1059.004 - Unix Shell",
+        "T1059.005 - Visual Basic",
+        "T1059.006 - Python",
+        "T1059.007 - JavaScript",
+        "T1059.008 - Network Device CLI",
+        "T1059.009 - Cloud API",
+        "T1060 - Registry Run Keys / Startup Folder",
+        "T1061 - Graphical User Interface",
+        "T1062 - Hypervisor",
+        "T1063 - Security Software Discovery",
+        "T1064 - Scripting",
+        "T1065 - Uncommonly Used Port",
+        "T1066 - Indicator Removal from Tools",
+        "T1067 - Bootkit",
+        "T1068 - Exploitation for Privilege Escalation",
+        "T1069 - Permission Groups Discovery",
+        "T1069.001 - Local Groups",
+        "T1069.002 - Domain Groups",
+        "T1069.003 - Cloud Groups",
+        "T1070 - Indicator Removal",
+        "T1070.001 - Clear Windows Event Logs",
+        "T1070.002 - Clear Linux or Mac System Logs",
+        "T1070.003 - Clear Command History",
+        "T1070.004 - File Deletion",
+        "T1070.005 - Network Share Connection Removal",
+        "T1070.006 - Timestomp",
+        "T1070.007 - Clear Network Connection History and Configurations",
+        "T1070.008 - Clear Mailbox Data",
+        "T1070.009 - Clear Persistence",
+        "T1071 - Application Layer Protocol",
+        "T1071.001 - Web Protocols",
+        "T1071.002 - File Transfer Protocols",
+        "T1071.003 - Mail Protocols",
+        "T1071.004 - DNS",
+        "T1072 - Software Deployment Tools",
+        "T1073 - DLL Side-Loading",
+        "T1074 - Data Staged",
+        "T1074.001 - Local Data Staging",
+        "T1074.002 - Remote Data Staging",
+        "T1075 - Pass the Hash",
+        "T1076 - Remote Desktop Protocol",
+        "T1077 - Windows Admin Shares",
+        "T1078 - Valid Accounts",
+        "T1078.001 - Default Accounts",
+        "T1078.002 - Domain Accounts",
+        "T1078.003 - Local Accounts",
+        "T1078.004 - Cloud Accounts",
+        "T1079 - Multilayer Encryption",
+        "T1080 - Taint Shared Content",
+        "T1081 - Credentials in Files",
+        "T1082 - System Information Discovery",
+        "T1083 - File and Directory Discovery",
+        "T1084 - Windows Management Instrumentation Event Subscription",
+        "T1085 - Rundll32",
+        "T1086 - PowerShell",
+        "T1087 - Account Discovery",
+        "T1087.001 - Local Account",
+        "T1087.002 - Domain Account",
+        "T1087.003 - Email Account",
+        "T1087.004 - Cloud Account",
+        "T1088 - Bypass User Account Control",
+        "T1089 - Disabling Security Tools",
+        "T1090 - Proxy",
+        "T1090.001 - Internal Proxy",
+        "T1090.002 - External Proxy",
+        "T1090.003 - Multi-hop Proxy",
+        "T1090.004 - Domain Fronting",
+        "T1091 - Replication Through Removable Media",
+        "T1092 - Communication Through Removable Media",
+        "T1093 - Process Hollowing",
+        "T1094 - Custom Command and Control Protocol",
+        "T1095 - Non-Application Layer Protocol",
+        "T1096 - NTFS File Attributes",
+        "T1097 - Pass the Ticket",
+        "T1098 - Account Manipulation",
+        "T1098.001 - Additional Cloud Credentials",
+        "T1098.002 - Additional Email Delegate Permissions",
+        "T1098.003 - Additional Cloud Roles",
+        "T1098.004 - SSH Authorized Keys",
+        "T1098.005 - Device Registration",
+        "T1099 - Timestomp",
+        "T1100 - Web Shell",
+        "T1101 - Security Support Provider",
+        "T1102 - Web Service",
+        "T1102.001 - Dead Drop Resolver",
+        "T1102.002 - Bidirectional Communication",
+        "T1102.003 - One-Way Communication",
+        "T1103 - AppInit DLLs",
+        "T1104 - Multi-Stage Channels",
+        "T1105 - Ingress Tool Transfer",
+        "T1106 - Native API",
+        "T1107 - File Deletion",
+        "T1108 - Redundant Access",
+        "T1109 - Component Firmware",
+        "T1110 - Brute Force",
+        "T1110.001 - Password Guessing",
+        "T1110.002 - Password Cracking",
+        "T1110.003 - Password Spraying",
+        "T1110.004 - Credential Stuffing",
+        "T1111 - Multi-Factor Authentication Interception",
+        "T1112 - Modify Registry",
+        "T1113 - Screen Capture",
+        "T1114 - Email Collection",
+        "T1114.001 - Local Email Collection",
+        "T1114.002 - Remote Email Collection",
+        "T1114.003 - Email Forwarding Rule",
+        "T1115 - Clipboard Data",
+        "T1116 - Code Signing",
+        "T1117 - Regsvr32",
+        "T1118 - InstallUtil",
+        "T1119 - Automated Collection",
+        "T1120 - Peripheral Device Discovery",
+        "T1121 - Regsvcs/Regasm",
+        "T1122 - Component Object Model Hijacking",
+        "T1123 - Audio Capture",
+        "T1124 - System Time Discovery",
+        "T1125 - Video Capture",
+        "T1126 - Network Share Connection Removal",
+        "T1127 - Trusted Developer Utilities Proxy Execution",
+        "T1127.001 - MSBuild",
+        "T1128 - Netsh Helper DLL",
+        "T1129 - Shared Modules",
+        "T1130 - Install Root Certificate",
+        "T1131 - Authentication Package",
+        "T1132 - Data Encoding",
+        "T1132.001 - Standard Encoding",
+        "T1132.002 - Non-Standard Encoding",
+        "T1133 - External Remote Services",
+        "T1134 - Access Token Manipulation",
+        "T1134.001 - Token Impersonation/Theft",
+        "T1134.002 - Create Process with Token",
+        "T1134.003 - Make and Impersonate Token",
+        "T1134.004 - Parent PID Spoofing",
+        "T1134.005 - SID-History Injection",
+        "T1135 - Network Share Discovery",
+        "T1136 - Create Account",
+        "T1136.001 - Local Account",
+        "T1136.002 - Domain Account",
+        "T1136.003 - Cloud Account",
+        "T1137 - Office Application Startup",
+        "T1137.001 - Office Template Macros",
+        "T1137.002 - Office Test",
+        "T1137.003 - Outlook Forms",
+        "T1137.004 - Outlook Home Page",
+        "T1137.005 - Outlook Rules",
+        "T1137.006 - Add-ins",
+        "T1138 - Application Shimming",
+        "T1139 - Bash History",
+        "T1140 - Deobfuscate/Decode Files or Information",
+        "T1141 - Input Prompt",
+        "T1142 - Keychain",
+        "T1143 - Hidden Window",
+        "T1144 - Gatekeeper Bypass",
+        "T1145 - Private Keys",
+        "T1146 - Clear Command History",
+        "T1147 - Hidden Users",
+        "T1148 - HISTCONTROL",
+        "T1149 - LC_MAIN Hijacking",
+        "T1150 - Plist Modification",
+        "T1151 - Space after Filename",
+        "T1152 - Launchctl",
+        "T1153 - Source",
+        "T1154 - Trap",
+        "T1155 - AppleScript",
+        "T1156 - Malicious Shell Modification",
+        "T1157 - Dylib Hijacking",
+        "T1158 - Hidden Files and Directories",
+        "T1159 - Launch Agent",
+        "T1160 - Launch Daemon",
+        "T1161 - LC_LOAD_DYLIB Addition",
+        "T1162 - Login Item",
+        "T1163 - Rc.common",
+        "T1164 - Re-opened Applications",
+        "T1165 - Startup Items",
+        "T1166 - Setuid and Setgid",
+        "T1167 - Securityd Memory",
+        "T1168 - Local Job Scheduling",
+        "T1169 - Sudo",
+        "T1170 - Mshta",
+        "T1171 - LLMNR/NBT-NS Poisoning and Relay",
+        "T1172 - Domain Fronting",
+        "T1173 - Dynamic Data Exchange",
+        "T1174 - Password Filter DLL",
+        "T1175 - Component Object Model and Distributed COM",
+        "T1176 - Browser Extensions",
+        "T1177 - LSASS Driver",
+        "T1178 - SID-History Injection",
+        "T1179 - Hooking",
+        "T1180 - Screensaver",
+        "T1181 - Extra Window Memory Injection",
+        "T1182 - AppCert DLLs",
+        "T1183 - Image File Execution Options Injection",
+        "T1184 - SSH Hijacking",
+        "T1185 - Browser Session Hijacking",
+        "T1186 - Process Doppelgänging",
+        "T1187 - Forced Authentication",
+        "T1188 - Multi-hop Proxy",
+        "T1189 - Drive-by Compromise",
+        "T1190 - Exploit Public-Facing Application",
+        "T1191 - CMSTP",
+        "T1192 - Spearphishing Link",
+        "T1193 - Spearphishing Attachment",
+        "T1194 - Spearphishing via Service",
+        "T1195 - Supply Chain Compromise",
+        "T1195.001 - Compromise Software Dependencies and Development Tools",
+        "T1195.002 - Compromise Software Supply Chain",
+        "T1195.003 - Compromise Hardware Supply Chain",
+        "T1196 - Control Panel Items",
+        "T1197 - BITS Jobs",
+        "T1198 - SIP and Trust Provider Hijacking",
+        "T1199 - Trusted Relationship",
+        "T1200 - Hardware Additions",
+        "T1201 - Password Policy Discovery",
+        "T1202 - Indirect Command Execution",
+        "T1203 - Exploitation for Client Execution",
+        "T1204 - User Execution",
+        "T1204.001 - Malicious Link",
+        "T1204.002 - Malicious File",
+        "T1204.003 - Malicious Image",
+        "T1205 - Traffic Signaling",
+        "T1205.001 - Port Knocking",
+        "T1205.002 - Socket Filters",
+        "T1206 - Sudo Caching",
+        "T1207 - Rogue Domain Controller",
+        "T1208 - Kerberoasting",
+        "T1209 - Time Providers",
+        "T1210 - Exploitation of Remote Services",
+        "T1211 - Exploitation for Defense Evasion",
+        "T1212 - Exploitation for Credential Access",
+        "T1213 - Data from Information Repositories",
+        "T1213.001 - Confluence",
+        "T1213.002 - Sharepoint",
+        "T1213.003 - Code Repositories",
+        "T1214 - Credentials in Registry",
+        "T1215 - Kernel Modules and Extensions",
+        "T1216 - System Script Proxy Execution",
+        "T1216.001 - PubPrn",
+        "T1217 - Browser Information Discovery",
+        "T1218 - System Binary Proxy Execution",
+        "T1218.001 - Compiled HTML File",
+        "T1218.002 - Control Panel",
+        "T1218.003 - CMSTP",
+        "T1218.004 - InstallUtil",
+        "T1218.005 - Mshta",
+        "T1218.007 - Msiexec",
+        "T1218.008 - Odbcconf",
+        "T1218.009 - Regsvcs/Regasm",
+        "T1218.010 - Regsvr32",
+        "T1218.011 - Rundll32",
+        "T1218.012 - Verclsid",
+        "T1218.013 - Mavinject",
+        "T1218.014 - MMC",
+        "T1219 - Remote Access Software",
+        "T1220 - XSL Script Processing",
+        "T1221 - Template Injection",
+        "T1222 - File and Directory Permissions Modification",
+        "T1222.001 - Windows File and Directory Permissions Modification",
+        "T1222.002 - Linux and Mac File and Directory Permissions Modification",
+        "T1223 - Compiled HTML File",
+        "T1398 - Boot or Logon Initialization Scripts",
+        "T1399 - Modify Trusted Execution Environment",
+        "T1400 - Modify System Partition",
+        "T1401 - Device Administrator Permissions",
+        "T1402 - Broadcast Receivers",
+        "T1403 - Modify Cached Executable Code",
+        "T1404 - Exploitation for Privilege Escalation",
+        "T1405 - Exploit TEE Vulnerability",
+        "T1406 - Obfuscated Files or Information",
+        "T1406.001 - Steganography",
+        "T1406.002 - Software Packing",
+        "T1407 - Download New Code at Runtime",
+        "T1408 - Disguise Root/Jailbreak Indicators",
+        "T1409 - Stored Application Data",
+        "T1410 - Network Traffic Capture or Redirection",
+        "T1411 - Input Prompt",
+        "T1412 - Capture SMS Messages",
+        "T1413 - Access Sensitive Data in Device Logs",
+        "T1414 - Clipboard Data",
+        "T1415 - URL Scheme Hijacking",
+        "T1416 - URI Hijacking",
+        "T1417 - Input Capture",
+        "T1417.001 - Keylogging",
+        "T1417.002 - GUI Input Capture",
+        "T1418 - Software Discovery",
+        "T1418.001 - Security Software Discovery",
+        "T1419 - Device Type Discovery",
+        "T1420 - File and Directory Discovery",
+        "T1421 - System Network Connections Discovery",
+        "T1422 - System Network Configuration Discovery",
+        "T1423 - Network Service Scanning",
+        "T1424 - Process Discovery",
+        "T1425 - Insecure Third-Party Libraries",
+        "T1426 - System Information Discovery",
+        "T1427 - Attack PC via USB Connection",
+        "T1428 - Exploitation of Remote Services",
+        "T1429 - Audio Capture",
+        "T1430 - Location Tracking",
+        "T1430.001 - Remote Device Management Services",
+        "T1430.002 - Impersonate SS7 Nodes",
+        "T1431 - App Delivered via Web Download",
+        "T1432 - Access Contact List",
+        "T1433 - Access Call Log",
+        "T1434 - App Delivered via Email Attachment",
+        "T1435 - Access Calendar Entries",
+        "T1436 - Commonly Used Port",
+        "T1437 - Application Layer Protocol",
+        "T1437.001 - Web Protocols",
+        "T1438 - Exfiltration Over Other Network Medium",
+        "T1439 - Eavesdrop on Insecure Network Communication",
+        "T1440 - Detect App Analysis Environment",
+        "T1441 - Stolen Developer Credentials or Signing Keys",
+        "T1442 - Fake Developer Accounts",
+        "T1443 - Remotely Install Application",
+        "T1444 - Masquerade as Legitimate Application",
+        "T1445 - Abuse of iOS Enterprise App Signing Key",
+        "T1446 - Device Lockout",
+        "T1447 - Delete Device Data",
+        "T1448 - Carrier Billing Fraud",
+        "T1449 - Exploit SS7 to Redirect Phone Calls/SMS",
+        "T1450 - Exploit SS7 to Track Device Location",
+        "T1451 - SIM Card Swap",
+        "T1452 - Manipulate App Store Rankings or Ratings",
+        "T1453 - Abuse Accessibility Features",
+        "T1454 - Malicious SMS Message",
+        "T1455 - Exploit Baseband Vulnerability",
+        "T1456 - Drive-By Compromise",
+        "T1457 - Malicious Media Content",
+        "T1458 - Replication Through Removable Media",
+        "T1459 - Device Unlock Code Guessing or Brute Force",
+        "T1460 - Biometric Spoofing",
+        "T1461 - Lockscreen Bypass",
+        "T1462 - Malicious Software Development Tools",
+        "T1463 - Manipulate Device Communication",
+        "T1464 - Network Denial of Service",
+        "T1465 - Rogue Wi-Fi Access Points",
+        "T1466 - Downgrade to Insecure Protocols",
+        "T1467 - Rogue Cellular Base Station",
+        "T1468 - Remotely Track Device Without Authorization",
+        "T1469 - Remotely Wipe Data Without Authorization",
+        "T1470 - Obtain Device Cloud Backups",
+        "T1471 - Data Encrypted for Impact",
+        "T1472 - Generate Fraudulent Advertising Revenue",
+        "T1473 - Malicious or Vulnerable Built-in Device Functionality",
+        "T1474 - Supply Chain Compromise",
+        "T1474.001 - Compromise Software Dependencies and Development Tools",
+        "T1474.002 - Compromise Hardware Supply Chain",
+        "T1474.003 - Compromise Software Supply Chain",
+        "T1475 - Deliver Malicious App via Authorized App Store",
+        "T1476 - Deliver Malicious App via Other Means",
+        "T1477 - Exploit via Radio Interfaces",
+        "T1478 - Install Insecure or Malicious Configuration",
+        "T1480 - Execution Guardrails",
+        "T1480.001 - Environmental Keying",
+        "T1481 - Web Service",
+        "T1481.001 - Dead Drop Resolver",
+        "T1481.002 - Bidirectional Communication",
+        "T1481.003 - One-Way Communication",
+        "T1482 - Domain Trust Discovery",
+        "T1483 - Domain Generation Algorithms",
+        "T1484 - Domain Policy Modification",
+        "T1484.001 - Group Policy Modification",
+        "T1484.002 - Domain Trust Modification",
+        "T1485 - Data Destruction",
+        "T1486 - Data Encrypted for Impact",
+        "T1487 - Disk Structure Wipe",
+        "T1488 - Disk Content Wipe",
+        "T1489 - Service Stop",
+        "T1490 - Inhibit System Recovery",
+        "T1491 - Defacement",
+        "T1491.001 - Internal Defacement",
+        "T1491.002 - External Defacement",
+        "T1492 - Stored Data Manipulation",
+        "T1493 - Transmitted Data Manipulation",
+        "T1494 - Runtime Data Manipulation",
+        "T1495 - Firmware Corruption",
+        "T1496 - Resource Hijacking",
+        "T1497 - Virtualization/Sandbox Evasion",
+        "T1497.001 - System Checks",
+        "T1497.002 - User Activity Based Checks",
+        "T1497.003 - Time Based Evasion",
+        "T1498 - Network Denial of Service",
+        "T1498.001 - Direct Network Flood",
+        "T1498.002 - Reflection Amplification",
+        "T1499 - Endpoint Denial of Service",
+        "T1499.001 - OS Exhaustion Flood",
+        "T1499.002 - Service Exhaustion Flood",
+        "T1499.003 - Application Exhaustion Flood",
+        "T1499.004 - Application or System Exploitation",
+        "T1500 - Compile After Delivery",
+        "T1501 - Systemd Service",
+        "T1502 - Parent PID Spoofing",
+        "T1503 - Credentials from Web Browsers",
+        "T1504 - PowerShell Profile",
+        "T1505 - Server Software Component",
+        "T1505.001 - SQL Stored Procedures",
+        "T1505.002 - Transport Agent",
+        "T1505.003 - Web Shell",
+        "T1505.004 - IIS Components",
+        "T1505.005 - Terminal Services DLL",
+        "T1506 - Web Session Cookie",
+        "T1507 - Network Information Discovery",
+        "T1508 - Suppress Application Icon",
+        "T1509 - Non-Standard Port",
+        "T1510 - Clipboard Modification",
+        "T1512 - Video Capture",
+        "T1513 - Screen Capture",
+        "T1514 - Elevated Execution with Prompt",
+        "T1516 - Input Injection",
+        "T1517 - Access Notifications",
+        "T1518 - Software Discovery",
+        "T1518.001 - Security Software Discovery",
+        "T1519 - Emond",
+        "T1520 - Domain Generation Algorithms",
+        "T1521 - Encrypted Channel",
+        "T1521.001 - Symmetric Cryptography",
+        "T1521.002 - Asymmetric Cryptography",
+        "T1522 - Cloud Instance Metadata API",
+        "T1523 - Evade Analysis Environment",
+        "T1525 - Implant Internal Image",
+        "T1526 - Cloud Service Discovery",
+        "T1527 - Application Access Token",
+        "T1528 - Steal Application Access Token",
+        "T1529 - System Shutdown/Reboot",
+        "T1530 - Data from Cloud Storage",
+        "T1531 - Account Access Removal",
+        "T1532 - Archive Collected Data",
+        "T1533 - Data from Local System",
+        "T1534 - Internal Spearphishing",
+        "T1535 - Unused/Unsupported Cloud Regions",
+        "T1536 - Revert Cloud Instance",
+        "T1537 - Transfer Data to Cloud Account",
+        "T1538 - Cloud Service Dashboard",
+        "T1539 - Steal Web Session Cookie",
+        "T1540 - Code Injection",
+        "T1541 - Foreground Persistence",
+        "T1542 - Pre-OS Boot",
+        "T1542.001 - System Firmware",
+        "T1542.002 - Component Firmware",
+        "T1542.003 - Bootkit",
+        "T1542.004 - ROMMONkit",
+        "T1542.005 - TFTP Boot",
+        "T1543 - Create or Modify System Process",
+        "T1543.001 - Launch Agent",
+        "T1543.002 - Systemd Service",
+        "T1543.003 - Windows Service",
+        "T1543.004 - Launch Daemon",
+        "T1544 - Ingress Tool Transfer",
+        "T1546 - Event Triggered Execution",
+        "T1546.001 - Change Default File Association",
+        "T1546.002 - Screensaver",
+        "T1546.003 - Windows Management Instrumentation Event Subscription",
+        "T1546.004 - Unix Shell Configuration Modification",
+        "T1546.005 - Trap",
+        "T1546.006 - LC_LOAD_DYLIB Addition",
+        "T1546.007 - Netsh Helper DLL",
+        "T1546.008 - Accessibility Features",
+        "T1546.009 - AppCert DLLs",
+        "T1546.010 - AppInit DLLs",
+        "T1546.011 - Application Shimming",
+        "T1546.012 - Image File Execution Options Injection",
+        "T1546.013 - PowerShell Profile",
+        "T1546.014 - Emond",
+        "T1546.015 - Component Object Model Hijacking",
+        "T1546.016 - Installer Packages",
+        "T1547 - Boot or Logon Autostart Execution",
+        "T1547.001 - Registry Run Keys / Startup Folder",
+        "T1547.002 - Authentication Package",
+        "T1547.003 - Time Providers",
+        "T1547.004 - Winlogon Helper DLL",
+        "T1547.005 - Security Support Provider",
+        "T1547.006 - Kernel Modules and Extensions",
+        "T1547.007 - Re-opened Applications",
+        "T1547.008 - LSASS Driver",
+        "T1547.009 - Shortcut Modification",
+        "T1547.010 - Port Monitors",
+        "T1547.011 - Plist Modification",
+        "T1547.012 - Print Processors",
+        "T1547.013 - XDG Autostart Entries",
+        "T1547.014 - Active Setup",
+        "T1547.015 - Login Items",
+        "T1548 - Abuse Elevation Control Mechanism",
+        "T1548.001 - Setuid and Setgid",
+        "T1548.002 - Bypass User Account Control",
+        "T1548.003 - Sudo and Sudo Caching",
+        "T1548.004 - Elevated Execution with Prompt",
+        "T1550 - Use Alternate Authentication Material",
+        "T1550.001 - Application Access Token",
+        "T1550.002 - Pass the Hash",
+        "T1550.003 - Pass the Ticket",
+        "T1550.004 - Web Session Cookie",
+        "T1552 - Unsecured Credentials",
+        "T1552.001 - Credentials In Files",
+        "T1552.002 - Credentials in Registry",
+        "T1552.003 - Bash History",
+        "T1552.004 - Private Keys",
+        "T1552.005 - Cloud Instance Metadata API",
+        "T1552.006 - Group Policy Preferences",
+        "T1552.007 - Container API",
+        "T1552.008 - Chat Messages",
+        "T1553 - Subvert Trust Controls",
+        "T1553.001 - Gatekeeper Bypass",
+        "T1553.002 - Code Signing",
+        "T1553.003 - SIP and Trust Provider Hijacking",
+        "T1553.004 - Install Root Certificate",
+        "T1553.005 - Mark-of-the-Web Bypass",
+        "T1553.006 - Code Signing Policy Modification",
+        "T1554 - Compromise Client Software Binary",
+        "T1555 - Credentials from Password Stores",
+        "T1555.001 - Keychain",
+        "T1555.002 - Securityd Memory",
+        "T1555.003 - Credentials from Web Browsers",
+        "T1555.004 - Windows Credential Manager",
+        "T1555.005 - Password Managers",
+        "T1556 - Modify Authentication Process",
+        "T1556.001 - Domain Controller Authentication",
+        "T1556.002 - Password Filter DLL",
+        "T1556.003 - Pluggable Authentication Modules",
+        "T1556.004 - Network Device Authentication",
+        "T1556.005 - Reversible Encryption",
+        "T1556.006 - Multi-Factor Authentication",
+        "T1556.007 - Hybrid Identity",
+        "T1556.008 - Network Provider DLL",
+        "T1557 - Adversary-in-the-Middle",
+        "T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay",
+        "T1557.002 - ARP Cache Poisoning",
+        "T1557.003 - DHCP Spoofing",
+        "T1558 - Steal or Forge Kerberos Tickets",
+        "T1558.001 - Golden Ticket",
+        "T1558.002 - Silver Ticket",
+        "T1558.003 - Kerberoasting",
+        "T1558.004 - AS-REP Roasting",
+        "T1559 - Inter-Process Communication",
+        "T1559.001 - Component Object Model",
+        "T1559.002 - Dynamic Data Exchange",
+        "T1559.003 - XPC Services",
+        "T1560 - Archive Collected Data",
+        "T1560.001 - Archive via Utility",
+        "T1560.002 - Archive via Library",
+        "T1560.003 - Archive via Custom Method",
+        "T1561 - Disk Wipe",
+        "T1561.001 - Disk Content Wipe",
+        "T1561.002 - Disk Structure Wipe",
+        "T1562 - Impair Defenses",
+        "T1562.001 - Disable or Modify Tools",
+        "T1562.002 - Disable Windows Event Logging",
+        "T1562.003 - Impair Command History Logging",
+        "T1562.004 - Disable or Modify System Firewall",
+        "T1562.006 - Indicator Blocking",
+        "T1562.007 - Disable or Modify Cloud Firewall",
+        "T1562.008 - Disable Cloud Logs",
+        "T1562.009 - Safe Mode Boot",
+        "T1562.010 - Downgrade Attack",
+        "T1562.011 - Spoof Security Alerting",
+        "T1563 - Remote Service Session Hijacking",
+        "T1563.001 - SSH Hijacking",
+        "T1563.002 - RDP Hijacking",
+        "T1564 - Hide Artifacts",
+        "T1564.001 - Hidden Files and Directories",
+        "T1564.002 - Hidden Users",
+        "T1564.003 - Hidden Window",
+        "T1564.004 - NTFS File Attributes",
+        "T1564.005 - Hidden File System",
+        "T1564.006 - Run Virtual Instance",
+        "T1564.007 - VBA Stomping",
+        "T1564.008 - Email Hiding Rules",
+        "T1564.009 - Resource Forking",
+        "T1564.010 - Process Argument Spoofing",
+        "T1565 - Data Manipulation",
+        "T1565.001 - Stored Data Manipulation",
+        "T1565.002 - Transmitted Data Manipulation",
+        "T1565.003 - Runtime Data Manipulation",
+        "T1566 - Phishing",
+        "T1566.001 - Spearphishing Attachment",
+        "T1566.002 - Spearphishing Link",
+        "T1566.003 - Spearphishing via Service",
+        "T1567 - Exfiltration Over Web Service",
+        "T1567.001 - Exfiltration to Code Repository",
+        "T1567.002 - Exfiltration to Cloud Storage",
+        "T1567.003 - Exfiltration to Text Storage Sites",
+        "T1568 - Dynamic Resolution",
+        "T1568.001 - Fast Flux DNS",
+        "T1568.002 - Domain Generation Algorithms",
+        "T1568.003 - DNS Calculation",
+        "T1569 - System Services",
+        "T1569.001 - Launchctl",
+        "T1569.002 - Service Execution",
+        "T1570 - Lateral Tool Transfer",
+        "T1571 - Non-Standard Port",
+        "T1572 - Protocol Tunneling",
+        "T1573 - Encrypted Channel",
+        "T1573.001 - Symmetric Cryptography",
+        "T1573.002 - Asymmetric Cryptography",
+        "T1574 - Hijack Execution Flow",
+        "T1574.001 - DLL Search Order Hijacking",
+        "T1574.002 - DLL Side-Loading",
+        "T1574.004 - Dylib Hijacking",
+        "T1574.005 - Executable Installer File Permissions Weakness",
+        "T1574.006 - Dynamic Linker Hijacking",
+        "T1574.007 - Path Interception by PATH Environment Variable",
+        "T1574.008 - Path Interception by Search Order Hijacking",
+        "T1574.009 - Path Interception by Unquoted Path",
+        "T1574.010 - Services File Permissions Weakness",
+        "T1574.011 - Services Registry Permissions Weakness",
+        "T1574.012 - COR_PROFILER",
+        "T1574.013 - KernelCallbackTable",
+        "T1575 - Native API",
+        "T1576 - Uninstall Malicious Application",
+        "T1577 - Compromise Application Executable",
+        "T1578 - Modify Cloud Compute Infrastructure",
+        "T1578.001 - Create Snapshot",
+        "T1578.002 - Create Cloud Instance",
+        "T1578.003 - Delete Cloud Instance",
+        "T1578.004 - Revert Cloud Instance",
+        "T1579 - Keychain",
+        "T1580 - Cloud Infrastructure Discovery",
+        "T1581 - Geofencing",
+        "T1582 - SMS Control",
+        "T1583 - Acquire Infrastructure",
+        "T1583.001 - Domains",
+        "T1583.002 - DNS Server",
+        "T1583.003 - Virtual Private Server",
+        "T1583.004 - Server",
+        "T1583.005 - Botnet",
+        "T1583.006 - Web Services",
+        "T1583.007 - Serverless",
+        "T1583.008 - Malvertising",
+        "T1584 - Compromise Infrastructure",
+        "T1584.001 - Domains",
+        "T1584.002 - DNS Server",
+        "T1584.003 - Virtual Private Server",
+        "T1584.004 - Server",
+        "T1584.005 - Botnet",
+        "T1584.006 - Web Services",
+        "T1584.007 - Serverless",
+        "T1585 - Establish Accounts",
+        "T1585.001 - Social Media Accounts",
+        "T1585.002 - Email Accounts",
+        "T1585.003 - Cloud Accounts",
+        "T1586 - Compromise Accounts",
+        "T1586.001 - Social Media Accounts",
+        "T1586.002 - Email Accounts",
+        "T1586.003 - Cloud Accounts",
+        "T1587 - Develop Capabilities",
+        "T1587.001 - Malware",
+        "T1587.002 - Code Signing Certificates",
+        "T1587.003 - Digital Certificates",
+        "T1587.004 - Exploits",
+        "T1588 - Obtain Capabilities",
+        "T1588.001 - Malware",
+        "T1588.002 - Tool",
+        "T1588.003 - Code Signing Certificates",
+        "T1588.004 - Digital Certificates",
+        "T1588.005 - Exploits",
+        "T1588.006 - Vulnerabilities",
+        "T1589 - Gather Victim Identity Information",
+        "T1589.001 - Credentials",
+        "T1589.002 - Email Addresses",
+        "T1589.003 - Employee Names",
+        "T1590 - Gather Victim Network Information",
+        "T1590.001 - Domain Properties",
+        "T1590.002 - DNS",
+        "T1590.003 - Network Trust Dependencies",
+        "T1590.004 - Network Topology",
+        "T1590.005 - IP Addresses",
+        "T1590.006 - Network Security Appliances",
+        "T1591 - Gather Victim Org Information",
+        "T1591.001 - Determine Physical Locations",
+        "T1591.002 - Business Relationships",
+        "T1591.003 - Identify Business Tempo",
+        "T1591.004 - Identify Roles",
+        "T1592 - Gather Victim Host Information",
+        "T1592.001 - Hardware",
+        "T1592.002 - Software",
+        "T1592.003 - Firmware",
+        "T1592.004 - Client Configurations",
+        "T1593 - Search Open Websites/Domains",
+        "T1593.001 - Social Media",
+        "T1593.002 - Search Engines",
+        "T1593.003 - Code Repositories",
+        "T1594 - Search Victim-Owned Websites",
+        "T1595 - Active Scanning",
+        "T1595.001 - Scanning IP Blocks",
+        "T1595.002 - Vulnerability Scanning",
+        "T1595.003 - Wordlist Scanning",
+        "T1596 - Search Open Technical Databases",
+        "T1596.001 - DNS/Passive DNS",
+        "T1596.002 - WHOIS",
+        "T1596.003 - Digital Certificates",
+        "T1596.004 - CDNs",
+        "T1596.005 - Scan Databases",
+        "T1597 - Search Closed Sources",
+        "T1597.001 - Threat Intel Vendors",
+        "T1597.002 - Purchase Technical Data",
+        "T1598 - Phishing for Information",
+        "T1598.001 - Spearphishing Service",
+        "T1598.002 - Spearphishing Attachment",
+        "T1598.003 - Spearphishing Link",
+        "T1599 - Network Boundary Bridging",
+        "T1599.001 - Network Address Translation Traversal",
+        "T1600 - Weaken Encryption",
+        "T1600.001 - Reduce Key Space",
+        "T1600.002 - Disable Crypto Hardware",
+        "T1601 - Modify System Image",
+        "T1601.001 - Patch System Image",
+        "T1601.002 - Downgrade System Image",
+        "T1602 - Data from Configuration Repository",
+        "T1602.001 - SNMP (MIB Dump)",
+        "T1602.002 - Network Device Configuration Dump",
+        "T1603 - Scheduled Task/Job",
+        "T1604 - Proxy Through Victim",
+        "T1605 - Command-Line Interface",
+        "T1606 - Forge Web Credentials",
+        "T1606.001 - Web Cookies",
+        "T1606.002 - SAML Tokens",
+        "T1608 - Stage Capabilities",
+        "T1608.001 - Upload Malware",
+        "T1608.002 - Upload Tool",
+        "T1608.003 - Install Digital Certificate",
+        "T1608.004 - Drive-by Target",
+        "T1608.005 - Link Target",
+        "T1608.006 - SEO Poisoning",
+        "T1609 - Container Administration Command",
+        "T1610 - Deploy Container",
+        "T1611 - Escape to Host",
+        "T1612 - Build Image on Host",
+        "T1613 - Container and Resource Discovery",
+        "T1614 - System Location Discovery",
+        "T1614.001 - System Language Discovery",
+        "T1615 - Group Policy Discovery",
+        "T1616 - Call Control",
+        "T1617 - Hooking",
+        "T1618 - User Evasion",
+        "T1619 - Cloud Storage Object Discovery",
+        "T1620 - Reflective Code Loading",
+        "T1621 - Multi-Factor Authentication Request Generation",
+        "T1622 - Debugger Evasion",
+        "T1623 - Command and Scripting Interpreter",
+        "T1623.001 - Unix Shell",
+        "T1624 - Event Triggered Execution",
+        "T1624.001 - Broadcast Receivers",
+        "T1625 - Hijack Execution Flow",
+        "T1625.001 - System Runtime API Hijacking",
+        "T1626 - Abuse Elevation Control Mechanism",
+        "T1626.001 - Device Administrator Permissions",
+        "T1627 - Execution Guardrails",
+        "T1627.001 - Geofencing",
+        "T1628 - Hide Artifacts",
+        "T1628.001 - Suppress Application Icon",
+        "T1628.002 - User Evasion",
+        "T1629 - Impair Defenses",
+        "T1629.001 - Prevent Application Removal",
+        "T1629.002 - Device Lockout",
+        "T1629.003 - Disable or Modify Tools",
+        "T1630 - Indicator Removal on Host",
+        "T1630.001 - Uninstall Malicious Application",
+        "T1630.002 - File Deletion",
+        "T1630.003 - Disguise Root/Jailbreak Indicators",
+        "T1631 - Process Injection",
+        "T1631.001 - Ptrace System Calls",
+        "T1632 - Subvert Trust Controls",
+        "T1632.001 - Code Signing Policy Modification",
+        "T1633 - Virtualization/Sandbox Evasion",
+        "T1633.001 - System Checks",
+        "T1634 - Credentials from Password Store",
+        "T1634.001 - Keychain",
+        "T1635 - Steal Application Access Token",
+        "T1635.001 - URI Hijacking",
+        "T1636 - Protected User Data",
+        "T1636.001 - Calendar Entries",
+        "T1636.002 - Call Log",
+        "T1636.003 - Contact List",
+        "T1636.004 - SMS Messages",
+        "T1637 - Dynamic Resolution",
+        "T1637.001 - Domain Generation Algorithms",
+        "T1638 - Adversary-in-the-Middle",
+        "T1639 - Exfiltration Over Alternative Protocol",
+        "T1639.001 - Exfiltration Over Unencrypted Non-C2 Protocol",
+        "T1640 - Account Access Removal",
+        "T1641 - Data Manipulation",
+        "T1641.001 - Transmitted Data Manipulation",
+        "T1642 - Endpoint Denial of Service",
+        "T1643 - Generate Traffic from Victim",
+        "T1644 - Out of Band Data",
+        "T1645 - Compromise Client Software Binary",
+        "T1646 - Exfiltration Over C2 Channel",
+        "T1647 - Plist File Modification",
+        "T1648 - Serverless Execution",
+        "T1649 - Steal or Forge Authentication Certificates",
+        "T1650 - Acquire Access",
+        "T1651 - Cloud Administration Command",
+        "T1652 - Device Driver Discovery"
+    ]
+};
+
+export default intel;

From 33bce8891c065ec68cd7ea7dac8b47bbca87fe52 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 3 Aug 2023 13:42:33 -0400
Subject: [PATCH 04/18] autosuggest tactics and techniques from intel file

---
 .../src/assets/builder.config.ts              | 1707 +++++++++--------
 1 file changed, 854 insertions(+), 853 deletions(-)

diff --git a/src/attack_flow_builder/src/assets/builder.config.ts b/src/attack_flow_builder/src/assets/builder.config.ts
index d6360d29..09b10ff1 100644
--- a/src/attack_flow_builder/src/assets/builder.config.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.ts
@@ -1,853 +1,854 @@
-import validator from "./builder.config.validator";
-import publisher from "./builder.config.publisher";
-import { AppConfiguration } from "@/store/StoreTypes";
-import { Colors, DarkTheme } from "./scripts/BlockDiagram/DiagramFactory/Themes";
-import {
-    AnchorAngle,
-    EnumPropertyDescriptor,
-    PropertyType,
-    SemanticRole,
-    TemplateType
-} from "./scripts/BlockDiagram";
-
-const BoolEnum: EnumPropertyDescriptor = {
-    type: PropertyType.Enum,
-    options: {
-        type  : PropertyType.List,
-        form  : { type: PropertyType.String },
-        value : [["true", "True"], ["false", "False"]]
-    }
-};
-
-const config: AppConfiguration = {
-    is_web_hosted: false,
-    application_name: "Attack Flow Builder",
-    file_type_name: "Attack Flow",
-    file_type_extension: "afb",
-    schema: {
-        page_template: "flow",
-        templates: [
-            {
-                id: "flow",
-                type: TemplateType.Page,
-                role: SemanticRole.Node,
-                grid: [10, 10],
-                properties: {
-                    name                         : { type: PropertyType.String, value: "Untitled Document", is_primary: true },
-                    description                  : { type: PropertyType.String },
-                    author                       : {
-                        type: PropertyType.Dictionary,
-                        form: {
-                            name: { type: PropertyType.String, is_primary: true, is_required: true },
-                            identity_class: {
-                                type: PropertyType.Enum,
-                                options: {
-                                    type  : PropertyType.List,
-                                    form  : { type: PropertyType.String },
-                                    value : [
-                                        ["individual", "Individual"],
-                                        ["group", "Group"],
-                                        ["system", "System"],
-                                        ["organization", "Organization"],
-                                        ["class", "Class"],
-                                        ["unknown", "Unknown"]
-                                    ]
-                                }
-                            },
-                            contact_information: { type: PropertyType.String }
-                        }
-                    },
-                    scope                        : {
-                        type: PropertyType.Enum,
-                        options: {
-                            type: PropertyType.List,
-                            form: { type: PropertyType.String },
-                            value: [
-                                ["incident", "Incident"],
-                                ["campaign", "Campaign"],
-                                ["threat-actor", "Threat Actor"],
-                                ["malware", "Malware"],
-                                ["other", "Other"]
-                            ]
-                        },
-                        value: "incident"
-                    },
-                    external_references          : {
-                        type: PropertyType.List,
-                        form: {
-                            type: PropertyType.Dictionary,
-                            form: {
-                                source_name: { type: PropertyType.String, is_primary: true, is_required: true },
-                                description: { type: PropertyType.String },
-                                url: { type: PropertyType.String },
-                            }
-                        }
-                    },
-                    created                      : { type: PropertyType.Date, value: new Date(), is_visible_chart: false, is_visible_sidebar: false }
-                },
-                style: DarkTheme.Page()
-            },
-            {
-                id: "true_anchor",
-                type: TemplateType.AnchorPoint,
-                role: SemanticRole.None,
-                radius: 10,
-                line_templates: {
-                    [AnchorAngle.DEG_0] : `@__builtin__line_horizontal_elbow`,
-                    [AnchorAngle.DEG_90]: `@__builtin__line_vertical_elbow`
-                },
-                style: DarkTheme.AnchorPoint()
-            },
-            {
-                id: "false_anchor",
-                type: TemplateType.AnchorPoint,
-                role: SemanticRole.None,
-                radius: 10,
-                line_templates: {
-                    [AnchorAngle.DEG_0] : `@__builtin__line_horizontal_elbow`,
-                    [AnchorAngle.DEG_90]: `@__builtin__line_vertical_elbow`
-                },
-                style: DarkTheme.AnchorPoint()
-            },
-            {
-                id: "action",
-                namespace: "attack_flow.action",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    tactic_id                    : { type: PropertyType.String },
-                    tactic_ref                   : { type: PropertyType.String, is_visible_chart: false, is_visible_sidebar: true },
-                    technique_id                 : { type: PropertyType.String },
-                    technique_ref                : { type: PropertyType.String, is_visible_chart: false, is_visible_sidebar: true },
-                    description                  : { type: PropertyType.String },
-                    confidence                   : {
-                        type: PropertyType.Enum,
-                        options: {
-                            type: PropertyType.List,
-                            form: {
-                                type: PropertyType.Dictionary,
-                                form: {
-                                    text  : { type: PropertyType.String, is_primary: true },
-                                    value : { type: PropertyType.Int }
-                                }
-                            },
-                            value: [
-                                ["speculative",   { text: "Speculative", value: 0 }],
-                                ["very-doubtful", { text: "Very Doubtful", value: 10 }],
-                                ["doubtful",      { text: "Doubtful", value: 30 }],
-                                ["even-odds",     { text: "Even Odds", value: 50 }],
-                                ["probable",      { text: "Probable", value: 70 }],
-                                ["very-probable", { text: "Very Probable", value: 90 }],
-                                ["certain",       { text: "Certain", value: 100 }]
-                            ]
-                        },
-                        value: null
-                    },
-                    execution_start              : { type: PropertyType.Date },
-                    execution_end                : { type: PropertyType.Date },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Blue }})
-            },
-            {
-                id: "asset",
-                namespace: "attack_flow.asset",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true},
-                    description                  : { type: PropertyType.String }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Orange }})
-            },
-            {
-                id: "condition",
-                namespace: "attack_flow.condition",
-                type: TemplateType.BranchBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    description                  : { type: PropertyType.String, is_primary: true, is_required: true },
-                    pattern                      : { type: PropertyType.String },
-                    pattern_type                 : { type: PropertyType.String },
-                    pattern_version              : { type: PropertyType.String },
-                    date                         : { type: PropertyType.Date }
-                },
-                branches: [
-                    {
-                        text: "True",
-                        anchor_template: "true_anchor",
-                    },
-                    {
-                        text: "False",
-                        anchor_template: "false_anchor"
-                    }
-                ],
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.BranchBlock({ head: { ...Colors.Green }})
-            },
-            {
-                id: "or",
-                namespace: "attack_flow.OR_operator",
-                type: TemplateType.TextBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    operator: {
-                        type: PropertyType.String,
-                        value: "OR",
-                        is_primary: true,
-                        is_visible_chart: false,
-                        is_visible_sidebar: false,
-                        is_editable: false,
-                    }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.TextBlock({ ...Colors.Red, horizontal_padding: 35 })
-            },
-            {
-                id: "and",
-                namespace: "attack_flow.AND_operator",
-                type: TemplateType.TextBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    operator: {
-                        type: PropertyType.String,
-                        value: "AND",
-                        is_primary: true,
-                        is_visible_chart: false,
-                        is_visible_sidebar: false,
-                        is_editable: false,
-                    }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.TextBlock({ ...Colors.Red, horizontal_padding: 35 })
-            },
-            {
-                id: "attack_pattern",
-                namespace: "stix_object.attack_pattern",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "campaign",
-                namespace: "stix_object.campaign",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    first_seen                   : { type: PropertyType.Date },
-                    last_seen                    : { type: PropertyType.Date },
-                    objective                    : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "course_of_action",
-                namespace: "stix_object.course_of_action",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    action_type                  : { type: PropertyType.String },
-                    os_execution_envs            : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    action_bin                   : { type: PropertyType.String }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "grouping",
-                namespace: "stix_object.grouping",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true },
-                    description                  : { type: PropertyType.String },
-                    context                      : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "identity",
-                namespace: "stix_object.identity",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_required: true, is_primary: true },
-                    description                  : { type: PropertyType.String },
-                    roles                        : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    identity_class               : { type: PropertyType.String, is_required: true },
-                    sectors                      : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    contact_information          : { type: PropertyType.String }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "indicator",
-                namespace: "stix_object.indicator",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true },
-                    description                  : { type: PropertyType.String },
-                    indicator_types              : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true } },
-                    pattern                      : { type: PropertyType.String, is_required: true },
-                    pattern_type                 : { type: PropertyType.String, is_required: true },
-                    patter_version               : { type: PropertyType.String },
-                    valid_from                   : { type: PropertyType.Date, is_required: true},
-                    valid_until                  : { type: PropertyType.Date },
-                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "infrastructure",
-                namespace: "stix_object.infrastructure",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    infrastructure_types         : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    first_seen                   : { type: PropertyType.Date },
-                    last_seen                    : { type: PropertyType.Date }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "intrusion_set",
-                namespace: "stix_object.intrusion_set",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
-                    first_seen                   : { type: PropertyType.Date },
-                    last_seen                    : { type: PropertyType.Date },
-                    goals                        : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    resource_level               : { type: PropertyType.String},
-                    primary_motivation           : { type: PropertyType.String},
-                    secondary_motivations        : { type: PropertyType.List, form: { type: PropertyType.String }},
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "location",
-                namespace: "stix_object.location",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true },
-                    description                  : { type: PropertyType.String },
-                    latitude                     : { type: PropertyType.Float, min: -90, max: 90 },
-                    longitude                    : { type: PropertyType.Float, min: -180, max: 180 },
-                    precision                    : { type: PropertyType.Float },
-                    region                       : { type: PropertyType.String },
-                    country                      : { type: PropertyType.String },
-                    administrative_area          : { type: PropertyType.String },
-                    city                         : { type: PropertyType.String },
-                    street_address               : { type: PropertyType.String },
-                    postal_code                  : { type: PropertyType.String }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "malware",
-                namespace: "stix_object.malware",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true },
-                    description                  : { type: PropertyType.String },
-                    malware_types                : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
-                    is_family                    : { ...BoolEnum, is_required: true },
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    first_seen                   : { type: PropertyType.Date },
-                    last_seen                    : { type: PropertyType.Date },
-                    os_execution_envs            : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    architecture_execution_envs  : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    implementation_languages     : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    capabilities                 : { type: PropertyType.List, form: { type: PropertyType.String } },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "malware_analysis",
-                namespace: "stix_object.malware_analysis",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    product                      : { type: PropertyType.String, is_primary: true, is_required: true },
-                    version                      : { type: PropertyType.String },
-                    configuration_version        : { type: PropertyType.String },
-                    modules                      : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    analysis_engine_version      : { type: PropertyType.String },
-                    analysis_definition_version  : { type: PropertyType.String },
-                    submitted                    : { type: PropertyType.Date },
-                    analysis_started             : { type: PropertyType.Date },
-                    analysis_ended               : { type: PropertyType.Date },
-                    result                       : {
-                        type: PropertyType.Enum,
-                        options: {
-                            type: PropertyType.List,
-                            form: { type: PropertyType.String },
-                            value: [
-                                ["malicious", "Malicious"],
-                                ["suspicious", "Suspicious"],
-                                ["benign", "Benign"],
-                                ["unknown", "Unknown"]
-                            ]
-                        },
-                        value: null
-                    },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "note",
-                namespace: "stix_object.note",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    abstract                     : { type: PropertyType.String, is_primary: true },
-                    content                      : { type: PropertyType.String, is_required: true },
-                    authors                      : { type: PropertyType.List, form: { type: PropertyType.String } },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "observed_data",
-                namespace: "stix_object.observed_data",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    first_observed               : { type: PropertyType.Date, is_required: true },
-                    last_observed                : { type: PropertyType.Date, is_required: true },
-                    number_observed              : { type: PropertyType.Int, min: 0, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "opinion",
-                namespace: "stix_object.opinion",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    explanation                  : { type: PropertyType.String, is_primary: true },
-                    authors                      : { type: PropertyType.List, form: { type: PropertyType.String } },
-                    opinion                      : {
-                        type: PropertyType.Enum,
-                        options: {
-                            type: PropertyType.List,
-                            form: { type: PropertyType.String },
-                            value: [
-                                ["strongly-disagree", "Strongly Disagree"],
-                                ["disagree", "Disagree"],
-                                ["neutral", "Neutral"],
-                                ["agree", "Agree"],
-                                ["strongly-agree", "Strongly Agree"]
-                            ]
-                        },
-                        is_required: true
-                    }
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "report",
-                namespace: "stix_object.report",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    report_types                 : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
-                    published                    : { type: PropertyType.Date, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "threat_actor",
-                namespace: "stix_object.threat_actor",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    threat_actor_types           : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    first_seen                   : { type: PropertyType.Date },
-                    last_seen                    : { type: PropertyType.Date },
-                    roles                        : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    goals                        : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    sophistication               : { type: PropertyType.String },
-                    resource_level               : { type: PropertyType.String },
-                    primary_motivation           : { type: PropertyType.String },
-                    secondary_motivations        : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    personal_motivations         : { type: PropertyType.List, form: { type: PropertyType.String }},
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "tool",
-                namespace: "stix_object.tool",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                    tool_types                   : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
-                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    tool_version                 : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "vulnerability",
-                namespace: "stix_object.vulnerability",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    description                  : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "artifact",
-                namespace: "stix_observable.artifact",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    mime_type                    : { type: PropertyType.String },
-                    payload_bin                  : { type: PropertyType.String },
-                    url                          : { type: PropertyType.String },
-                    hashes                       : { type: PropertyType.String },
-                    encryption_algorithm         : { type: PropertyType.String },
-                    decryption_key               : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "autonomous_system",
-                namespace: "stix_observable.autonomous_system",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    number                       : { type: PropertyType.Int, is_primary: true, is_required: true },
-                    name                         : { type: PropertyType.String },
-                    rir                          : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "directory",
-                namespace: "stix_observable.directory",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    path                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    path_enc                     : { type: PropertyType.String },
-                    ctime                        : { type: PropertyType.Date },
-                    mtime                        : { type: PropertyType.Date },
-                    atime                        : { type: PropertyType.Date },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "domain_name",
-                namespace: "stix_observable.domain_name",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    value                        : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "email_address",
-                namespace: "stix_observable.email_address",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    value                        : { type: PropertyType.String, is_required: true },
-                    display_name                 : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "email_message",
-                namespace: "stix_observable.email_message",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    is_multipart                 : { ...BoolEnum, is_required: true },
-                    date                         : { type: PropertyType.String },
-                    content_type                 : { type: PropertyType.String },
-                    message_id                   : { type: PropertyType.String },
-                    subject                      : { type: PropertyType.String, is_primary: true },
-                    received_lines               : { type: PropertyType.String },
-                    additional_header_fields     : { type: PropertyType.String },
-                    body                         : { type: PropertyType.String },
-                    body_multipart               : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "file",
-                namespace: "stix_observable.file",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    hashes                       : { type: PropertyType.String },
-                    size                         : { type: PropertyType.String },
-                    name                         : { type: PropertyType.String, is_primary: true },
-                    name_enc                     : { type: PropertyType.String },
-                    magic_number_hex             : { type: PropertyType.String },
-                    mime_type                    : { type: PropertyType.String },
-                    ctime                        : { type: PropertyType.Date },
-                    mtime                        : { type: PropertyType.Date },
-                    atime                        : { type: PropertyType.Date },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "ipv4_addr",
-                namespace: "stix_observable.ipv4_addr",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    value                        : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "ipv6_addr",
-                namespace: "stix_observable.ipv6_addr",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    value                        : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "mac_addr",
-                namespace: "stix_observable.mac_addr",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    value                        : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "mutex",
-                namespace: "stix_observable.mutex",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "network_traffic",
-                namespace: "stix_observable.network_traffic",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    start                        : { type: PropertyType.Date },
-                    end                          : { type: PropertyType.Date },
-                    is_active                    : BoolEnum,
-                    src_port                     : { type: PropertyType.Int, min: 0, max: 65535 },
-                    dst_port                     : { type: PropertyType.Int, min: 0, max: 65535 },
-                    protocols                    : { type: PropertyType.List, min_items: 1, form: { type: PropertyType.String, is_required: true }},
-                    src_byte_count               : { type: PropertyType.Int, min: 0 },
-                    dst_byte_count               : { type: PropertyType.Int, min: 0 },
-                    src_packets                  : { type: PropertyType.Int, min: 0 },
-                    dst_packets                  : { type: PropertyType.Int, min: 0 },
-                    ipfix                        : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "process",
-                namespace: "stix_observable.process",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    is_hidden                    : BoolEnum,
-                    pid                          : { type: PropertyType.Int, min: 0 },
-                    created_time                 : { type: PropertyType.Date },
-                    cwd                          : { type: PropertyType.String },
-                    command_line                 : { type: PropertyType.String, is_required: true },
-                    environment_variables        : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "software",
-                namespace: "stix_observable.software",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
-                    cpe                          : { type: PropertyType.String },
-                    languages                    : { type: PropertyType.List, form: {type: PropertyType.String}},
-                    vendor                       : { type: PropertyType.String },
-                    version                      : { type: PropertyType.String },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "url",
-                namespace: "stix_observable.url",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    value                        : { type: PropertyType.String, is_required: true },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "user_account",
-                namespace: "stix_observable.user_account",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    user_id                      : { type: PropertyType.String },
-                    credential                   : { type: PropertyType.String },
-                    account_login                : { type: PropertyType.String },
-                    account_type                 : { type: PropertyType.String },
-                    display_name                 : { type: PropertyType.String, is_primary: true, is_required: true },
-                    is_service_account           : BoolEnum,
-                    is_privileged                : BoolEnum,
-                    can_escalate_privs           : BoolEnum,
-                    is_disabled                  : BoolEnum,
-                    account_created              : { type: PropertyType.Date },
-                    account_expires              : { type: PropertyType.Date },
-                    credential_last_changed      : { type: PropertyType.Date },
-                    account_first_login          : { type: PropertyType.Date },
-                    account_last_login           : { type: PropertyType.Date },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "windows_registry_key",
-                namespace: "stix_observable.windows_registry_key",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    key                          : { type: PropertyType.String, is_primary: true },
-                    values                       : { type: PropertyType.List, form: { type: PropertyType.String }},
-                    modified_time                : { type: PropertyType.Date },
-                    number_of_subkeys            : { type: PropertyType.Int, min: 0 },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            },
-            {
-                id: "x509_certificate",
-                namespace: "stix_observable.x509_certificate",
-                type: TemplateType.DictionaryBlock,
-                role: SemanticRole.Node,
-                properties: {
-                    subject                      : { type: PropertyType.String, is_primary: true, is_required: true },
-                    is_self_signed               : BoolEnum,
-                    hashes                       : { type: PropertyType.String },
-                    version                      : { type: PropertyType.String },
-                    serial_number                : { type: PropertyType.String },
-                    signature_algorithm          : { type: PropertyType.String },
-                    issuer                       : { type: PropertyType.String },
-                    validity_not_before          : { type: PropertyType.Date },
-                    validity_not_after           : { type: PropertyType.Date },
-                    subject_public_key_algorithm : { type: PropertyType.String },
-                    subject_public_key_modulus   : { type: PropertyType.String },
-                    subject_public_key_exponent  : { type: PropertyType.Int, min: 0 },
-                },
-                anchor_template: "@__builtin__anchor",
-                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
-            }
-        ]
-    },
-    menus: {
-        help_menu: {
-            help_links: [
-                {
-                    text: "Attack Flow Website",
-                    url: "https://center-for-threat-informed-defense.github.io/attack-flow/"
-                },
-                {
-                    text: "Attack Flow Builder Help",
-                    url: "https://center-for-threat-informed-defense.github.io/attack-flow/builder/"
-                },
-                {
-                    text: "MITRE ATT&CK Framework",
-                    url: "https://attack.mitre.org/"
-                },
-                {
-                    text: "GitHub Repository",
-                    url: "https://github.com/center-for-threat-informed-defense/attack-flow"
-                },
-                {
-                    text: "Change Log",
-                    url: "https://center-for-threat-informed-defense.github.io/attack-flow/builder/"
-                }
-            ]
-        }
-    },
-    validator,
-    publisher
-};
-
-export default config;
+import intel from "./builder.config.intel";
+import validator from "./builder.config.validator";
+import publisher from "./builder.config.publisher";
+import { AppConfiguration } from "@/store/StoreTypes";
+import { Colors, DarkTheme } from "./scripts/BlockDiagram/DiagramFactory/Themes";
+import {
+    AnchorAngle,
+    EnumPropertyDescriptor,
+    PropertyType,
+    SemanticRole,
+    TemplateType
+} from "./scripts/BlockDiagram";
+
+const BoolEnum: EnumPropertyDescriptor = {
+    type: PropertyType.Enum,
+    options: {
+        type  : PropertyType.List,
+        form  : { type: PropertyType.String },
+        value : [["true", "True"], ["false", "False"]]
+    }
+};
+
+const config: AppConfiguration = {
+    is_web_hosted: false,
+    application_name: "Attack Flow Builder",
+    file_type_name: "Attack Flow",
+    file_type_extension: "afb",
+    schema: {
+        page_template: "flow",
+        templates: [
+            {
+                id: "flow",
+                type: TemplateType.Page,
+                role: SemanticRole.Node,
+                grid: [10, 10],
+                properties: {
+                    name                         : { type: PropertyType.String, value: "Untitled Document", is_primary: true },
+                    description                  : { type: PropertyType.String },
+                    author                       : {
+                        type: PropertyType.Dictionary,
+                        form: {
+                            name: { type: PropertyType.String, is_primary: true, is_required: true },
+                            identity_class: {
+                                type: PropertyType.Enum,
+                                options: {
+                                    type  : PropertyType.List,
+                                    form  : { type: PropertyType.String },
+                                    value : [
+                                        ["individual", "Individual"],
+                                        ["group", "Group"],
+                                        ["system", "System"],
+                                        ["organization", "Organization"],
+                                        ["class", "Class"],
+                                        ["unknown", "Unknown"]
+                                    ]
+                                }
+                            },
+                            contact_information: { type: PropertyType.String }
+                        }
+                    },
+                    scope                        : {
+                        type: PropertyType.Enum,
+                        options: {
+                            type: PropertyType.List,
+                            form: { type: PropertyType.String },
+                            value: [
+                                ["incident", "Incident"],
+                                ["campaign", "Campaign"],
+                                ["threat-actor", "Threat Actor"],
+                                ["malware", "Malware"],
+                                ["other", "Other"]
+                            ]
+                        },
+                        value: "incident"
+                    },
+                    external_references          : {
+                        type: PropertyType.List,
+                        form: {
+                            type: PropertyType.Dictionary,
+                            form: {
+                                source_name: { type: PropertyType.String, is_primary: true, is_required: true },
+                                description: { type: PropertyType.String },
+                                url: { type: PropertyType.String },
+                            }
+                        }
+                    },
+                    created                      : { type: PropertyType.Date, value: new Date(), is_visible_chart: false, is_visible_sidebar: false }
+                },
+                style: DarkTheme.Page()
+            },
+            {
+                id: "true_anchor",
+                type: TemplateType.AnchorPoint,
+                role: SemanticRole.None,
+                radius: 10,
+                line_templates: {
+                    [AnchorAngle.DEG_0] : `@__builtin__line_horizontal_elbow`,
+                    [AnchorAngle.DEG_90]: `@__builtin__line_vertical_elbow`
+                },
+                style: DarkTheme.AnchorPoint()
+            },
+            {
+                id: "false_anchor",
+                type: TemplateType.AnchorPoint,
+                role: SemanticRole.None,
+                radius: 10,
+                line_templates: {
+                    [AnchorAngle.DEG_0] : `@__builtin__line_horizontal_elbow`,
+                    [AnchorAngle.DEG_90]: `@__builtin__line_vertical_elbow`
+                },
+                style: DarkTheme.AnchorPoint()
+            },
+            {
+                id: "action",
+                namespace: "attack_flow.action",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    tactic_id                    : { type: PropertyType.String, suggestions: intel.tactic_recs },
+                    tactic_ref                   : { type: PropertyType.String, is_visible_chart: false, is_visible_sidebar: true },
+                    technique_id                 : { type: PropertyType.String, suggestions: intel.technique_recs },
+                    technique_ref                : { type: PropertyType.String, is_visible_chart: false, is_visible_sidebar: true },
+                    description                  : { type: PropertyType.String },
+                    confidence                   : {
+                        type: PropertyType.Enum,
+                        options: {
+                            type: PropertyType.List,
+                            form: {
+                                type: PropertyType.Dictionary,
+                                form: {
+                                    text  : { type: PropertyType.String, is_primary: true },
+                                    value : { type: PropertyType.Int }
+                                }
+                            },
+                            value: [
+                                ["speculative",   { text: "Speculative", value: 0 }],
+                                ["very-doubtful", { text: "Very Doubtful", value: 10 }],
+                                ["doubtful",      { text: "Doubtful", value: 30 }],
+                                ["even-odds",     { text: "Even Odds", value: 50 }],
+                                ["probable",      { text: "Probable", value: 70 }],
+                                ["very-probable", { text: "Very Probable", value: 90 }],
+                                ["certain",       { text: "Certain", value: 100 }]
+                            ]
+                        },
+                        value: null
+                    },
+                    execution_start              : { type: PropertyType.Date },
+                    execution_end                : { type: PropertyType.Date },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Blue }})
+            },
+            {
+                id: "asset",
+                namespace: "attack_flow.asset",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true},
+                    description                  : { type: PropertyType.String }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Orange }})
+            },
+            {
+                id: "condition",
+                namespace: "attack_flow.condition",
+                type: TemplateType.BranchBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    description                  : { type: PropertyType.String, is_primary: true, is_required: true },
+                    pattern                      : { type: PropertyType.String },
+                    pattern_type                 : { type: PropertyType.String },
+                    pattern_version              : { type: PropertyType.String },
+                    date                         : { type: PropertyType.Date }
+                },
+                branches: [
+                    {
+                        text: "True",
+                        anchor_template: "true_anchor",
+                    },
+                    {
+                        text: "False",
+                        anchor_template: "false_anchor"
+                    }
+                ],
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.BranchBlock({ head: { ...Colors.Green }})
+            },
+            {
+                id: "or",
+                namespace: "attack_flow.OR_operator",
+                type: TemplateType.TextBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    operator: {
+                        type: PropertyType.String,
+                        value: "OR",
+                        is_primary: true,
+                        is_visible_chart: false,
+                        is_visible_sidebar: false,
+                        is_editable: false,
+                    }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.TextBlock({ ...Colors.Red, horizontal_padding: 35 })
+            },
+            {
+                id: "and",
+                namespace: "attack_flow.AND_operator",
+                type: TemplateType.TextBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    operator: {
+                        type: PropertyType.String,
+                        value: "AND",
+                        is_primary: true,
+                        is_visible_chart: false,
+                        is_visible_sidebar: false,
+                        is_editable: false,
+                    }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.TextBlock({ ...Colors.Red, horizontal_padding: 35 })
+            },
+            {
+                id: "attack_pattern",
+                namespace: "stix_object.attack_pattern",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "campaign",
+                namespace: "stix_object.campaign",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    first_seen                   : { type: PropertyType.Date },
+                    last_seen                    : { type: PropertyType.Date },
+                    objective                    : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "course_of_action",
+                namespace: "stix_object.course_of_action",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    action_type                  : { type: PropertyType.String },
+                    os_execution_envs            : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    action_bin                   : { type: PropertyType.String }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "grouping",
+                namespace: "stix_object.grouping",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true },
+                    description                  : { type: PropertyType.String },
+                    context                      : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "identity",
+                namespace: "stix_object.identity",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_required: true, is_primary: true },
+                    description                  : { type: PropertyType.String },
+                    roles                        : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    identity_class               : { type: PropertyType.String, is_required: true },
+                    sectors                      : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    contact_information          : { type: PropertyType.String }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "indicator",
+                namespace: "stix_object.indicator",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true },
+                    description                  : { type: PropertyType.String },
+                    indicator_types              : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true } },
+                    pattern                      : { type: PropertyType.String, is_required: true },
+                    pattern_type                 : { type: PropertyType.String, is_required: true },
+                    patter_version               : { type: PropertyType.String },
+                    valid_from                   : { type: PropertyType.Date, is_required: true},
+                    valid_until                  : { type: PropertyType.Date },
+                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "infrastructure",
+                namespace: "stix_object.infrastructure",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    infrastructure_types         : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    first_seen                   : { type: PropertyType.Date },
+                    last_seen                    : { type: PropertyType.Date }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "intrusion_set",
+                namespace: "stix_object.intrusion_set",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
+                    first_seen                   : { type: PropertyType.Date },
+                    last_seen                    : { type: PropertyType.Date },
+                    goals                        : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    resource_level               : { type: PropertyType.String},
+                    primary_motivation           : { type: PropertyType.String},
+                    secondary_motivations        : { type: PropertyType.List, form: { type: PropertyType.String }},
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "location",
+                namespace: "stix_object.location",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true },
+                    description                  : { type: PropertyType.String },
+                    latitude                     : { type: PropertyType.Float, min: -90, max: 90 },
+                    longitude                    : { type: PropertyType.Float, min: -180, max: 180 },
+                    precision                    : { type: PropertyType.Float },
+                    region                       : { type: PropertyType.String },
+                    country                      : { type: PropertyType.String },
+                    administrative_area          : { type: PropertyType.String },
+                    city                         : { type: PropertyType.String },
+                    street_address               : { type: PropertyType.String },
+                    postal_code                  : { type: PropertyType.String }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "malware",
+                namespace: "stix_object.malware",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true },
+                    description                  : { type: PropertyType.String },
+                    malware_types                : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
+                    is_family                    : { ...BoolEnum, is_required: true },
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    first_seen                   : { type: PropertyType.Date },
+                    last_seen                    : { type: PropertyType.Date },
+                    os_execution_envs            : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    architecture_execution_envs  : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    implementation_languages     : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    capabilities                 : { type: PropertyType.List, form: { type: PropertyType.String } },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "malware_analysis",
+                namespace: "stix_object.malware_analysis",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    product                      : { type: PropertyType.String, is_primary: true, is_required: true },
+                    version                      : { type: PropertyType.String },
+                    configuration_version        : { type: PropertyType.String },
+                    modules                      : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    analysis_engine_version      : { type: PropertyType.String },
+                    analysis_definition_version  : { type: PropertyType.String },
+                    submitted                    : { type: PropertyType.Date },
+                    analysis_started             : { type: PropertyType.Date },
+                    analysis_ended               : { type: PropertyType.Date },
+                    result                       : {
+                        type: PropertyType.Enum,
+                        options: {
+                            type: PropertyType.List,
+                            form: { type: PropertyType.String },
+                            value: [
+                                ["malicious", "Malicious"],
+                                ["suspicious", "Suspicious"],
+                                ["benign", "Benign"],
+                                ["unknown", "Unknown"]
+                            ]
+                        },
+                        value: null
+                    },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "note",
+                namespace: "stix_object.note",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    abstract                     : { type: PropertyType.String, is_primary: true },
+                    content                      : { type: PropertyType.String, is_required: true },
+                    authors                      : { type: PropertyType.List, form: { type: PropertyType.String } },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "observed_data",
+                namespace: "stix_object.observed_data",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    first_observed               : { type: PropertyType.Date, is_required: true },
+                    last_observed                : { type: PropertyType.Date, is_required: true },
+                    number_observed              : { type: PropertyType.Int, min: 0, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "opinion",
+                namespace: "stix_object.opinion",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    explanation                  : { type: PropertyType.String, is_primary: true },
+                    authors                      : { type: PropertyType.List, form: { type: PropertyType.String } },
+                    opinion                      : {
+                        type: PropertyType.Enum,
+                        options: {
+                            type: PropertyType.List,
+                            form: { type: PropertyType.String },
+                            value: [
+                                ["strongly-disagree", "Strongly Disagree"],
+                                ["disagree", "Disagree"],
+                                ["neutral", "Neutral"],
+                                ["agree", "Agree"],
+                                ["strongly-agree", "Strongly Agree"]
+                            ]
+                        },
+                        is_required: true
+                    }
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "report",
+                namespace: "stix_object.report",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    report_types                 : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
+                    published                    : { type: PropertyType.Date, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "threat_actor",
+                namespace: "stix_object.threat_actor",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    threat_actor_types           : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    first_seen                   : { type: PropertyType.Date },
+                    last_seen                    : { type: PropertyType.Date },
+                    roles                        : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    goals                        : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    sophistication               : { type: PropertyType.String },
+                    resource_level               : { type: PropertyType.String },
+                    primary_motivation           : { type: PropertyType.String },
+                    secondary_motivations        : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    personal_motivations         : { type: PropertyType.List, form: { type: PropertyType.String }},
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "tool",
+                namespace: "stix_object.tool",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                    tool_types                   : { type: PropertyType.List, form: { type: PropertyType.String, is_required: true }},
+                    aliases                      : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    kill_chain_phases            : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    tool_version                 : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "vulnerability",
+                namespace: "stix_object.vulnerability",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    description                  : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "artifact",
+                namespace: "stix_observable.artifact",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    mime_type                    : { type: PropertyType.String },
+                    payload_bin                  : { type: PropertyType.String },
+                    url                          : { type: PropertyType.String },
+                    hashes                       : { type: PropertyType.String },
+                    encryption_algorithm         : { type: PropertyType.String },
+                    decryption_key               : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "autonomous_system",
+                namespace: "stix_observable.autonomous_system",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    number                       : { type: PropertyType.Int, is_primary: true, is_required: true },
+                    name                         : { type: PropertyType.String },
+                    rir                          : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "directory",
+                namespace: "stix_observable.directory",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    path                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    path_enc                     : { type: PropertyType.String },
+                    ctime                        : { type: PropertyType.Date },
+                    mtime                        : { type: PropertyType.Date },
+                    atime                        : { type: PropertyType.Date },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "domain_name",
+                namespace: "stix_observable.domain_name",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    value                        : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "email_address",
+                namespace: "stix_observable.email_address",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    value                        : { type: PropertyType.String, is_required: true },
+                    display_name                 : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "email_message",
+                namespace: "stix_observable.email_message",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    is_multipart                 : { ...BoolEnum, is_required: true },
+                    date                         : { type: PropertyType.String },
+                    content_type                 : { type: PropertyType.String },
+                    message_id                   : { type: PropertyType.String },
+                    subject                      : { type: PropertyType.String, is_primary: true },
+                    received_lines               : { type: PropertyType.String },
+                    additional_header_fields     : { type: PropertyType.String },
+                    body                         : { type: PropertyType.String },
+                    body_multipart               : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "file",
+                namespace: "stix_observable.file",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    hashes                       : { type: PropertyType.String },
+                    size                         : { type: PropertyType.String },
+                    name                         : { type: PropertyType.String, is_primary: true },
+                    name_enc                     : { type: PropertyType.String },
+                    magic_number_hex             : { type: PropertyType.String },
+                    mime_type                    : { type: PropertyType.String },
+                    ctime                        : { type: PropertyType.Date },
+                    mtime                        : { type: PropertyType.Date },
+                    atime                        : { type: PropertyType.Date },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "ipv4_addr",
+                namespace: "stix_observable.ipv4_addr",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    value                        : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "ipv6_addr",
+                namespace: "stix_observable.ipv6_addr",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    value                        : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "mac_addr",
+                namespace: "stix_observable.mac_addr",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    value                        : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "mutex",
+                namespace: "stix_observable.mutex",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "network_traffic",
+                namespace: "stix_observable.network_traffic",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    start                        : { type: PropertyType.Date },
+                    end                          : { type: PropertyType.Date },
+                    is_active                    : BoolEnum,
+                    src_port                     : { type: PropertyType.Int, min: 0, max: 65535 },
+                    dst_port                     : { type: PropertyType.Int, min: 0, max: 65535 },
+                    protocols                    : { type: PropertyType.List, min_items: 1, form: { type: PropertyType.String, is_required: true }},
+                    src_byte_count               : { type: PropertyType.Int, min: 0 },
+                    dst_byte_count               : { type: PropertyType.Int, min: 0 },
+                    src_packets                  : { type: PropertyType.Int, min: 0 },
+                    dst_packets                  : { type: PropertyType.Int, min: 0 },
+                    ipfix                        : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "process",
+                namespace: "stix_observable.process",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    is_hidden                    : BoolEnum,
+                    pid                          : { type: PropertyType.Int, min: 0 },
+                    created_time                 : { type: PropertyType.Date },
+                    cwd                          : { type: PropertyType.String },
+                    command_line                 : { type: PropertyType.String, is_required: true },
+                    environment_variables        : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "software",
+                namespace: "stix_observable.software",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    name                         : { type: PropertyType.String, is_primary: true, is_required: true },
+                    cpe                          : { type: PropertyType.String },
+                    languages                    : { type: PropertyType.List, form: {type: PropertyType.String}},
+                    vendor                       : { type: PropertyType.String },
+                    version                      : { type: PropertyType.String },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "url",
+                namespace: "stix_observable.url",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    value                        : { type: PropertyType.String, is_required: true },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "user_account",
+                namespace: "stix_observable.user_account",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    user_id                      : { type: PropertyType.String },
+                    credential                   : { type: PropertyType.String },
+                    account_login                : { type: PropertyType.String },
+                    account_type                 : { type: PropertyType.String },
+                    display_name                 : { type: PropertyType.String, is_primary: true, is_required: true },
+                    is_service_account           : BoolEnum,
+                    is_privileged                : BoolEnum,
+                    can_escalate_privs           : BoolEnum,
+                    is_disabled                  : BoolEnum,
+                    account_created              : { type: PropertyType.Date },
+                    account_expires              : { type: PropertyType.Date },
+                    credential_last_changed      : { type: PropertyType.Date },
+                    account_first_login          : { type: PropertyType.Date },
+                    account_last_login           : { type: PropertyType.Date },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "windows_registry_key",
+                namespace: "stix_observable.windows_registry_key",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    key                          : { type: PropertyType.String, is_primary: true },
+                    values                       : { type: PropertyType.List, form: { type: PropertyType.String }},
+                    modified_time                : { type: PropertyType.Date },
+                    number_of_subkeys            : { type: PropertyType.Int, min: 0 },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            },
+            {
+                id: "x509_certificate",
+                namespace: "stix_observable.x509_certificate",
+                type: TemplateType.DictionaryBlock,
+                role: SemanticRole.Node,
+                properties: {
+                    subject                      : { type: PropertyType.String, is_primary: true, is_required: true },
+                    is_self_signed               : BoolEnum,
+                    hashes                       : { type: PropertyType.String },
+                    version                      : { type: PropertyType.String },
+                    serial_number                : { type: PropertyType.String },
+                    signature_algorithm          : { type: PropertyType.String },
+                    issuer                       : { type: PropertyType.String },
+                    validity_not_before          : { type: PropertyType.Date },
+                    validity_not_after           : { type: PropertyType.Date },
+                    subject_public_key_algorithm : { type: PropertyType.String },
+                    subject_public_key_modulus   : { type: PropertyType.String },
+                    subject_public_key_exponent  : { type: PropertyType.Int, min: 0 },
+                },
+                anchor_template: "@__builtin__anchor",
+                style: DarkTheme.DictionaryBlock({ head: { ...Colors.Gray }})
+            }
+        ]
+    },
+    menus: {
+        help_menu: {
+            help_links: [
+                {
+                    text: "Attack Flow Website",
+                    url: "https://center-for-threat-informed-defense.github.io/attack-flow/"
+                },
+                {
+                    text: "Attack Flow Builder Help",
+                    url: "https://center-for-threat-informed-defense.github.io/attack-flow/builder/"
+                },
+                {
+                    text: "MITRE ATT&CK Framework",
+                    url: "https://attack.mitre.org/"
+                },
+                {
+                    text: "GitHub Repository",
+                    url: "https://github.com/center-for-threat-informed-defense/attack-flow"
+                },
+                {
+                    text: "Change Log",
+                    url: "https://center-for-threat-informed-defense.github.io/attack-flow/builder/"
+                }
+            ]
+        }
+    },
+    validator,
+    publisher
+};
+
+export default config;

From d65fae7949455826921c3a2fca6fe0d1415f8ec6 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:41:00 -0400
Subject: [PATCH 05/18] update ScrollBox construct

---
 .../src/components/Containers/ScrollBox.vue   | 69 ++++++++++++++-----
 .../Controls/Fields/OptionsList.vue           |  6 +-
 2 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/src/attack_flow_builder/src/components/Containers/ScrollBox.vue b/src/attack_flow_builder/src/components/Containers/ScrollBox.vue
index 8a831c58..f80d2ee7 100644
--- a/src/attack_flow_builder/src/components/Containers/ScrollBox.vue
+++ b/src/attack_flow_builder/src/components/Containers/ScrollBox.vue
@@ -3,31 +3,31 @@
     <div 
       ref="content" 
       class="scroll-content" 
-      @wheel.passive="moveScrollPosition(scrollTop + $event.deltaY, $event)"
+      @wheel.passive="onScrollWheel"
+      @scroll="onScrollContent"
     >
       <slot></slot>
     </div>
     <div
       class="scroll-bar"
       :style="scroll.sty"
+      @wheel.passive="onScrollWheel"
       v-show="alwaysShowScrollBar || showScrollbar"
-      @wheel.passive="moveScrollPosition(scrollTop + $event.deltaY, $event)"
     >
       <div
         class="scroll-handle"
         :style="handle.sty"
-        v-show="showScrollbar"
         @pointerdown="startDrag"
-        @pointerup="stopDrag"
+        v-show="showScrollbar"
       ></div>
     </div>
   </div>
 </template>
 
 <script lang="ts">
-import { clamp } from "@/assets/scripts/BlockDiagram";
-import { PointerTracker } from "@/assets/scripts/PointerTracker";
-import { defineComponent, markRaw, Ref, ref } from 'vue';
+import { clamp } from '@/assets/scripts/BlockDiagram';
+import { PointerTracker } from '@/assets/scripts/PointerTracker';
+import { defineComponent, markRaw, ref } from 'vue';
 
 export default defineComponent({
   name: "ScrollBox",
@@ -64,6 +64,10 @@ export default defineComponent({
     width: {
       type: Number,
       default: 17
+    },
+    top: {
+      type: Number,
+      default: 0
     }
   },
   data() {
@@ -93,8 +97,18 @@ export default defineComponent({
       onMutateObserver: null as MutationObserver | null,
     };
   },
+  emits: ["scroll"],
   methods: {
 
+    /**
+     * Scroll wheel behavior.
+     * @param event
+     *  The wheel event.
+     */
+    onScrollWheel(event: WheelEvent) {
+      this.moveScrollPosition(this.scrollTop + event.deltaY, event);
+    },
+
     /**
      * Scroll handle drag start behavior.
      * @param event
@@ -102,7 +116,6 @@ export default defineComponent({
      */
     startDrag(event: PointerEvent) {
       this.handle.trk.capture(event, this.onDrag);
-      document.addEventListener("pointerup", this.stopDrag, { once: true });
     },
 
     /**
@@ -119,12 +132,19 @@ export default defineComponent({
     },
 
     /**
-     * Scroll handle drag stop behavior.
-     * @param event
-     *  The pointer event.
+     * Scroll content behavior.
      */
-    stopDrag(event: PointerEvent) {
-      this.handle.trk.release(event);
+    onScrollContent() {
+      if(!this.content) {
+        return;
+      }
+      // If browser changed scroll position on its own, update scroll state
+      if(this.content.scrollTop != this.scrollTop) {
+        this.scrollTop = this.content!.scrollTop;
+        this.handle.pos = this.topToHandleTop(this.scrollTop);
+        this.handle.sty.transform = `translateY(${this.handle.pos}px)`;
+      }
+      this.$emit("scroll", this.scrollTop);
     },
 
     /**
@@ -144,9 +164,9 @@ export default defineComponent({
      */
     recalculateScrollState(resetTop: boolean = true) {
       let showScrollbar = this.showScrollbar;
-      let content = this.content!;
+      let content = this.content;
       // Ignore scroll content with no height
-      if(content.clientHeight === 0) {
+      if(!content || content.clientHeight === 0) {
        this.showScrollbar = false;
        return;
       }
@@ -175,14 +195,17 @@ export default defineComponent({
      *  The scroll wheel event, if applicable.
      */
     moveScrollPosition(position: number, event: WheelEvent | null = null) {
+      if(!this.content) {
+        return;
+      }
       let scrollTop = this.scrollTop;
-      this.scrollTop = clamp(position, 0, this.windowMax);
+      this.scrollTop = clamp(Math.round(position), 0, this.windowMax);
       this.handle.pos = this.topToHandleTop(this.scrollTop);
       this.handle.sty.transform = `translateY(${this.handle.pos}px)`;
-      this.content!.scrollTop = this.scrollTop;
+      this.content.scrollTop = this.scrollTop;
       // Selectively propagate scroll event
-      let hasMoved = scrollTop - this.scrollTop !== 0;
       let canMove = 0 < this.scrollTop && this.scrollTop < this.windowMax;
+      let hasMoved = scrollTop - this.scrollTop !== 0;
       if(!this.propagateScroll || hasMoved || canMove) {
         event?.stopPropagation();
       }
@@ -211,6 +234,12 @@ export default defineComponent({
     }
 
   },
+  watch: {
+    // On top change
+    top() {
+      this.moveScrollPosition(this.top);
+    }
+  },
   mounted() {
     // Configure mutation observer
     let mutateOptions = { childList: true, characterData: true, subtree: true };
@@ -223,6 +252,10 @@ export default defineComponent({
     );
     this.onResizeObserver.observe(this.$el);
     this.onMutateObserver.observe(this.content!, mutateOptions);
+    // Calculate scroll state
+    this.recalculateScrollState(false);
+    // Set scroll position
+    this.moveScrollPosition(this.top);
   },
   unmounted() {
     this.onResizeObserver!.disconnect();
diff --git a/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue b/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue
index 7394354a..157e2dfc 100644
--- a/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue
+++ b/src/attack_flow_builder/src/components/Controls/Fields/OptionsList.vue
@@ -5,7 +5,7 @@
         <li 
           ref="items"
           v-for="option in options"
-          :key="option.value"
+          :key="option.value ?? 0"
           :list-id="option.value"
           :class="{ active: isActive(option), null: isNull(option) }"
           @click="$emit('select', option.value)"
@@ -49,7 +49,7 @@ export default defineComponent({
   data() {
     return {
       flip: false,
-      active: this.select,
+      active: this.select ?? null,
       scrollTop: 0
     }
   },
@@ -119,7 +119,7 @@ export default defineComponent({
     // On select change
     select() {
       // Update active item
-      this.active = this.select;
+      this.active = this.select ?? null;
       // Focus the active item
       this.focusActive();
     },

From 3f8ece39f96b0ea4499f5601ecff9e8628436c65 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:53:30 -0400
Subject: [PATCH 06/18] separated intel configuration from source file

---
 .../attack/download_sources.js                | 20 +++++++++++++++++++
 .../attack/update_attack_intel.js             | 13 ++----------
 2 files changed, 22 insertions(+), 11 deletions(-)
 create mode 100644 src/attack_flow_builder/attack/download_sources.js

diff --git a/src/attack_flow_builder/attack/download_sources.js b/src/attack_flow_builder/attack/download_sources.js
new file mode 100644
index 00000000..1475bdfb
--- /dev/null
+++ b/src/attack_flow_builder/attack/download_sources.js
@@ -0,0 +1,20 @@
+/**
+ * The base URL for the ATT&CK repository.
+ */
+const BASE_URL = "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master";
+
+/**
+ * The STIX sources.
+ */
+const STIX_SOURCES = [
+    `${BASE_URL}/enterprise-attack/enterprise-attack-13.0.json`,
+    `${BASE_URL}/ics-attack/ics-attack-13.0.json`,
+    `${BASE_URL}/mobile-attack/mobile-attack-13.0.json`
+]
+
+/**
+ * Export
+ */
+module.exports = {
+    STIX_SOURCES
+};
diff --git a/src/attack_flow_builder/attack/update_attack_intel.js b/src/attack_flow_builder/attack/update_attack_intel.js
index ed143ddc..573c10b1 100644
--- a/src/attack_flow_builder/attack/update_attack_intel.js
+++ b/src/attack_flow_builder/attack/update_attack_intel.js
@@ -1,11 +1,7 @@
 const { resolve } = require("path");
 const { writeFileSync } = require("fs");
 const { fetchAttackData } = require("./download_attack");
-
-/**
- * The base URL for the ATT&CK repository.
- */
-const BASE_URL = "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master";
+const { STIX_SOURCES } = require("./download_sources");
 
 /**
  * The intel file's export key.
@@ -62,9 +58,4 @@ async function updateApplicationAttackIntel(path, ...urls) {
 /**
  * Main
  */
-updateApplicationAttackIntel(
-    INTEL_FILE_PATH,
-    `${BASE_URL}/enterprise-attack/enterprise-attack-13.0.json`,
-    `${BASE_URL}/ics-attack/ics-attack-13.0.json`,
-    `${BASE_URL}/mobile-attack/mobile-attack-13.0.json`
-);
+updateApplicationAttackIntel(INTEL_FILE_PATH, ...STIX_SOURCES);

From c02831f4c962e31626cdc347c92f565005510916 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Wed, 16 Aug 2023 16:27:31 -0400
Subject: [PATCH 07/18] Add matrix information to ATT&CK intelligence file

---
 .../attack/download_attack.js                 |   20 +-
 .../attack/update_attack_intel.js             |    2 +-
 .../src/assets/builder.config.intel.ts        | 1138 ++++++++++++++++-
 3 files changed, 1114 insertions(+), 46 deletions(-)

diff --git a/src/attack_flow_builder/attack/download_attack.js b/src/attack_flow_builder/attack/download_attack.js
index 7ae5fffd..d90da9b1 100644
--- a/src/attack_flow_builder/attack/download_attack.js
+++ b/src/attack_flow_builder/attack/download_attack.js
@@ -15,6 +15,8 @@ const https = require("https");
  *  The object's STIX id.
  * @property {boolean} deprecated
  *  True if the ATT&CK object has been deprecated, false otherwise.
+ * @property {string} matrix
+ *  The ATT&CK object's matrix. 
  */
 
 /**
@@ -69,23 +71,25 @@ function fetchJson(url, options = {}) {
     })
 }
 
-
 /**
  * Parses an ATT&CK object from a STIX object.
  * @param {Object} obj
  *  The STIX object.
+ * @param {string} matrix
+ *  The STIX object's matrix.
  * @returns {AttackObject}
  *  The parsed ATT&CK object.
  */
-function parseStixToAttackObject(obj) {
+function parseStixToAttackObject(obj, matrix) {
 
     // Parse STIX id, name, and type directly
     let parse = {
         stixId : obj.id,
         name   : obj.name,
-        type   : STIX_TO_ATTACK[obj.type]
+        type   : STIX_TO_ATTACK[obj.type],
+        matrix : matrix 
     }
-    
+
     // Parse MITRE reference information
     let mitreRef = obj.external_references.find(
         o => MITRE_SOURCES.has(o.source_name)
@@ -111,12 +115,18 @@ function parseStixToAttackObject(obj) {
  *  The parsed ATT&CK objects.
  */
 function parseAttackObjectsFromManifest(data) {
+    // Parse matrix
+    let collection = data.objects.find(o => o.type === "x-mitre-collection");
+    if(!collection) {
+        throw new Error("STIX collection information missing.");
+    }
+    // Parse objects
     let objs = []
     for(let obj of data.objects) {
         if(!(obj.type in STIX_TO_ATTACK)) {
             continue;
         }
-        objs.push(parseStixToAttackObject(obj));
+        objs.push(parseStixToAttackObject(obj, collection.name));
     }
     return objs;
 }
diff --git a/src/attack_flow_builder/attack/update_attack_intel.js b/src/attack_flow_builder/attack/update_attack_intel.js
index 573c10b1..47329c44 100644
--- a/src/attack_flow_builder/attack/update_attack_intel.js
+++ b/src/attack_flow_builder/attack/update_attack_intel.js
@@ -38,7 +38,7 @@ async function updateApplicationAttackIntel(path, ...urls) {
     console.log("→ Generating Application Intel File...");
     let intel = {
         tactics        : types.get("tactic"),
-        tactic_recs    : types.get("tactic").map(o => `${o.id} - ${o.name}`).sort(),
+        tactic_recs    : types.get("tactic").map(o => `${o.id} - ${o.name} (${o.matrix})`).sort(),
         technique      : types.get("technique"),
         technique_recs : types.get("technique").map(o => `${o.id} - ${o.name}`).sort()
     };
diff --git a/src/attack_flow_builder/src/assets/builder.config.intel.ts b/src/attack_flow_builder/src/assets/builder.config.intel.ts
index d7999a17..58bb5740 100644
--- a/src/attack_flow_builder/src/assets/builder.config.intel.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.intel.ts
@@ -4,6 +4,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--2558fd61-8c75-4730-94c4-11926db2a263",
             "name": "Credential Access",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0006",
             "url": "https://attack.mitre.org/tactics/TA0006",
             "deprecated": false
@@ -12,6 +13,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5",
             "name": "Execution",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0002",
             "url": "https://attack.mitre.org/tactics/TA0002",
             "deprecated": false
@@ -20,6 +22,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--5569339b-94c2-49ee-afb3-2222936582c8",
             "name": "Impact",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0040",
             "url": "https://attack.mitre.org/tactics/TA0040",
             "deprecated": false
@@ -28,6 +31,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92",
             "name": "Persistence",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0003",
             "url": "https://attack.mitre.org/tactics/TA0003",
             "deprecated": false
@@ -36,6 +40,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--5e29b093-294e-49e9-a803-dab3d73b77dd",
             "name": "Privilege Escalation",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0004",
             "url": "https://attack.mitre.org/tactics/TA0004",
             "deprecated": false
@@ -44,6 +49,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e",
             "name": "Lateral Movement",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0008",
             "url": "https://attack.mitre.org/tactics/TA0008",
             "deprecated": false
@@ -52,6 +58,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--78b23412-0651-46d7-a540-170a1ce8bd5a",
             "name": "Defense Evasion",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0005",
             "url": "https://attack.mitre.org/tactics/TA0005",
             "deprecated": false
@@ -60,6 +67,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--9a4e74ab-5008-408c-84bf-a10dfbc53462",
             "name": "Exfiltration",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0010",
             "url": "https://attack.mitre.org/tactics/TA0010",
             "deprecated": false
@@ -68,6 +76,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--c17c5845-175e-4421-9713-829d0573dbc9",
             "name": "Discovery",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0007",
             "url": "https://attack.mitre.org/tactics/TA0007",
             "deprecated": false
@@ -76,6 +85,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--d108ce10-2419-4cf9-a774-46161d6c6cfe",
             "name": "Collection",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0009",
             "url": "https://attack.mitre.org/tactics/TA0009",
             "deprecated": false
@@ -84,6 +94,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
             "name": "Resource Development",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0042",
             "url": "https://attack.mitre.org/tactics/TA0042",
             "deprecated": false
@@ -92,6 +103,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--daa4cbb1-b4f4-4723-a824-7f1efd6e0592",
             "name": "Reconnaissance",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0043",
             "url": "https://attack.mitre.org/tactics/TA0043",
             "deprecated": false
@@ -100,6 +112,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--f72804c5-f15a-449e-a5da-2eecd181f813",
             "name": "Command and Control",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0011",
             "url": "https://attack.mitre.org/tactics/TA0011",
             "deprecated": false
@@ -108,6 +121,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--ffd5bcee-6e16-4dd2-8eca-7b3beedf33ca",
             "name": "Initial Access",
             "type": "tactic",
+            "matrix": "Enterprise ATT&CK",
             "id": "TA0001",
             "url": "https://attack.mitre.org/tactics/TA0001",
             "deprecated": false
@@ -116,6 +130,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--298fe907-7931-4fd2-8131-2814dd493134",
             "name": "Inhibit Response Function",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0107",
             "url": "https://attack.mitre.org/tactics/TA0107",
             "deprecated": false
@@ -124,6 +139,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--33752ae7-f875-4f43-bdb6-d8d02d341046",
             "name": "Privilege Escalation",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0111",
             "url": "https://attack.mitre.org/tactics/TA0111",
             "deprecated": false
@@ -132,6 +148,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--51c25a9e-8615-40c0-8afd-1da578847924",
             "name": "Lateral Movement",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0109",
             "url": "https://attack.mitre.org/tactics/TA0109",
             "deprecated": false
@@ -140,6 +157,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--696af733-728e-49d7-8261-75fdc590f453",
             "name": "Discovery",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0102",
             "url": "https://attack.mitre.org/tactics/TA0102",
             "deprecated": false
@@ -148,6 +166,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--69da72d2-f550-41c5-ab9e-e8255707f28a",
             "name": "Initial Access",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0108",
             "url": "https://attack.mitre.org/tactics/TA0108",
             "deprecated": false
@@ -156,6 +175,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--77542f83-70d0-40c2-8a9d-ad2eb8b00279",
             "name": "Impact",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0105",
             "url": "https://attack.mitre.org/tactics/TA0105",
             "deprecated": false
@@ -164,6 +184,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--78f1d2ae-a579-44c4-8fc5-3e1775c73fac",
             "name": "Persistence",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0110",
             "url": "https://attack.mitre.org/tactics/TA0110",
             "deprecated": false
@@ -172,6 +193,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--93bf9a8e-b14c-4587-b6d5-9efc7c12eb45",
             "name": "Execution",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0104",
             "url": "https://attack.mitre.org/tactics/TA0104",
             "deprecated": false
@@ -180,6 +202,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--97c8ff73-bd14-4b6c-ac32-3d91d2c41e3f",
             "name": "Command and Control",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0101",
             "url": "https://attack.mitre.org/tactics/TA0101",
             "deprecated": false
@@ -188,6 +211,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--b2a67b1e-913c-46f6-b219-048a90560bb9",
             "name": "Collection",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0100",
             "url": "https://attack.mitre.org/tactics/TA0100",
             "deprecated": false
@@ -196,6 +220,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--ddf70682-f3ce-479c-a9a4-7eadf9bfead7",
             "name": "Evasion",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0103",
             "url": "https://attack.mitre.org/tactics/TA0103",
             "deprecated": false
@@ -204,6 +229,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--ff048b6c-b872-4218-b68c-3735ebd1f024",
             "name": "Impair Process Control",
             "type": "tactic",
+            "matrix": "ICS ATT&CK",
             "id": "TA0106",
             "url": "https://attack.mitre.org/tactics/TA0106",
             "deprecated": false
@@ -212,6 +238,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6",
             "name": "Initial Access",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0027",
             "url": "https://attack.mitre.org/tactics/TA0027",
             "deprecated": false
@@ -220,6 +247,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981",
             "name": "Exfiltration",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0036",
             "url": "https://attack.mitre.org/tactics/TA0036",
             "deprecated": false
@@ -228,6 +256,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54",
             "name": "Persistence",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0028",
             "url": "https://attack.mitre.org/tactics/TA0028",
             "deprecated": false
@@ -236,6 +265,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8",
             "name": "Privilege Escalation",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0029",
             "url": "https://attack.mitre.org/tactics/TA0029",
             "deprecated": false
@@ -244,6 +274,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3",
             "name": "Command and Control",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0037",
             "url": "https://attack.mitre.org/tactics/TA0037",
             "deprecated": false
@@ -252,6 +283,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756",
             "name": "Execution",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0041",
             "url": "https://attack.mitre.org/tactics/TA0041",
             "deprecated": false
@@ -260,6 +292,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e",
             "name": "Impact",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0034",
             "url": "https://attack.mitre.org/tactics/TA0034",
             "deprecated": false
@@ -268,6 +301,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10",
             "name": "Credential Access",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0031",
             "url": "https://attack.mitre.org/tactics/TA0031",
             "deprecated": false
@@ -276,6 +310,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba",
             "name": "Collection",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0035",
             "url": "https://attack.mitre.org/tactics/TA0035",
             "deprecated": false
@@ -284,6 +319,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f",
             "name": "Lateral Movement",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0033",
             "url": "https://attack.mitre.org/tactics/TA0033",
             "deprecated": false
@@ -292,6 +328,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df",
             "name": "Defense Evasion",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0030",
             "url": "https://attack.mitre.org/tactics/TA0030",
             "deprecated": false
@@ -300,6 +337,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210",
             "name": "Network Effects",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0038",
             "url": "https://attack.mitre.org/tactics/TA0038",
             "deprecated": true
@@ -308,6 +346,7 @@ export const intel = {
             "stixId": "x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1",
             "name": "Discovery",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0032",
             "url": "https://attack.mitre.org/tactics/TA0032",
             "deprecated": false
@@ -316,58 +355,60 @@ export const intel = {
             "stixId": "x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17",
             "name": "Remote Service Effects",
             "type": "tactic",
+            "matrix": "Mobile ATT&CK",
             "id": "TA0039",
             "url": "https://attack.mitre.org/tactics/TA0039",
             "deprecated": true
         }
     ],
     "tactic_recs": [
-        "TA0001 - Initial Access",
-        "TA0002 - Execution",
-        "TA0003 - Persistence",
-        "TA0004 - Privilege Escalation",
-        "TA0005 - Defense Evasion",
-        "TA0006 - Credential Access",
-        "TA0007 - Discovery",
-        "TA0008 - Lateral Movement",
-        "TA0009 - Collection",
-        "TA0010 - Exfiltration",
-        "TA0011 - Command and Control",
-        "TA0027 - Initial Access",
-        "TA0028 - Persistence",
-        "TA0029 - Privilege Escalation",
-        "TA0030 - Defense Evasion",
-        "TA0031 - Credential Access",
-        "TA0032 - Discovery",
-        "TA0033 - Lateral Movement",
-        "TA0034 - Impact",
-        "TA0035 - Collection",
-        "TA0036 - Exfiltration",
-        "TA0037 - Command and Control",
-        "TA0038 - Network Effects",
-        "TA0039 - Remote Service Effects",
-        "TA0040 - Impact",
-        "TA0041 - Execution",
-        "TA0042 - Resource Development",
-        "TA0043 - Reconnaissance",
-        "TA0100 - Collection",
-        "TA0101 - Command and Control",
-        "TA0102 - Discovery",
-        "TA0103 - Evasion",
-        "TA0104 - Execution",
-        "TA0105 - Impact",
-        "TA0106 - Impair Process Control",
-        "TA0107 - Inhibit Response Function",
-        "TA0108 - Initial Access",
-        "TA0109 - Lateral Movement",
-        "TA0110 - Persistence",
-        "TA0111 - Privilege Escalation"
+        "TA0001 - Initial Access (Enterprise ATT&CK)",
+        "TA0002 - Execution (Enterprise ATT&CK)",
+        "TA0003 - Persistence (Enterprise ATT&CK)",
+        "TA0004 - Privilege Escalation (Enterprise ATT&CK)",
+        "TA0005 - Defense Evasion (Enterprise ATT&CK)",
+        "TA0006 - Credential Access (Enterprise ATT&CK)",
+        "TA0007 - Discovery (Enterprise ATT&CK)",
+        "TA0008 - Lateral Movement (Enterprise ATT&CK)",
+        "TA0009 - Collection (Enterprise ATT&CK)",
+        "TA0010 - Exfiltration (Enterprise ATT&CK)",
+        "TA0011 - Command and Control (Enterprise ATT&CK)",
+        "TA0027 - Initial Access (Mobile ATT&CK)",
+        "TA0028 - Persistence (Mobile ATT&CK)",
+        "TA0029 - Privilege Escalation (Mobile ATT&CK)",
+        "TA0030 - Defense Evasion (Mobile ATT&CK)",
+        "TA0031 - Credential Access (Mobile ATT&CK)",
+        "TA0032 - Discovery (Mobile ATT&CK)",
+        "TA0033 - Lateral Movement (Mobile ATT&CK)",
+        "TA0034 - Impact (Mobile ATT&CK)",
+        "TA0035 - Collection (Mobile ATT&CK)",
+        "TA0036 - Exfiltration (Mobile ATT&CK)",
+        "TA0037 - Command and Control (Mobile ATT&CK)",
+        "TA0038 - Network Effects (Mobile ATT&CK)",
+        "TA0039 - Remote Service Effects (Mobile ATT&CK)",
+        "TA0040 - Impact (Enterprise ATT&CK)",
+        "TA0041 - Execution (Mobile ATT&CK)",
+        "TA0042 - Resource Development (Enterprise ATT&CK)",
+        "TA0043 - Reconnaissance (Enterprise ATT&CK)",
+        "TA0100 - Collection (ICS ATT&CK)",
+        "TA0101 - Command and Control (ICS ATT&CK)",
+        "TA0102 - Discovery (ICS ATT&CK)",
+        "TA0103 - Evasion (ICS ATT&CK)",
+        "TA0104 - Execution (ICS ATT&CK)",
+        "TA0105 - Impact (ICS ATT&CK)",
+        "TA0106 - Impair Process Control (ICS ATT&CK)",
+        "TA0107 - Inhibit Response Function (ICS ATT&CK)",
+        "TA0108 - Initial Access (ICS ATT&CK)",
+        "TA0109 - Lateral Movement (ICS ATT&CK)",
+        "TA0110 - Persistence (ICS ATT&CK)",
+        "TA0111 - Privilege Escalation (ICS ATT&CK)"
     ],
     "technique": [
         {
             "stixId": "attack-pattern--0042a9f5-f053-4769-b3ef-9ad018dfa298",
             "name": "Extra Window Memory Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.011",
             "url": "https://attack.mitre.org/techniques/T1055/011",
             "deprecated": false
@@ -376,6 +417,7 @@ export const intel = {
             "stixId": "attack-pattern--005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
             "name": "Scheduled Task",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.005",
             "url": "https://attack.mitre.org/techniques/T1053/005",
             "deprecated": false
@@ -384,6 +426,7 @@ export const intel = {
             "stixId": "attack-pattern--005cc321-08ce-4d17-b1ea-cb5275926520",
             "name": "Socket Filters",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1205.002",
             "url": "https://attack.mitre.org/techniques/T1205/002",
             "deprecated": false
@@ -392,6 +435,7 @@ export const intel = {
             "stixId": "attack-pattern--00d0b012-8a03-410e-95de-5826bf542de6",
             "name": "Indicator Removal from Tools",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1066",
             "url": "https://attack.mitre.org/techniques/T1066",
             "deprecated": true
@@ -400,6 +444,7 @@ export const intel = {
             "stixId": "attack-pattern--00f90846-cbd1-4fc5-9233-df5c2bf2a662",
             "name": "Archive via Utility",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1560.001",
             "url": "https://attack.mitre.org/techniques/T1560/001",
             "deprecated": false
@@ -408,6 +453,7 @@ export const intel = {
             "stixId": "attack-pattern--01327cde-66c4-4123-bf34-5f258d59457b",
             "name": "VNC",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.005",
             "url": "https://attack.mitre.org/techniques/T1021/005",
             "deprecated": false
@@ -416,6 +462,7 @@ export const intel = {
             "stixId": "attack-pattern--01a5a209-b94c-450b-b7f9-946497d91055",
             "name": "Windows Management Instrumentation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1047",
             "url": "https://attack.mitre.org/techniques/T1047",
             "deprecated": false
@@ -424,6 +471,7 @@ export const intel = {
             "stixId": "attack-pattern--01df3350-ce05-4bdf-bdf8-0a919a66d4a8",
             "name": "Malicious Shell Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1156",
             "url": "https://attack.mitre.org/techniques/T1156",
             "deprecated": true
@@ -432,6 +480,7 @@ export const intel = {
             "stixId": "attack-pattern--0259baeb-9f63-4c69-bf10-eb038c390688",
             "name": "Screen Capture",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1113",
             "url": "https://attack.mitre.org/techniques/T1113",
             "deprecated": false
@@ -440,6 +489,7 @@ export const intel = {
             "stixId": "attack-pattern--02c5abff-30bf-4703-ab92-1f6072fae939",
             "name": "Fileless Storage",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.011",
             "url": "https://attack.mitre.org/techniques/T1027/011",
             "deprecated": false
@@ -448,6 +498,7 @@ export const intel = {
             "stixId": "attack-pattern--02fefddc-fb1b-423f-a76b-7552dd211d4d",
             "name": "Bootkit",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1067",
             "url": "https://attack.mitre.org/techniques/T1067",
             "deprecated": true
@@ -456,6 +507,7 @@ export const intel = {
             "stixId": "attack-pattern--03259939-0b57-482f-8eb5-87c0e0d54334",
             "name": "Boot or Logon Initialization Scripts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1037",
             "url": "https://attack.mitre.org/techniques/T1037",
             "deprecated": false
@@ -464,6 +516,7 @@ export const intel = {
             "stixId": "attack-pattern--035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
             "name": "Adversary-in-the-Middle",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1557",
             "url": "https://attack.mitre.org/techniques/T1557",
             "deprecated": false
@@ -472,6 +525,7 @@ export const intel = {
             "stixId": "attack-pattern--03d7999c-1f4c-42cc-8373-e7690d318104",
             "name": "System Owner/User Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1033",
             "url": "https://attack.mitre.org/techniques/T1033",
             "deprecated": false
@@ -480,6 +534,7 @@ export const intel = {
             "stixId": "attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2",
             "name": "Acquire Infrastructure",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583",
             "url": "https://attack.mitre.org/techniques/T1583",
             "deprecated": false
@@ -488,6 +543,7 @@ export const intel = {
             "stixId": "attack-pattern--045d0922-2310-4e60-b5e4-3302302cb3c5",
             "name": "Rundll32",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.011",
             "url": "https://attack.mitre.org/techniques/T1218/011",
             "deprecated": false
@@ -496,6 +552,7 @@ export const intel = {
             "stixId": "attack-pattern--0470e792-32f8-46b0-a351-652bc35e9336",
             "name": "Container and Resource Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1613",
             "url": "https://attack.mitre.org/techniques/T1613",
             "deprecated": false
@@ -504,6 +561,7 @@ export const intel = {
             "stixId": "attack-pattern--04a5a8ab-3bc8-4c83-95c9-55274a89786d",
             "name": "Serverless",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.007",
             "url": "https://attack.mitre.org/techniques/T1583/007",
             "deprecated": false
@@ -512,6 +570,7 @@ export const intel = {
             "stixId": "attack-pattern--04ee0cb7-dac3-4c6c-9387-4c6aa096f4cf",
             "name": "Hidden Window",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1143",
             "url": "https://attack.mitre.org/techniques/T1143",
             "deprecated": true
@@ -520,6 +579,7 @@ export const intel = {
             "stixId": "attack-pattern--04ef4356-8926-45e2-9441-634b6f3dcecb",
             "name": "LC_LOAD_DYLIB Addition",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1161",
             "url": "https://attack.mitre.org/techniques/T1161",
             "deprecated": true
@@ -528,6 +588,7 @@ export const intel = {
             "stixId": "attack-pattern--04fd5427-79c7-44ea-ae13-11b24778ff1c",
             "name": "Standard Encoding",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1132.001",
             "url": "https://attack.mitre.org/techniques/T1132/001",
             "deprecated": false
@@ -536,6 +597,7 @@ export const intel = {
             "stixId": "attack-pattern--0533ab23-3f7d-463f-9bd8-634d27e4dee1",
             "name": "Embedded Payloads",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.009",
             "url": "https://attack.mitre.org/techniques/T1027/009",
             "deprecated": false
@@ -544,6 +606,7 @@ export const intel = {
             "stixId": "attack-pattern--06780952-177c-4247-b978-79c357fb311f",
             "name": "Plist Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1150",
             "url": "https://attack.mitre.org/techniques/T1150",
             "deprecated": true
@@ -552,6 +615,7 @@ export const intel = {
             "stixId": "attack-pattern--06c00069-771a-4d57-8ef5-d3718c1a8771",
             "name": "Pluggable Authentication Modules",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.003",
             "url": "https://attack.mitre.org/techniques/T1556/003",
             "deprecated": false
@@ -560,6 +624,7 @@ export const intel = {
             "stixId": "attack-pattern--0708ae90-d0eb-4938-9a76-d0fc94f6eec1",
             "name": "Revert Cloud Instance",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1578.004",
             "url": "https://attack.mitre.org/techniques/T1578/004",
             "deprecated": false
@@ -568,6 +633,7 @@ export const intel = {
             "stixId": "attack-pattern--086952c4-5b90-4185-b573-02bad8e11953",
             "name": "HISTCONTROL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1148",
             "url": "https://attack.mitre.org/techniques/T1148",
             "deprecated": true
@@ -576,6 +642,7 @@ export const intel = {
             "stixId": "attack-pattern--09312b1a-c3c6-4b45-9844-3ccc78e5d82f",
             "name": "Gather Victim Host Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1592",
             "url": "https://attack.mitre.org/techniques/T1592",
             "deprecated": false
@@ -584,6 +651,7 @@ export const intel = {
             "stixId": "attack-pattern--0979abf9-4e26-43ec-9b6e-54efc4e70fca",
             "name": "Digital Certificates",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1596.003",
             "url": "https://attack.mitre.org/techniques/T1596/003",
             "deprecated": false
@@ -592,6 +660,7 @@ export const intel = {
             "stixId": "attack-pattern--09a60ea3-a8d1-4ae5-976e-5783248b72a4",
             "name": "Keylogging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1056.001",
             "url": "https://attack.mitre.org/techniques/T1056/001",
             "deprecated": false
@@ -600,6 +669,7 @@ export const intel = {
             "stixId": "attack-pattern--09b130a2-a77e-4af0-a361-f46f9aad1345",
             "name": "Linux and Mac File and Directory Permissions Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1222.002",
             "url": "https://attack.mitre.org/techniques/T1222/002",
             "deprecated": false
@@ -608,6 +678,7 @@ export const intel = {
             "stixId": "attack-pattern--09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
             "name": "Password Guessing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1110.001",
             "url": "https://attack.mitre.org/techniques/T1110/001",
             "deprecated": false
@@ -616,6 +687,7 @@ export const intel = {
             "stixId": "attack-pattern--09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58",
             "name": "PubPrn",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1216.001",
             "url": "https://attack.mitre.org/techniques/T1216/001",
             "deprecated": false
@@ -624,6 +696,7 @@ export const intel = {
             "stixId": "attack-pattern--0a241b6c-7bb2-48f9-98f7-128145b4d27f",
             "name": "Purchase Technical Data",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1597.002",
             "url": "https://attack.mitre.org/techniques/T1597/002",
             "deprecated": false
@@ -632,6 +705,7 @@ export const intel = {
             "stixId": "attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
             "name": "OS Credential Dumping",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003",
             "url": "https://attack.mitre.org/techniques/T1003",
             "deprecated": false
@@ -640,6 +714,7 @@ export const intel = {
             "stixId": "attack-pattern--0a5231ec-41af-4a35-83d0-6bdf11f28c65",
             "name": "Shared Modules",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1129",
             "url": "https://attack.mitre.org/techniques/T1129",
             "deprecated": false
@@ -648,6 +723,7 @@ export const intel = {
             "stixId": "attack-pattern--0ad7bc5c-235a-4048-944b-3b286676cb74",
             "name": "Data from Configuration Repository",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1602",
             "url": "https://attack.mitre.org/techniques/T1602",
             "deprecated": false
@@ -656,6 +732,7 @@ export const intel = {
             "stixId": "attack-pattern--0af0ca99-357d-4ba1-805f-674fdfb7bef9",
             "name": "Disk Structure Wipe",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1561.002",
             "url": "https://attack.mitre.org/techniques/T1561/002",
             "deprecated": false
@@ -664,6 +741,7 @@ export const intel = {
             "stixId": "attack-pattern--0bda01d5-4c1d-4062-8ee2-6872334383c3",
             "name": "Direct Network Flood",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1498.001",
             "url": "https://attack.mitre.org/techniques/T1498/001",
             "deprecated": false
@@ -672,6 +750,7 @@ export const intel = {
             "stixId": "attack-pattern--0bf78622-e8d2-41da-a857-731472d61a92",
             "name": "Stored Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1492",
             "url": "https://attack.mitre.org/techniques/T1492",
             "deprecated": true
@@ -680,6 +759,7 @@ export const intel = {
             "stixId": "attack-pattern--0c2d00da-7742-49e7-9928-4514e5075d32",
             "name": "Path Interception by PATH Environment Variable",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.007",
             "url": "https://attack.mitre.org/techniques/T1574/007",
             "deprecated": false
@@ -688,6 +768,7 @@ export const intel = {
             "stixId": "attack-pattern--0c4b4fda-9062-47da-98b9-ceae2dcf052a",
             "name": "Sharepoint",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1213.002",
             "url": "https://attack.mitre.org/techniques/T1213/002",
             "deprecated": false
@@ -696,6 +777,7 @@ export const intel = {
             "stixId": "attack-pattern--0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
             "name": "Direct Volume Access",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1006",
             "url": "https://attack.mitre.org/techniques/T1006",
             "deprecated": false
@@ -704,6 +786,7 @@ export const intel = {
             "stixId": "attack-pattern--0ca7beef-9bbc-4e35-97cf-437384ddce6a",
             "name": "File System Permissions Weakness",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1044",
             "url": "https://attack.mitre.org/techniques/T1044",
             "deprecated": true
@@ -712,6 +795,7 @@ export const intel = {
             "stixId": "attack-pattern--0cf55441-b176-4332-89e7-2c4c7799d0ff",
             "name": "Email Hiding Rules",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.008",
             "url": "https://attack.mitre.org/techniques/T1564/008",
             "deprecated": false
@@ -720,6 +804,7 @@ export const intel = {
             "stixId": "attack-pattern--0cfe31a7-81fc-472c-bc45-e2808d1066a3",
             "name": "External Defacement",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1491.002",
             "url": "https://attack.mitre.org/techniques/T1491/002",
             "deprecated": false
@@ -728,6 +813,7 @@ export const intel = {
             "stixId": "attack-pattern--0dbf5f1b-a560-4d51-ac1b-d70caab3e1f0",
             "name": "LLMNR/NBT-NS Poisoning and Relay",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1171",
             "url": "https://attack.mitre.org/techniques/T1171",
             "deprecated": true
@@ -736,6 +822,7 @@ export const intel = {
             "stixId": "attack-pattern--0dda99f0-4701-48ca-9774-8504922e92d3",
             "name": "IP Addresses",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590.005",
             "url": "https://attack.mitre.org/techniques/T1590/005",
             "deprecated": false
@@ -744,6 +831,7 @@ export const intel = {
             "stixId": "attack-pattern--0df05477-c572-4ed6-88a9-47c581f548f7",
             "name": "OS Exhaustion Flood",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1499.001",
             "url": "https://attack.mitre.org/techniques/T1499/001",
             "deprecated": false
@@ -752,6 +840,7 @@ export const intel = {
             "stixId": "attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b",
             "name": "Rootkit",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1014",
             "url": "https://attack.mitre.org/techniques/T1014",
             "deprecated": false
@@ -760,6 +849,7 @@ export const intel = {
             "stixId": "attack-pattern--0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
             "name": "PowerShell Profile",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.013",
             "url": "https://attack.mitre.org/techniques/T1546/013",
             "deprecated": false
@@ -768,6 +858,7 @@ export const intel = {
             "stixId": "attack-pattern--0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
             "name": "JavaScript",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.007",
             "url": "https://attack.mitre.org/techniques/T1059/007",
             "deprecated": false
@@ -776,6 +867,7 @@ export const intel = {
             "stixId": "attack-pattern--0ff59227-8aa8-4c09-bf1f-925605bd07ea",
             "name": "DNS",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590.002",
             "url": "https://attack.mitre.org/techniques/T1590/002",
             "deprecated": false
@@ -784,6 +876,7 @@ export const intel = {
             "stixId": "attack-pattern--0fff2797-19cb-41ea-a5f1-8a9303b8158e",
             "name": "Systemd Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1501",
             "url": "https://attack.mitre.org/techniques/T1501",
             "deprecated": true
@@ -792,6 +885,7 @@ export const intel = {
             "stixId": "attack-pattern--101c3a64-9ba5-46c9-b573-5c501053cbca",
             "name": "Elevated Execution with Prompt",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1514",
             "url": "https://attack.mitre.org/techniques/T1514",
             "deprecated": true
@@ -800,6 +894,7 @@ export const intel = {
             "stixId": "attack-pattern--1035cdf2-3e5f-446f-a7a7-e8f6d7925967",
             "name": "Audio Capture",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1123",
             "url": "https://attack.mitre.org/techniques/T1123",
             "deprecated": false
@@ -808,6 +903,7 @@ export const intel = {
             "stixId": "attack-pattern--106c0cf6-bf73-4601-9aa8-0945c2715ec5",
             "name": "Create or Modify System Process",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1543",
             "url": "https://attack.mitre.org/techniques/T1543",
             "deprecated": false
@@ -816,6 +912,7 @@ export const intel = {
             "stixId": "attack-pattern--10d51417-ee35-4589-b1ff-b6df1c334e8d",
             "name": "External Remote Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1133",
             "url": "https://attack.mitre.org/techniques/T1133",
             "deprecated": false
@@ -824,6 +921,7 @@ export const intel = {
             "stixId": "attack-pattern--10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44",
             "name": "Component Firmware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1109",
             "url": "https://attack.mitre.org/techniques/T1109",
             "deprecated": true
@@ -832,6 +930,7 @@ export const intel = {
             "stixId": "attack-pattern--10ff21b9-5a01-4268-a1b5-3b55015f1847",
             "name": "LC_LOAD_DYLIB Addition",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.006",
             "url": "https://attack.mitre.org/techniques/T1546/006",
             "deprecated": false
@@ -840,6 +939,7 @@ export const intel = {
             "stixId": "attack-pattern--10ffac09-e42d-4f56-ab20-db94c67d76ff",
             "name": "Steal Web Session Cookie",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1539",
             "url": "https://attack.mitre.org/techniques/T1539",
             "deprecated": false
@@ -848,6 +948,7 @@ export const intel = {
             "stixId": "attack-pattern--1126cab1-c700-412f-a510-61f4937bb096",
             "name": "Container Orchestration Job",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.007",
             "url": "https://attack.mitre.org/techniques/T1053/007",
             "deprecated": false
@@ -856,6 +957,7 @@ export const intel = {
             "stixId": "attack-pattern--118f61a5-eb3e-4fb6-931f-2096647f4ecd",
             "name": "Domain Generation Algorithms",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1568.002",
             "url": "https://attack.mitre.org/techniques/T1568/002",
             "deprecated": false
@@ -864,6 +966,7 @@ export const intel = {
             "stixId": "attack-pattern--11f29a39-0942-4d62-92b6-fe236cf3066e",
             "name": "Double File Extension",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.007",
             "url": "https://attack.mitre.org/techniques/T1036/007",
             "deprecated": false
@@ -872,6 +975,7 @@ export const intel = {
             "stixId": "attack-pattern--120d5519-3098-4e1c-9191-2aa61232f073",
             "name": "Bypass User Account Control",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1548.002",
             "url": "https://attack.mitre.org/techniques/T1548/002",
             "deprecated": false
@@ -880,6 +984,7 @@ export const intel = {
             "stixId": "attack-pattern--128c55d3-aeba-469f-bd3e-c8996ab4112a",
             "name": "Timestomp",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1099",
             "url": "https://attack.mitre.org/techniques/T1099",
             "deprecated": true
@@ -888,6 +993,7 @@ export const intel = {
             "stixId": "attack-pattern--132d5b37-aac5-4378-a8dc-3127b18a73dc",
             "name": "Internet Connection Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1016.001",
             "url": "https://attack.mitre.org/techniques/T1016/001",
             "deprecated": false
@@ -896,6 +1002,7 @@ export const intel = {
             "stixId": "attack-pattern--1365fe3b-0f50-455d-b4da-266ce31c23b0",
             "name": "Sudo and Sudo Caching",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1548.003",
             "url": "https://attack.mitre.org/techniques/T1548/003",
             "deprecated": false
@@ -904,6 +1011,7 @@ export const intel = {
             "stixId": "attack-pattern--143c0cbb-a297-4142-9624-87ffc778980b",
             "name": "Archive via Custom Method",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1560.003",
             "url": "https://attack.mitre.org/techniques/T1560/003",
             "deprecated": false
@@ -912,6 +1020,7 @@ export const intel = {
             "stixId": "attack-pattern--144e007b-e638-431d-a894-45d90c54ab90",
             "name": "Modify Cloud Compute Infrastructure",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1578",
             "url": "https://attack.mitre.org/techniques/T1578",
             "deprecated": false
@@ -920,6 +1029,7 @@ export const intel = {
             "stixId": "attack-pattern--155207c0-7f53-4f13-a06b-0a9907ef5096",
             "name": "Malvertising",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.008",
             "url": "https://attack.mitre.org/techniques/T1583/008",
             "deprecated": false
@@ -928,6 +1038,7 @@ export const intel = {
             "stixId": "attack-pattern--15dbf668-795c-41e6-8219-f0447c0e64ce",
             "name": "Permission Groups Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1069",
             "url": "https://attack.mitre.org/techniques/T1069",
             "deprecated": false
@@ -936,6 +1047,7 @@ export const intel = {
             "stixId": "attack-pattern--1608f3e1-598a-42f4-a01a-2e252e81728f",
             "name": "Email Collection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1114",
             "url": "https://attack.mitre.org/techniques/T1114",
             "deprecated": false
@@ -944,6 +1056,7 @@ export const intel = {
             "stixId": "attack-pattern--1644e709-12d2-41e5-a60f-3470991f5011",
             "name": "Security Account Manager",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.002",
             "url": "https://attack.mitre.org/techniques/T1003/002",
             "deprecated": false
@@ -952,6 +1065,7 @@ export const intel = {
             "stixId": "attack-pattern--166de1c6-2814-4fe5-8438-4e80f76b169f",
             "name": "WHOIS",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1596.002",
             "url": "https://attack.mitre.org/techniques/T1596/002",
             "deprecated": false
@@ -960,6 +1074,7 @@ export const intel = {
             "stixId": "attack-pattern--16ab6452-c3c1-497c-a47d-206018ca1ada",
             "name": "System Firmware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1542.001",
             "url": "https://attack.mitre.org/techniques/T1542/001",
             "deprecated": false
@@ -968,6 +1083,7 @@ export const intel = {
             "stixId": "attack-pattern--16cdd21f-da65-4e4f-bc04-dd7d198c7b26",
             "name": "Search Victim-Owned Websites",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1594",
             "url": "https://attack.mitre.org/techniques/T1594",
             "deprecated": false
@@ -976,6 +1092,7 @@ export const intel = {
             "stixId": "attack-pattern--16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
             "name": "Cloud Groups",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1069.003",
             "url": "https://attack.mitre.org/techniques/T1069/003",
             "deprecated": false
@@ -984,6 +1101,7 @@ export const intel = {
             "stixId": "attack-pattern--17cc750b-e95b-4d7d-9dde-49e0de24148c",
             "name": "Services Registry Permissions Weakness",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.011",
             "url": "https://attack.mitre.org/techniques/T1574/011",
             "deprecated": false
@@ -992,6 +1110,7 @@ export const intel = {
             "stixId": "attack-pattern--17fd695c-b88c-455a-a3d1-43b6cb728532",
             "name": "DNS/Passive DNS",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1596.001",
             "url": "https://attack.mitre.org/techniques/T1596/001",
             "deprecated": false
@@ -1000,6 +1119,7 @@ export const intel = {
             "stixId": "attack-pattern--18cffc21-3260-437e-80e4-4ab8bf2ba5e9",
             "name": "Application Exhaustion Flood",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1499.003",
             "url": "https://attack.mitre.org/techniques/T1499/003",
             "deprecated": false
@@ -1008,6 +1128,7 @@ export const intel = {
             "stixId": "attack-pattern--18d4ab39-12ed-4a16-9fdb-ae311bba4a0f",
             "name": "Rc.common",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1163",
             "url": "https://attack.mitre.org/techniques/T1163",
             "deprecated": true
@@ -1016,6 +1137,7 @@ export const intel = {
             "stixId": "attack-pattern--191cc6af-1bb2-4344-ab5f-28e496638720",
             "name": "Compromise Software Dependencies and Development Tools",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1195.001",
             "url": "https://attack.mitre.org/techniques/T1195/001",
             "deprecated": false
@@ -1024,6 +1146,7 @@ export const intel = {
             "stixId": "attack-pattern--19401639-28d0-4c3c-adcc-bc2ba22f6421",
             "name": "Digital Certificates",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588.004",
             "url": "https://attack.mitre.org/techniques/T1588/004",
             "deprecated": false
@@ -1032,6 +1155,7 @@ export const intel = {
             "stixId": "attack-pattern--197ef1b9-e764-46c3-b96c-23f77985dc81",
             "name": "DNS Server",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.002",
             "url": "https://attack.mitre.org/techniques/T1583/002",
             "deprecated": false
@@ -1040,6 +1164,7 @@ export const intel = {
             "stixId": "attack-pattern--1988cc35-ced8-4dad-b2d1-7628488fa967",
             "name": "Disk Wipe",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1561",
             "url": "https://attack.mitre.org/techniques/T1561",
             "deprecated": false
@@ -1048,6 +1173,7 @@ export const intel = {
             "stixId": "attack-pattern--1996eef1-ced3-4d7f-bf94-33298cabbf72",
             "name": "DNS",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1071.004",
             "url": "https://attack.mitre.org/techniques/T1071/004",
             "deprecated": false
@@ -1056,6 +1182,7 @@ export const intel = {
             "stixId": "attack-pattern--19bf235b-8620-4997-b5b4-94e0659ed7c3",
             "name": "Cloud Instance Metadata API",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.005",
             "url": "https://attack.mitre.org/techniques/T1552/005",
             "deprecated": false
@@ -1064,6 +1191,7 @@ export const intel = {
             "stixId": "attack-pattern--1a80d097-54df-41d8-9d33-34e755ec5e72",
             "name": "Securityd Memory",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1555.002",
             "url": "https://attack.mitre.org/techniques/T1555/002",
             "deprecated": false
@@ -1072,6 +1200,7 @@ export const intel = {
             "stixId": "attack-pattern--1b20efbf-8063-4fc3-a07d-b575318a301b",
             "name": "Group Policy Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1615",
             "url": "https://attack.mitre.org/techniques/T1615",
             "deprecated": false
@@ -1080,6 +1209,7 @@ export const intel = {
             "stixId": "attack-pattern--1b7b1806-7746-41a1-a35d-e48dae25ddba",
             "name": "Bootkit",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1542.003",
             "url": "https://attack.mitre.org/techniques/T1542/003",
             "deprecated": false
@@ -1088,6 +1218,7 @@ export const intel = {
             "stixId": "attack-pattern--1b7ba276-eedc-4951-a762-0ceea2c030ec",
             "name": "Data from Removable Media",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1025",
             "url": "https://attack.mitre.org/techniques/T1025",
             "deprecated": false
@@ -1096,6 +1227,7 @@ export const intel = {
             "stixId": "attack-pattern--1b84d551-6de8-4b96-9930-d177677c3b1d",
             "name": "Code Signing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1116",
             "url": "https://attack.mitre.org/techniques/T1116",
             "deprecated": true
@@ -1104,6 +1236,7 @@ export const intel = {
             "stixId": "attack-pattern--1bae753e-8e52-4055-a66d-2ead90303ca9",
             "name": "Mavinject",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.013",
             "url": "https://attack.mitre.org/techniques/T1218/013",
             "deprecated": false
@@ -1112,6 +1245,7 @@ export const intel = {
             "stixId": "attack-pattern--1c2fd73a-e634-44ed-b1b5-9e7cf7404e9f",
             "name": "Cloud Instance Metadata API",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1522",
             "url": "https://attack.mitre.org/techniques/T1522",
             "deprecated": true
@@ -1120,6 +1254,7 @@ export const intel = {
             "stixId": "attack-pattern--1c338d0f-a65e-4073-a5c1-c06878849f21",
             "name": "Process Hollowing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1093",
             "url": "https://attack.mitre.org/techniques/T1093",
             "deprecated": true
@@ -1128,6 +1263,7 @@ export const intel = {
             "stixId": "attack-pattern--1c34f7aa-9341-4a48-bfab-af22e51aca6c",
             "name": "Local Data Staging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1074.001",
             "url": "https://attack.mitre.org/techniques/T1074/001",
             "deprecated": false
@@ -1136,6 +1272,7 @@ export const intel = {
             "stixId": "attack-pattern--1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
             "name": "Match Legitimate Name or Location",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.005",
             "url": "https://attack.mitre.org/techniques/T1036/005",
             "deprecated": false
@@ -1144,6 +1281,7 @@ export const intel = {
             "stixId": "attack-pattern--1ce03c65-5946-4ac9-9d4d-66db87e024bd",
             "name": "Domain Fronting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1172",
             "url": "https://attack.mitre.org/techniques/T1172",
             "deprecated": true
@@ -1152,6 +1290,7 @@ export const intel = {
             "stixId": "attack-pattern--1cec9319-743b-4840-bb65-431547bce82a",
             "name": "Digital Certificates",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1587.003",
             "url": "https://attack.mitre.org/techniques/T1587/003",
             "deprecated": false
@@ -1160,6 +1299,7 @@ export const intel = {
             "stixId": "attack-pattern--1cfcb312-b8d7-47a4-b560-4b16cc677292",
             "name": "Stored Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1565.001",
             "url": "https://attack.mitre.org/techniques/T1565/001",
             "deprecated": false
@@ -1168,6 +1308,7 @@ export const intel = {
             "stixId": "attack-pattern--1d24cdee-9ea2-4189-b08e-af110bf2435d",
             "name": "Password Cracking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1110.002",
             "url": "https://attack.mitre.org/techniques/T1110/002",
             "deprecated": false
@@ -1176,6 +1317,7 @@ export const intel = {
             "stixId": "attack-pattern--1df0326d-2fbc-4d08-a16b-48365f1e742d",
             "name": "SID-History Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1178",
             "url": "https://attack.mitre.org/techniques/T1178",
             "deprecated": true
@@ -1184,6 +1326,7 @@ export const intel = {
             "stixId": "attack-pattern--1e9eb839-294b-48cc-b0d3-c45555a2a004",
             "name": "Local Email Collection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1114.001",
             "url": "https://attack.mitre.org/techniques/T1114/001",
             "deprecated": false
@@ -1192,6 +1335,7 @@ export const intel = {
             "stixId": "attack-pattern--1eaebf46-e361-4437-bc23-d5d65a3b92e3",
             "name": "Keychain",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1555.001",
             "url": "https://attack.mitre.org/techniques/T1555/001",
             "deprecated": false
@@ -1200,6 +1344,7 @@ export const intel = {
             "stixId": "attack-pattern--1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
             "name": "Boot or Logon Autostart Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547",
             "url": "https://attack.mitre.org/techniques/T1547",
             "deprecated": false
@@ -1208,6 +1353,7 @@ export const intel = {
             "stixId": "attack-pattern--1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
             "name": "LSA Secrets",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.004",
             "url": "https://attack.mitre.org/techniques/T1003/004",
             "deprecated": false
@@ -1216,6 +1362,7 @@ export const intel = {
             "stixId": "attack-pattern--1f47e2fd-fa77-4f2f-88ee-e85df308f125",
             "name": "Port Monitors",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1013",
             "url": "https://attack.mitre.org/techniques/T1013",
             "deprecated": true
@@ -1224,6 +1371,7 @@ export const intel = {
             "stixId": "attack-pattern--1f9012ef-1e10-4e48-915e-e03563435fe8",
             "name": "Weaken Encryption",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1600",
             "url": "https://attack.mitre.org/techniques/T1600",
             "deprecated": false
@@ -1232,6 +1380,7 @@ export const intel = {
             "stixId": "attack-pattern--1f9c2bae-b441-4f66-a8af-b65946ee72f2",
             "name": "SAML Tokens",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1606.002",
             "url": "https://attack.mitre.org/techniques/T1606/002",
             "deprecated": false
@@ -1240,6 +1389,7 @@ export const intel = {
             "stixId": "attack-pattern--20138b9d-1aac-4a26-8654-a36b6bbf2bba",
             "name": "Spearphishing Link",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1192",
             "url": "https://attack.mitre.org/techniques/T1192",
             "deprecated": true
@@ -1248,6 +1398,7 @@ export const intel = {
             "stixId": "attack-pattern--208884f1-7b83-4473-ac22-4e1cf6c41471",
             "name": "Masquerade File Type",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.008",
             "url": "https://attack.mitre.org/techniques/T1036/008",
             "deprecated": false
@@ -1256,6 +1407,7 @@ export const intel = {
             "stixId": "attack-pattern--20fb2507-d71c-455d-9b6d-6104461cf26b",
             "name": "Service Stop",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1489",
             "url": "https://attack.mitre.org/techniques/T1489",
             "deprecated": false
@@ -1264,6 +1416,7 @@ export const intel = {
             "stixId": "attack-pattern--212306d8-efa4-44c9-8c2d-ed3d2e224aa0",
             "name": "Malware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1587.001",
             "url": "https://attack.mitre.org/techniques/T1587/001",
             "deprecated": false
@@ -1272,6 +1425,7 @@ export const intel = {
             "stixId": "attack-pattern--215190a9-9f02-4e83-bb5f-e0589965a302",
             "name": "Regsvcs/Regasm",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1121",
             "url": "https://attack.mitre.org/techniques/T1121",
             "deprecated": true
@@ -1280,6 +1434,7 @@ export const intel = {
             "stixId": "attack-pattern--215d9700-5881-48b8-8265-6449dbb7195d",
             "name": "Device Driver Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1652",
             "url": "https://attack.mitre.org/techniques/T1652",
             "deprecated": false
@@ -1288,6 +1443,7 @@ export const intel = {
             "stixId": "attack-pattern--2169ba87-1146-4fc7-a118-12b72251db7e",
             "name": "Sudo Caching",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1206",
             "url": "https://attack.mitre.org/techniques/T1206",
             "deprecated": true
@@ -1296,6 +1452,7 @@ export const intel = {
             "stixId": "attack-pattern--21875073-b0ee-49e3-9077-1e2a885359af",
             "name": "Domain Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1087.002",
             "url": "https://attack.mitre.org/techniques/T1087/002",
             "deprecated": false
@@ -1304,6 +1461,7 @@ export const intel = {
             "stixId": "attack-pattern--22522668-ddf6-470b-a027-9d6866679f67",
             "name": "Active Setup",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.014",
             "url": "https://attack.mitre.org/techniques/T1547/014",
             "deprecated": false
@@ -1312,6 +1470,7 @@ export const intel = {
             "stixId": "attack-pattern--22905430-4901-4c2a-84f6-98243cb173f8",
             "name": "Hide Artifacts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564",
             "url": "https://attack.mitre.org/techniques/T1564",
             "deprecated": false
@@ -1320,6 +1479,7 @@ export const intel = {
             "stixId": "attack-pattern--232a7e42-cd6e-4902-8fe9-2960f529dd4d",
             "name": "Dynamic Data Exchange",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1559.002",
             "url": "https://attack.mitre.org/techniques/T1559/002",
             "deprecated": false
@@ -1328,6 +1488,7 @@ export const intel = {
             "stixId": "attack-pattern--232b7f21-adf9-4b42-b936-b9d6f7df856e",
             "name": "Malicious File",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1204.002",
             "url": "https://attack.mitre.org/techniques/T1204/002",
             "deprecated": false
@@ -1336,6 +1497,7 @@ export const intel = {
             "stixId": "attack-pattern--2339cf19-8f1e-48f7-8a91-0262ba547b6f",
             "name": "Identify Business Tempo",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1591.003",
             "url": "https://attack.mitre.org/techniques/T1591/003",
             "deprecated": false
@@ -1344,6 +1506,7 @@ export const intel = {
             "stixId": "attack-pattern--241814ae-de3f-4656-b49e-f9a80764d4b7",
             "name": "Security Software Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1063",
             "url": "https://attack.mitre.org/techniques/T1063",
             "deprecated": true
@@ -1352,6 +1515,7 @@ export const intel = {
             "stixId": "attack-pattern--24286c33-d4a4-4419-85c2-1d094a896c26",
             "name": "Hardware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1592.001",
             "url": "https://attack.mitre.org/techniques/T1592/001",
             "deprecated": false
@@ -1360,6 +1524,7 @@ export const intel = {
             "stixId": "attack-pattern--246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
             "name": "Taint Shared Content",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1080",
             "url": "https://attack.mitre.org/techniques/T1080",
             "deprecated": false
@@ -1368,6 +1533,7 @@ export const intel = {
             "stixId": "attack-pattern--24769ab5-14bd-4f4e-a752-cfb185da53ee",
             "name": "Domain Trust Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1484.002",
             "url": "https://attack.mitre.org/techniques/T1484/002",
             "deprecated": false
@@ -1376,6 +1542,7 @@ export const intel = {
             "stixId": "attack-pattern--24bfaeba-cb0d-4525-b3dc-507c77ecec41",
             "name": "Symmetric Cryptography",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1573.001",
             "url": "https://attack.mitre.org/techniques/T1573/001",
             "deprecated": false
@@ -1384,6 +1551,7 @@ export const intel = {
             "stixId": "attack-pattern--25659dd6-ea12-45c4-97e6-381e3e4b593e",
             "name": "Local Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1087.001",
             "url": "https://attack.mitre.org/techniques/T1087/001",
             "deprecated": false
@@ -1392,6 +1560,7 @@ export const intel = {
             "stixId": "attack-pattern--2715c335-1bf2-4efe-9f18-0691317ff83b",
             "name": "Securityd Memory",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1167",
             "url": "https://attack.mitre.org/techniques/T1167",
             "deprecated": true
@@ -1400,6 +1569,7 @@ export const intel = {
             "stixId": "attack-pattern--274770e0-2612-4ccf-a678-ef8e7bad365d",
             "name": "Social Media Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1586.001",
             "url": "https://attack.mitre.org/techniques/T1586/001",
             "deprecated": false
@@ -1408,6 +1578,7 @@ export const intel = {
             "stixId": "attack-pattern--27960489-4e7f-461d-a62a-f5c0cb521e4a",
             "name": "Application Access Token",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1527",
             "url": "https://attack.mitre.org/techniques/T1527",
             "deprecated": true
@@ -1416,6 +1587,7 @@ export const intel = {
             "stixId": "attack-pattern--28170e17-8384-415c-8486-2e6b294cb803",
             "name": "Safe Mode Boot",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.009",
             "url": "https://attack.mitre.org/techniques/T1562/009",
             "deprecated": false
@@ -1424,6 +1596,7 @@ export const intel = {
             "stixId": "attack-pattern--2892b9ee-ca9f-4723-b332-0dc6e843a8ae",
             "name": "Screensaver",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1180",
             "url": "https://attack.mitre.org/techniques/T1180",
             "deprecated": true
@@ -1432,6 +1605,7 @@ export const intel = {
             "stixId": "attack-pattern--28abec6c-4443-4b03-8206-07f2e264a6b4",
             "name": "TFTP Boot",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1542.005",
             "url": "https://attack.mitre.org/techniques/T1542/005",
             "deprecated": false
@@ -1440,6 +1614,7 @@ export const intel = {
             "stixId": "attack-pattern--2959d63f-73fd-46a1-abd2-109d7dcede32",
             "name": "Windows Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1543.003",
             "url": "https://attack.mitre.org/techniques/T1543/003",
             "deprecated": false
@@ -1448,6 +1623,7 @@ export const intel = {
             "stixId": "attack-pattern--29ba5a15-3b7b-4732-b817-65ea8f6468e6",
             "name": "Fast Flux DNS",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1568.001",
             "url": "https://attack.mitre.org/techniques/T1568/001",
             "deprecated": false
@@ -1456,6 +1632,7 @@ export const intel = {
             "stixId": "attack-pattern--29be378d-262d-4e99-b00d-852d573628e6",
             "name": "System Checks",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1497.001",
             "url": "https://attack.mitre.org/techniques/T1497/001",
             "deprecated": false
@@ -1464,6 +1641,7 @@ export const intel = {
             "stixId": "attack-pattern--2acf44aa-542f-4366-b4eb-55ef5747759c",
             "name": "Cron",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.003",
             "url": "https://attack.mitre.org/techniques/T1053/003",
             "deprecated": false
@@ -1472,6 +1650,7 @@ export const intel = {
             "stixId": "attack-pattern--2aed01ad-3df3-4410-a8cb-11ea4ded587c",
             "name": "Domain Groups",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1069.002",
             "url": "https://attack.mitre.org/techniques/T1069/002",
             "deprecated": false
@@ -1480,6 +1659,7 @@ export const intel = {
             "stixId": "attack-pattern--2b5aa86b-a0df-4382-848d-30abea443327",
             "name": "Vulnerabilities",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588.006",
             "url": "https://attack.mitre.org/techniques/T1588/006",
             "deprecated": false
@@ -1488,6 +1668,7 @@ export const intel = {
             "stixId": "attack-pattern--2b742742-28c3-4e1b-bab7-8350d6300fa7",
             "name": "Spearphishing Link",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1566.002",
             "url": "https://attack.mitre.org/techniques/T1566/002",
             "deprecated": false
@@ -1496,6 +1677,7 @@ export const intel = {
             "stixId": "attack-pattern--2ba5aa71-9d15-4b22-b726-56af06d9ad2f",
             "name": "Startup Items",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1165",
             "url": "https://attack.mitre.org/techniques/T1165",
             "deprecated": true
@@ -1504,6 +1686,7 @@ export const intel = {
             "stixId": "attack-pattern--2bce5b30-7014-4a5d-ade7-12913fe6ac36",
             "name": "Clear Linux or Mac System Logs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.002",
             "url": "https://attack.mitre.org/techniques/T1070/002",
             "deprecated": false
@@ -1512,6 +1695,7 @@ export const intel = {
             "stixId": "attack-pattern--2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
             "name": "Application or System Exploitation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1499.004",
             "url": "https://attack.mitre.org/techniques/T1499/004",
             "deprecated": false
@@ -1520,6 +1704,7 @@ export const intel = {
             "stixId": "attack-pattern--2c4d4e92-0ccf-4a97-b54c-86d662988a53",
             "name": "Office Application Startup",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137",
             "url": "https://attack.mitre.org/techniques/T1137",
             "deprecated": false
@@ -1528,6 +1713,7 @@ export const intel = {
             "stixId": "attack-pattern--2cd950a6-16c4-404a-aa01-044322395107",
             "name": "InstallUtil",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.004",
             "url": "https://attack.mitre.org/techniques/T1218/004",
             "deprecated": false
@@ -1536,6 +1722,7 @@ export const intel = {
             "stixId": "attack-pattern--2d3f5b3c-54ca-4f4d-bb1f-849346d31230",
             "name": "Spearphishing Link",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1598.003",
             "url": "https://attack.mitre.org/techniques/T1598/003",
             "deprecated": false
@@ -1544,6 +1731,7 @@ export const intel = {
             "stixId": "attack-pattern--2db31dcd-54da-405d-acef-b9129b816ed6",
             "name": "SSH",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.004",
             "url": "https://attack.mitre.org/techniques/T1021/004",
             "deprecated": false
@@ -1552,6 +1740,7 @@ export const intel = {
             "stixId": "attack-pattern--2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3",
             "name": "Additional Cloud Roles",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1098.003",
             "url": "https://attack.mitre.org/techniques/T1098/003",
             "deprecated": false
@@ -1560,6 +1749,7 @@ export const intel = {
             "stixId": "attack-pattern--2de47683-f398-448f-b947-9abcc3e32fad",
             "name": "Print Processors",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.012",
             "url": "https://attack.mitre.org/techniques/T1547/012",
             "deprecated": false
@@ -1568,6 +1758,7 @@ export const intel = {
             "stixId": "attack-pattern--2e0dd10b-676d-4964-acd0-8a404c92b044",
             "name": "Disabling Security Tools",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1089",
             "url": "https://attack.mitre.org/techniques/T1089",
             "deprecated": true
@@ -1576,6 +1767,7 @@ export const intel = {
             "stixId": "attack-pattern--2e114e45-2c50-404c-804a-3af9564d240e",
             "name": "Disk Structure Wipe",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1487",
             "url": "https://attack.mitre.org/techniques/T1487",
             "deprecated": true
@@ -1584,6 +1776,7 @@ export const intel = {
             "stixId": "attack-pattern--2e34237d-8574-43f6-aace-ae2915de8597",
             "name": "Spearphishing Attachment",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1566.001",
             "url": "https://attack.mitre.org/techniques/T1566/001",
             "deprecated": false
@@ -1592,6 +1785,7 @@ export const intel = {
             "stixId": "attack-pattern--2edd9d6a-5674-4326-a600-ba56de467286",
             "name": "Credentials in Registry",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1214",
             "url": "https://attack.mitre.org/techniques/T1214",
             "deprecated": true
@@ -1600,6 +1794,7 @@ export const intel = {
             "stixId": "attack-pattern--2f41939b-54c3-41d6-8f8b-35f1ec18ed97",
             "name": "Stripped Payloads",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.008",
             "url": "https://attack.mitre.org/techniques/T1027/008",
             "deprecated": false
@@ -1608,6 +1803,7 @@ export const intel = {
             "stixId": "attack-pattern--2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64",
             "name": "Component Object Model",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1559.001",
             "url": "https://attack.mitre.org/techniques/T1559/001",
             "deprecated": false
@@ -1616,6 +1812,7 @@ export const intel = {
             "stixId": "attack-pattern--2fee9321-3e71-4cf4-af24-d4d40d355b34",
             "name": "DLL Search Order Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.001",
             "url": "https://attack.mitre.org/techniques/T1574/001",
             "deprecated": false
@@ -1624,6 +1821,7 @@ export const intel = {
             "stixId": "attack-pattern--30208d3e-0d6b-43c8-883e-44462a514619",
             "name": "Automated Collection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1119",
             "url": "https://attack.mitre.org/techniques/T1119",
             "deprecated": false
@@ -1632,6 +1830,7 @@ export const intel = {
             "stixId": "attack-pattern--30973a08-aed9-4edf-8604-9084ce1b5c4f",
             "name": "Clipboard Data",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1115",
             "url": "https://attack.mitre.org/techniques/T1115",
             "deprecated": false
@@ -1640,6 +1839,7 @@ export const intel = {
             "stixId": "attack-pattern--3120b9fa-23b8-4500-ae73-09494f607b7d",
             "name": "Proc Filesystem",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.007",
             "url": "https://attack.mitre.org/techniques/T1003/007",
             "deprecated": false
@@ -1648,6 +1848,7 @@ export const intel = {
             "stixId": "attack-pattern--31225cd3-cd46-4575-b287-c2c14011c074",
             "name": "Botnet",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.005",
             "url": "https://attack.mitre.org/techniques/T1583/005",
             "deprecated": false
@@ -1656,6 +1857,7 @@ export const intel = {
             "stixId": "attack-pattern--315f51f0-6b03-4c1e-bfb2-84740afb8e21",
             "name": "Password Managers",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1555.005",
             "url": "https://attack.mitre.org/techniques/T1555/005",
             "deprecated": false
@@ -1664,6 +1866,7 @@ export const intel = {
             "stixId": "attack-pattern--317fefa6-46c7-4062-adb6-2008cf6bcb41",
             "name": "AppInit DLLs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1103",
             "url": "https://attack.mitre.org/techniques/T1103",
             "deprecated": true
@@ -1672,6 +1875,7 @@ export const intel = {
             "stixId": "attack-pattern--31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e",
             "name": "Gatekeeper Bypass",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553.001",
             "url": "https://attack.mitre.org/techniques/T1553/001",
             "deprecated": false
@@ -1680,6 +1884,7 @@ export const intel = {
             "stixId": "attack-pattern--31fe0ba2-62fd-4fd9-9293-4043d84f7fe9",
             "name": "Drive-by Target",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608.004",
             "url": "https://attack.mitre.org/techniques/T1608/004",
             "deprecated": false
@@ -1688,6 +1893,7 @@ export const intel = {
             "stixId": "attack-pattern--322bad5a-1c49-4d23-ab79-76d641794afa",
             "name": "System Service Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1007",
             "url": "https://attack.mitre.org/techniques/T1007",
             "deprecated": false
@@ -1696,6 +1902,7 @@ export const intel = {
             "stixId": "attack-pattern--3257eb21-f9a7-4430-8de1-d8b6e288f529",
             "name": "Network Sniffing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1040",
             "url": "https://attack.mitre.org/techniques/T1040",
             "deprecated": false
@@ -1704,6 +1911,7 @@ export const intel = {
             "stixId": "attack-pattern--327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61",
             "name": "Application Deployment Software",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1017",
             "url": "https://attack.mitre.org/techniques/T1017",
             "deprecated": true
@@ -1712,6 +1920,7 @@ export const intel = {
             "stixId": "attack-pattern--32901740-b42c-4fdd-bc02-345b5dc57082",
             "name": "Code Signing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553.002",
             "url": "https://attack.mitre.org/techniques/T1553/002",
             "deprecated": false
@@ -1720,6 +1929,7 @@ export const intel = {
             "stixId": "attack-pattern--3298ce88-1628-43b1-87d9-0b5336b193d7",
             "name": "Data from Cloud Storage",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1530",
             "url": "https://attack.mitre.org/techniques/T1530",
             "deprecated": false
@@ -1728,6 +1938,7 @@ export const intel = {
             "stixId": "attack-pattern--32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
             "name": "Runtime Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1565.003",
             "url": "https://attack.mitre.org/techniques/T1565/003",
             "deprecated": false
@@ -1736,6 +1947,7 @@ export const intel = {
             "stixId": "attack-pattern--341e222a-a6e3-4f6f-b69c-831d792b1580",
             "name": "Credentials in Registry",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.002",
             "url": "https://attack.mitre.org/techniques/T1552/002",
             "deprecated": false
@@ -1744,6 +1956,7 @@ export const intel = {
             "stixId": "attack-pattern--3489cfc5-640f-4bb3-a103-9137b97de79f",
             "name": "Network Share Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1135",
             "url": "https://attack.mitre.org/techniques/T1135",
             "deprecated": false
@@ -1752,6 +1965,7 @@ export const intel = {
             "stixId": "attack-pattern--348f1eef-964b-4eb6-bb53-69b3dcb0c643",
             "name": "Peripheral Device Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1120",
             "url": "https://attack.mitre.org/techniques/T1120",
             "deprecated": false
@@ -1760,6 +1974,7 @@ export const intel = {
             "stixId": "attack-pattern--34ab90a3-05f6-4259-8f21-621081fdaba5",
             "name": "Network Topology",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590.004",
             "url": "https://attack.mitre.org/techniques/T1590/004",
             "deprecated": false
@@ -1768,6 +1983,7 @@ export const intel = {
             "stixId": "attack-pattern--34b3f738-bd64-40e5-a112-29b0542bc8bf",
             "name": "Code Signing Certificates",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1587.002",
             "url": "https://attack.mitre.org/techniques/T1587/002",
             "deprecated": false
@@ -1776,6 +1992,7 @@ export const intel = {
             "stixId": "attack-pattern--34e793de-0274-4982-9c1a-246ed1c19dee",
             "name": "Windows File and Directory Permissions Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1222.001",
             "url": "https://attack.mitre.org/techniques/T1222/001",
             "deprecated": false
@@ -1784,6 +2001,7 @@ export const intel = {
             "stixId": "attack-pattern--34f1d81d-fe88-4f97-bd3b-a3164536255d",
             "name": "Add-ins",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137.006",
             "url": "https://attack.mitre.org/techniques/T1137/006",
             "deprecated": false
@@ -1792,6 +2010,7 @@ export const intel = {
             "stixId": "attack-pattern--35187df2-31ed-43b6-a1f5-2f1d3d58d3f1",
             "name": "Transport Agent",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1505.002",
             "url": "https://attack.mitre.org/techniques/T1505/002",
             "deprecated": false
@@ -1800,6 +2019,7 @@ export const intel = {
             "stixId": "attack-pattern--354a7f88-63fb-41b5-a801-ce3b377b36f1",
             "name": "System Information Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1082",
             "url": "https://attack.mitre.org/techniques/T1082",
             "deprecated": false
@@ -1808,6 +2028,7 @@ export const intel = {
             "stixId": "attack-pattern--355be19c-ffc9-46d5-8d50-d6a036c675b6",
             "name": "Application Layer Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1071",
             "url": "https://attack.mitre.org/techniques/T1071",
             "deprecated": false
@@ -1816,6 +2037,7 @@ export const intel = {
             "stixId": "attack-pattern--359b00ad-9425-420b-bba5-6de8d600cbc0",
             "name": "Remote Data Staging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1074.002",
             "url": "https://attack.mitre.org/techniques/T1074/002",
             "deprecated": false
@@ -1824,6 +2046,7 @@ export const intel = {
             "stixId": "attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9",
             "name": "Scheduled Task/Job",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053",
             "url": "https://attack.mitre.org/techniques/T1053",
             "deprecated": false
@@ -1832,6 +2055,7 @@ export const intel = {
             "stixId": "attack-pattern--365be77f-fc0e-42ee-bac8-4faf806d9336",
             "name": "Msiexec",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.007",
             "url": "https://attack.mitre.org/techniques/T1218/007",
             "deprecated": false
@@ -1840,6 +2064,7 @@ export const intel = {
             "stixId": "attack-pattern--36675cd3-fe00-454c-8516-aebecacbe9d9",
             "name": "Login Item",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1162",
             "url": "https://attack.mitre.org/techniques/T1162",
             "deprecated": true
@@ -1848,6 +2073,7 @@ export const intel = {
             "stixId": "attack-pattern--36aa137f-5166-41f8-b2f0-a4cfa1b4133e",
             "name": "Network Trust Dependencies",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590.003",
             "url": "https://attack.mitre.org/techniques/T1590/003",
             "deprecated": false
@@ -1856,6 +2082,7 @@ export const intel = {
             "stixId": "attack-pattern--36b2a1d7-e09e-49bf-b45e-477076c2ec01",
             "name": "Reflection Amplification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1498.002",
             "url": "https://attack.mitre.org/techniques/T1498/002",
             "deprecated": false
@@ -1864,6 +2091,7 @@ export const intel = {
             "stixId": "attack-pattern--3731fbcd-0e43-47ae-ae6c-d15e510f0d42",
             "name": "Password Filter DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.002",
             "url": "https://attack.mitre.org/techniques/T1556/002",
             "deprecated": false
@@ -1872,6 +2100,7 @@ export const intel = {
             "stixId": "attack-pattern--379809f6-2fac-42c1-bd2e-e9dee70b27f8",
             "name": "Terminal Services DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1505.005",
             "url": "https://attack.mitre.org/techniques/T1505/005",
             "deprecated": false
@@ -1880,6 +2109,7 @@ export const intel = {
             "stixId": "attack-pattern--37b11151-1776-4f8f-b328-30939fbf2ceb",
             "name": "AppleScript",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.002",
             "url": "https://attack.mitre.org/techniques/T1059/002",
             "deprecated": false
@@ -1888,6 +2118,7 @@ export const intel = {
             "stixId": "attack-pattern--389735f1-f21c-4208-b8f0-f8031e7169b8",
             "name": "Browser Extensions",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1176",
             "url": "https://attack.mitre.org/techniques/T1176",
             "deprecated": false
@@ -1896,6 +2127,7 @@ export const intel = {
             "stixId": "attack-pattern--38eb0c22-6caf-46ce-8869-5964bd735858",
             "name": "Service Exhaustion Flood",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1499.002",
             "url": "https://attack.mitre.org/techniques/T1499/002",
             "deprecated": false
@@ -1904,6 +2136,7 @@ export const intel = {
             "stixId": "attack-pattern--39131305-9282-45e4-ac3b-591d2d4fc3ef",
             "name": "Compromise Hardware Supply Chain",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1195.003",
             "url": "https://attack.mitre.org/techniques/T1195/003",
             "deprecated": false
@@ -1912,6 +2145,7 @@ export const intel = {
             "stixId": "attack-pattern--391d824f-0ef1-47a0-b0ee-c59a75e27670",
             "name": "Native API",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1106",
             "url": "https://attack.mitre.org/techniques/T1106",
             "deprecated": false
@@ -1920,6 +2154,7 @@ export const intel = {
             "stixId": "attack-pattern--3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
             "name": "Clear Network Connection History and Configurations",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.007",
             "url": "https://attack.mitre.org/techniques/T1070/007",
             "deprecated": false
@@ -1928,6 +2163,7 @@ export const intel = {
             "stixId": "attack-pattern--3986e7fd-a8e9-4ecb-bfc6-55920855912b",
             "name": "AS-REP Roasting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1558.004",
             "url": "https://attack.mitre.org/techniques/T1558/004",
             "deprecated": false
@@ -1936,6 +2172,7 @@ export const intel = {
             "stixId": "attack-pattern--39a130e1-6ab7-434a-8bd2-418e7d9d6427",
             "name": "Service Registry Permissions Weakness",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1058",
             "url": "https://attack.mitre.org/techniques/T1058",
             "deprecated": true
@@ -1944,6 +2181,7 @@ export const intel = {
             "stixId": "attack-pattern--39cc9f64-cf74-4a48-a4d8-fe98c54a02e0",
             "name": "Virtual Private Server",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.003",
             "url": "https://attack.mitre.org/techniques/T1584/003",
             "deprecated": false
@@ -1952,6 +2190,7 @@ export const intel = {
             "stixId": "attack-pattern--3a40f208-a9c1-4efa-a598-4003c3681fb8",
             "name": "Reduce Key Space",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1600.001",
             "url": "https://attack.mitre.org/techniques/T1600/001",
             "deprecated": false
@@ -1960,6 +2199,7 @@ export const intel = {
             "stixId": "attack-pattern--3aef9463-9a7a-43ba-8957-a867e07c1e6a",
             "name": "Clear Command History",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.003",
             "url": "https://attack.mitre.org/techniques/T1070/003",
             "deprecated": false
@@ -1968,6 +2208,7 @@ export const intel = {
             "stixId": "attack-pattern--3b0e52ce-517a-4614-a523-1bd5deef6c5e",
             "name": "Indirect Command Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1202",
             "url": "https://attack.mitre.org/techniques/T1202",
             "deprecated": false
@@ -1976,6 +2217,7 @@ export const intel = {
             "stixId": "attack-pattern--3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d",
             "name": "Custom Cryptographic Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1024",
             "url": "https://attack.mitre.org/techniques/T1024",
             "deprecated": true
@@ -1984,6 +2226,7 @@ export const intel = {
             "stixId": "attack-pattern--3b4121aa-fc8b-40c8-ac4f-afcb5838b72c",
             "name": "Revert Cloud Instance",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1536",
             "url": "https://attack.mitre.org/techniques/T1536",
             "deprecated": true
@@ -1992,6 +2235,7 @@ export const intel = {
             "stixId": "attack-pattern--3b744087-9945-4a6f-91e8-9dbceda417a4",
             "name": "Replication Through Removable Media",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1091",
             "url": "https://attack.mitre.org/techniques/T1091",
             "deprecated": false
@@ -2000,6 +2244,7 @@ export const intel = {
             "stixId": "attack-pattern--3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
             "name": "Data from Local System",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1005",
             "url": "https://attack.mitre.org/techniques/T1005",
             "deprecated": false
@@ -2008,6 +2253,7 @@ export const intel = {
             "stixId": "attack-pattern--3ccef7ae-cb5e-48f6-8302-897105fbf55c",
             "name": "Deobfuscate/Decode Files or Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1140",
             "url": "https://attack.mitre.org/techniques/T1140",
             "deprecated": false
@@ -2016,6 +2262,7 @@ export const intel = {
             "stixId": "attack-pattern--3d1b9d7e-3921-4d25-845a-7d9f15c0da44",
             "name": "Outlook Rules",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137.005",
             "url": "https://attack.mitre.org/techniques/T1137/005",
             "deprecated": false
@@ -2024,6 +2271,7 @@ export const intel = {
             "stixId": "attack-pattern--3d333250-30e4-4a82-9edc-756c68afc529",
             "name": "Impair Defenses",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562",
             "url": "https://attack.mitre.org/techniques/T1562",
             "deprecated": false
@@ -2032,6 +2280,7 @@ export const intel = {
             "stixId": "attack-pattern--3d52e51e-f6db-4719-813c-48002a99f43a",
             "name": "Cloud Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1586.003",
             "url": "https://attack.mitre.org/techniques/T1586/003",
             "deprecated": false
@@ -2040,6 +2289,7 @@ export const intel = {
             "stixId": "attack-pattern--3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b",
             "name": "Email Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1586.002",
             "url": "https://attack.mitre.org/techniques/T1586/002",
             "deprecated": false
@@ -2048,6 +2298,7 @@ export const intel = {
             "stixId": "attack-pattern--3ee16395-03f0-4690-a32e-69ce9ada0f9e",
             "name": "Upload Malware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608.001",
             "url": "https://attack.mitre.org/techniques/T1608/001",
             "deprecated": false
@@ -2056,6 +2307,7 @@ export const intel = {
             "stixId": "attack-pattern--3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
             "name": "Supply Chain Compromise",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1195",
             "url": "https://attack.mitre.org/techniques/T1195",
             "deprecated": false
@@ -2064,6 +2316,7 @@ export const intel = {
             "stixId": "attack-pattern--3f886f2a-874f-4333-b794-aa6075009b1c",
             "name": "Exploit Public-Facing Application",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1190",
             "url": "https://attack.mitre.org/techniques/T1190",
             "deprecated": false
@@ -2072,6 +2325,7 @@ export const intel = {
             "stixId": "attack-pattern--3fc01293-ef5e-41c6-86ce-61f10706b64a",
             "name": "Steal or Forge Kerberos Tickets",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1558",
             "url": "https://attack.mitre.org/techniques/T1558",
             "deprecated": false
@@ -2080,6 +2334,7 @@ export const intel = {
             "stixId": "attack-pattern--3fc9b85a-2862-4363-a64d-d692e3ffbee0",
             "name": "Credentials from Password Stores",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1555",
             "url": "https://attack.mitre.org/techniques/T1555",
             "deprecated": false
@@ -2088,6 +2343,7 @@ export const intel = {
             "stixId": "attack-pattern--40597f16-0963-4249-bf4c-ac93b7fb9807",
             "name": "Exfiltration Over Web Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1567",
             "url": "https://attack.mitre.org/techniques/T1567",
             "deprecated": false
@@ -2096,6 +2352,7 @@ export const intel = {
             "stixId": "attack-pattern--4061e78c-1284-44b4-9116-73e4ac3912f7",
             "name": "Remote Access Software",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1219",
             "url": "https://attack.mitre.org/techniques/T1219",
             "deprecated": false
@@ -2104,6 +2361,7 @@ export const intel = {
             "stixId": "attack-pattern--40f5caa0-4cb7-4117-89fc-d421bb493df3",
             "name": "Domains",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.001",
             "url": "https://attack.mitre.org/techniques/T1583/001",
             "deprecated": false
@@ -2112,6 +2370,7 @@ export const intel = {
             "stixId": "attack-pattern--41868330-6ee2-4d0f-b743-9f2294c3c9b6",
             "name": "Archive via Library",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1560.002",
             "url": "https://attack.mitre.org/techniques/T1560/002",
             "deprecated": false
@@ -2120,6 +2379,7 @@ export const intel = {
             "stixId": "attack-pattern--41d9846c-f6af-4302-a654-24bba2729bc6",
             "name": "Thread Execution Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.003",
             "url": "https://attack.mitre.org/techniques/T1055/003",
             "deprecated": false
@@ -2128,6 +2388,7 @@ export const intel = {
             "stixId": "attack-pattern--428ca9f8-0e33-442a-be87-f869cb4cf73e",
             "name": "Multilayer Encryption",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1079",
             "url": "https://attack.mitre.org/techniques/T1079",
             "deprecated": true
@@ -2136,6 +2397,7 @@ export const intel = {
             "stixId": "attack-pattern--42e8de7b-37b2-4258-905a-6897815e58e0",
             "name": "Masquerading",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036",
             "url": "https://attack.mitre.org/techniques/T1036",
             "deprecated": false
@@ -2144,6 +2406,7 @@ export const intel = {
             "stixId": "attack-pattern--42fe883a-21ea-4cfb-b94a-78b6476dcc83",
             "name": "Application Shimming",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.011",
             "url": "https://attack.mitre.org/techniques/T1546/011",
             "deprecated": false
@@ -2152,6 +2415,7 @@ export const intel = {
             "stixId": "attack-pattern--435dfb86-2697-4867-85b5-2fef496c0517",
             "name": "Unsecured Credentials",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552",
             "url": "https://attack.mitre.org/techniques/T1552",
             "deprecated": false
@@ -2160,6 +2424,7 @@ export const intel = {
             "stixId": "attack-pattern--43881e51-ac74-445b-b4c6-f9f9e9bf23fe",
             "name": "Port Monitors",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.010",
             "url": "https://attack.mitre.org/techniques/T1547/010",
             "deprecated": false
@@ -2168,6 +2433,7 @@ export const intel = {
             "stixId": "attack-pattern--438c967d-3996-4870-bfc2-3954752a1927",
             "name": "Clear Mailbox Data",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.008",
             "url": "https://attack.mitre.org/techniques/T1070/008",
             "deprecated": false
@@ -2176,6 +2442,7 @@ export const intel = {
             "stixId": "attack-pattern--43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
             "name": "Login Hook",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1037.002",
             "url": "https://attack.mitre.org/techniques/T1037/002",
             "deprecated": false
@@ -2184,6 +2451,7 @@ export const intel = {
             "stixId": "attack-pattern--43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
             "name": "Process Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055",
             "url": "https://attack.mitre.org/techniques/T1055",
             "deprecated": false
@@ -2192,6 +2460,7 @@ export const intel = {
             "stixId": "attack-pattern--44dca04b-808d-46ca-b25f-d85236d4b9f8",
             "name": "Bash History",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1139",
             "url": "https://attack.mitre.org/techniques/T1139",
             "deprecated": true
@@ -2200,6 +2469,7 @@ export const intel = {
             "stixId": "attack-pattern--451a9977-d255-43c9-b431-66de80130c8c",
             "name": "Traffic Signaling",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1205",
             "url": "https://attack.mitre.org/techniques/T1205",
             "deprecated": false
@@ -2208,6 +2478,7 @@ export const intel = {
             "stixId": "attack-pattern--4579d9c9-d5b9-45e0-9848-0104637b579f",
             "name": "Credentials from Web Browsers",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1503",
             "url": "https://attack.mitre.org/techniques/T1503",
             "deprecated": true
@@ -2216,6 +2487,7 @@ export const intel = {
             "stixId": "attack-pattern--457c7820-d331-465a-915e-42f85500ccc4",
             "name": "System Binary Proxy Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218",
             "url": "https://attack.mitre.org/techniques/T1218",
             "deprecated": false
@@ -2224,6 +2496,7 @@ export const intel = {
             "stixId": "attack-pattern--45d84c8b-c1e2-474d-a14d-69b5de0a2bc0",
             "name": "Source",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1153",
             "url": "https://attack.mitre.org/techniques/T1153",
             "deprecated": true
@@ -2232,6 +2505,7 @@ export const intel = {
             "stixId": "attack-pattern--46944654-fcc1-4f63-9dad-628102376586",
             "name": "DLL Search Order Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1038",
             "url": "https://attack.mitre.org/techniques/T1038",
             "deprecated": true
@@ -2240,6 +2514,7 @@ export const intel = {
             "stixId": "attack-pattern--478aa214-2ca7-4ec0-9978-18798e514790",
             "name": "New Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1050",
             "url": "https://attack.mitre.org/techniques/T1050",
             "deprecated": true
@@ -2248,6 +2523,7 @@ export const intel = {
             "stixId": "attack-pattern--47f2d673-ca62-47e9-929b-1b0be9657611",
             "name": "Timestomp",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.006",
             "url": "https://attack.mitre.org/techniques/T1070/006",
             "deprecated": false
@@ -2256,6 +2532,7 @@ export const intel = {
             "stixId": "attack-pattern--4933e63b-9b77-476e-ab29-761bc5b7d15a",
             "name": "Reflective Code Loading",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1620",
             "url": "https://attack.mitre.org/techniques/T1620",
             "deprecated": false
@@ -2264,6 +2541,7 @@ export const intel = {
             "stixId": "attack-pattern--4a5b7ade-8bb5-4853-84ed-23f262002665",
             "name": "Escape to Host",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1611",
             "url": "https://attack.mitre.org/techniques/T1611",
             "deprecated": false
@@ -2272,6 +2550,7 @@ export const intel = {
             "stixId": "attack-pattern--4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
             "name": "Shortcut Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.009",
             "url": "https://attack.mitre.org/techniques/T1547/009",
             "deprecated": false
@@ -2280,6 +2559,7 @@ export const intel = {
             "stixId": "attack-pattern--4ae4f953-fe58-4cc8-a327-33257e30a830",
             "name": "Application Window Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1010",
             "url": "https://attack.mitre.org/techniques/T1010",
             "deprecated": false
@@ -2288,6 +2568,7 @@ export const intel = {
             "stixId": "attack-pattern--4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
             "name": "Standard Cryptographic Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1032",
             "url": "https://attack.mitre.org/techniques/T1032",
             "deprecated": true
@@ -2296,6 +2577,7 @@ export const intel = {
             "stixId": "attack-pattern--4bc31b94-045b-4752-8920-aebaebdb6470",
             "name": "Email Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1087.003",
             "url": "https://attack.mitre.org/techniques/T1087/003",
             "deprecated": false
@@ -2304,6 +2586,7 @@ export const intel = {
             "stixId": "attack-pattern--4be89c7c-ace6-4876-9377-c8d54cef3d63",
             "name": "Hypervisor",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1062",
             "url": "https://attack.mitre.org/techniques/T1062",
             "deprecated": true
@@ -2312,6 +2595,7 @@ export const intel = {
             "stixId": "attack-pattern--4bed873f-0b7d-41d4-b93a-b6905d1f90b0",
             "name": "Time Based Evasion",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1497.003",
             "url": "https://attack.mitre.org/techniques/T1497/003",
             "deprecated": false
@@ -2320,6 +2604,7 @@ export const intel = {
             "stixId": "attack-pattern--4bf5845d-a814-4490-bc5c-ccdee6043025",
             "name": "AppCert DLLs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1182",
             "url": "https://attack.mitre.org/techniques/T1182",
             "deprecated": true
@@ -2328,6 +2613,7 @@ export const intel = {
             "stixId": "attack-pattern--4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
             "name": "CMSTP",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.003",
             "url": "https://attack.mitre.org/techniques/T1218/003",
             "deprecated": false
@@ -2336,6 +2622,7 @@ export const intel = {
             "stixId": "attack-pattern--4d2a5b3e-340d-4600-9123-309dd63c9bf8",
             "name": "SSH Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1563.001",
             "url": "https://attack.mitre.org/techniques/T1563/001",
             "deprecated": false
@@ -2344,6 +2631,7 @@ export const intel = {
             "stixId": "attack-pattern--4eb28bed-d11a-4641-9863-c2ac017d910a",
             "name": "Disable Windows Event Logging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.002",
             "url": "https://attack.mitre.org/techniques/T1562/002",
             "deprecated": false
@@ -2352,6 +2640,7 @@ export const intel = {
             "stixId": "attack-pattern--4eeaf8a9-c86b-4954-a663-9555fb406466",
             "name": "Scheduled Transfer",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1029",
             "url": "https://attack.mitre.org/techniques/T1029",
             "deprecated": false
@@ -2360,6 +2649,7 @@ export const intel = {
             "stixId": "attack-pattern--4f9ca633-15c5-463c-9724-bdcd54fde541",
             "name": "SMB/Windows Admin Shares",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.002",
             "url": "https://attack.mitre.org/techniques/T1021/002",
             "deprecated": false
@@ -2368,6 +2658,7 @@ export const intel = {
             "stixId": "attack-pattern--4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f",
             "name": "Implant Internal Image",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1525",
             "url": "https://attack.mitre.org/techniques/T1525",
             "deprecated": false
@@ -2376,6 +2667,7 @@ export const intel = {
             "stixId": "attack-pattern--4fe28b27-b13c-453e-a386-c2ef362a573b",
             "name": "Protocol Tunneling",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1572",
             "url": "https://attack.mitre.org/techniques/T1572",
             "deprecated": false
@@ -2384,6 +2676,7 @@ export const intel = {
             "stixId": "attack-pattern--4ff5d6a8-c062-4c68-a778-36fc5edd564f",
             "name": "Control Panel",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.002",
             "url": "https://attack.mitre.org/techniques/T1218/002",
             "deprecated": false
@@ -2392,6 +2685,7 @@ export const intel = {
             "stixId": "attack-pattern--4ffc1794-ec3b-45be-9e52-42dbcb2af2de",
             "name": "Network Address Translation Traversal",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1599.001",
             "url": "https://attack.mitre.org/techniques/T1599/001",
             "deprecated": false
@@ -2400,6 +2694,7 @@ export const intel = {
             "stixId": "attack-pattern--506f6f49-7045-4156-9007-7474cb44ad6d",
             "name": "Upload Tool",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608.002",
             "url": "https://attack.mitre.org/techniques/T1608/002",
             "deprecated": false
@@ -2408,6 +2703,7 @@ export const intel = {
             "stixId": "attack-pattern--5095a853-299c-4876-abd7-ac0050fb5462",
             "name": "Security Support Provider",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.005",
             "url": "https://attack.mitre.org/techniques/T1547/005",
             "deprecated": false
@@ -2416,6 +2712,7 @@ export const intel = {
             "stixId": "attack-pattern--514ede4c-78b3-4d78-a38b-daddf6217a79",
             "name": "Winlogon Helper DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1004",
             "url": "https://attack.mitre.org/techniques/T1004",
             "deprecated": true
@@ -2424,6 +2721,7 @@ export const intel = {
             "stixId": "attack-pattern--519630c5-f03f-4882-825c-3af924935817",
             "name": "Binary Padding",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1009",
             "url": "https://attack.mitre.org/techniques/T1009",
             "deprecated": true
@@ -2432,6 +2730,7 @@ export const intel = {
             "stixId": "attack-pattern--51a14c76-dd3b-440b-9c20-2bf91d25a814",
             "name": "Use Alternate Authentication Material",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1550",
             "url": "https://attack.mitre.org/techniques/T1550",
             "deprecated": false
@@ -2440,6 +2739,7 @@ export const intel = {
             "stixId": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
             "name": "Remote Desktop Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1076",
             "url": "https://attack.mitre.org/techniques/T1076",
             "deprecated": true
@@ -2448,6 +2748,7 @@ export const intel = {
             "stixId": "attack-pattern--51e54974-a541-4fb6-a61b-0518e4c6de41",
             "name": "Threat Intel Vendors",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1597.001",
             "url": "https://attack.mitre.org/techniques/T1597/001",
             "deprecated": false
@@ -2456,6 +2757,7 @@ export const intel = {
             "stixId": "attack-pattern--51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
             "name": "Exfiltration Over Other Network Medium",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1011",
             "url": "https://attack.mitre.org/techniques/T1011",
             "deprecated": false
@@ -2464,6 +2766,7 @@ export const intel = {
             "stixId": "attack-pattern--52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
             "name": "Network Device Configuration Dump",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1602.002",
             "url": "https://attack.mitre.org/techniques/T1602/002",
             "deprecated": false
@@ -2472,6 +2775,7 @@ export const intel = {
             "stixId": "attack-pattern--5282dd9a-d26d-4e16-88b7-7c0f4553daf4",
             "name": "Gather Victim Identity Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1589",
             "url": "https://attack.mitre.org/techniques/T1589",
             "deprecated": false
@@ -2480,6 +2784,7 @@ export const intel = {
             "stixId": "attack-pattern--52d40641-c480-4ad5-81a3-c80ccaddf82d",
             "name": "Authentication Package",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1131",
             "url": "https://attack.mitre.org/techniques/T1131",
             "deprecated": true
@@ -2488,6 +2793,7 @@ export const intel = {
             "stixId": "attack-pattern--52f3d5a6-8a0f-4f82-977e-750abf90d0b0",
             "name": "Extra Window Memory Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1181",
             "url": "https://attack.mitre.org/techniques/T1181",
             "deprecated": true
@@ -2496,6 +2802,7 @@ export const intel = {
             "stixId": "attack-pattern--5372c5fe-f424-4def-bcd5-d3a8e770f07b",
             "name": "Disable or Modify System Firewall",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.004",
             "url": "https://attack.mitre.org/techniques/T1562/004",
             "deprecated": false
@@ -2504,6 +2811,7 @@ export const intel = {
             "stixId": "attack-pattern--53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a",
             "name": "Archive Collected Data",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1560",
             "url": "https://attack.mitre.org/techniques/T1560",
             "deprecated": false
@@ -2512,6 +2820,7 @@ export const intel = {
             "stixId": "attack-pattern--53bfc8bf-8f76-4cd7-8958-49a884ddb3ee",
             "name": "Launchctl",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1152",
             "url": "https://attack.mitre.org/techniques/T1152",
             "deprecated": true
@@ -2520,6 +2829,7 @@ export const intel = {
             "stixId": "attack-pattern--543fceb5-cb92-40cb-aacf-6913d4db58bc",
             "name": "SIP and Trust Provider Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553.003",
             "url": "https://attack.mitre.org/techniques/T1553/003",
             "deprecated": false
@@ -2528,6 +2838,7 @@ export const intel = {
             "stixId": "attack-pattern--54456690-84de-4538-9101-643e26437e09",
             "name": "Domain Generation Algorithms",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1483",
             "url": "https://attack.mitre.org/techniques/T1483",
             "deprecated": true
@@ -2536,6 +2847,7 @@ export const intel = {
             "stixId": "attack-pattern--544b0346-29ad-41e1-a808-501bb4193f47",
             "name": "Browser Session Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1185",
             "url": "https://attack.mitre.org/techniques/T1185",
             "deprecated": false
@@ -2544,6 +2856,7 @@ export const intel = {
             "stixId": "attack-pattern--54a649ff-439a-41a4-9856-8d144a2551ba",
             "name": "Remote Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021",
             "url": "https://attack.mitre.org/techniques/T1021",
             "deprecated": false
@@ -2552,6 +2865,7 @@ export const intel = {
             "stixId": "attack-pattern--54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b",
             "name": "Mail Protocols",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1071.003",
             "url": "https://attack.mitre.org/techniques/T1071/003",
             "deprecated": false
@@ -2560,6 +2874,7 @@ export const intel = {
             "stixId": "attack-pattern--54ca26f3-c172-4231-93e5-ccebcac2161f",
             "name": "Hybrid Identity",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.007",
             "url": "https://attack.mitre.org/techniques/T1556/007",
             "deprecated": false
@@ -2568,6 +2883,7 @@ export const intel = {
             "stixId": "attack-pattern--5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4",
             "name": "Vulnerability Scanning",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1595.002",
             "url": "https://attack.mitre.org/techniques/T1595/002",
             "deprecated": false
@@ -2576,6 +2892,7 @@ export const intel = {
             "stixId": "attack-pattern--55bb4471-ff1f-43b4-88c1-c9384ec47abf",
             "name": "Cloud API",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.009",
             "url": "https://attack.mitre.org/techniques/T1059/009",
             "deprecated": false
@@ -2584,6 +2901,7 @@ export const intel = {
             "stixId": "attack-pattern--55fc4df0-b42c-479a-b860-7a6761bcaad0",
             "name": "Search Open Technical Databases",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1596",
             "url": "https://attack.mitre.org/techniques/T1596",
             "deprecated": false
@@ -2592,6 +2910,7 @@ export const intel = {
             "stixId": "attack-pattern--564998d8-ab3e-4123-93fb-eccaa6b9714a",
             "name": "Rogue Domain Controller",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1207",
             "url": "https://attack.mitre.org/techniques/T1207",
             "deprecated": false
@@ -2600,6 +2919,7 @@ export const intel = {
             "stixId": "attack-pattern--565275d5-fcc3-4b66-b4e7-928e4cac6b8c",
             "name": "Code Signing Policy Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553.006",
             "url": "https://attack.mitre.org/techniques/T1553/006",
             "deprecated": false
@@ -2608,6 +2928,7 @@ export const intel = {
             "stixId": "attack-pattern--56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
             "name": "Deploy Container",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1610",
             "url": "https://attack.mitre.org/techniques/T1610",
             "deprecated": false
@@ -2616,6 +2937,7 @@ export const intel = {
             "stixId": "attack-pattern--56fca983-1cf1-4fd1-bda0-5e170a37ab59",
             "name": "File Deletion",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1107",
             "url": "https://attack.mitre.org/techniques/T1107",
             "deprecated": true
@@ -2624,6 +2946,7 @@ export const intel = {
             "stixId": "attack-pattern--56ff457d-5e39-492b-974c-dfd2b8603ffe",
             "name": "Private Keys",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1145",
             "url": "https://attack.mitre.org/techniques/T1145",
             "deprecated": true
@@ -2632,6 +2955,7 @@ export const intel = {
             "stixId": "attack-pattern--57340c81-c025-4189-8fa0-fc7ede51bae4",
             "name": "Modify Registry",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1112",
             "url": "https://attack.mitre.org/techniques/T1112",
             "deprecated": false
@@ -2640,6 +2964,7 @@ export const intel = {
             "stixId": "attack-pattern--573ad264-1371-4ae0-8482-d2673b719dba",
             "name": "Launch Daemon",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1543.004",
             "url": "https://attack.mitre.org/techniques/T1543/004",
             "deprecated": false
@@ -2648,6 +2973,7 @@ export const intel = {
             "stixId": "attack-pattern--57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
             "name": "Cloud Infrastructure Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1580",
             "url": "https://attack.mitre.org/techniques/T1580",
             "deprecated": false
@@ -2656,6 +2982,7 @@ export const intel = {
             "stixId": "attack-pattern--58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
             "name": "Credentials from Web Browsers",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1555.003",
             "url": "https://attack.mitre.org/techniques/T1555/003",
             "deprecated": false
@@ -2664,6 +2991,7 @@ export const intel = {
             "stixId": "attack-pattern--58af3705-8740-4c68-9329-ec015a7013c2",
             "name": "Path Interception by Search Order Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.008",
             "url": "https://attack.mitre.org/techniques/T1574/008",
             "deprecated": false
@@ -2672,6 +3000,7 @@ export const intel = {
             "stixId": "attack-pattern--5909f20f-3c39-4795-be06-ef1ea40d350b",
             "name": "Defacement",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1491",
             "url": "https://attack.mitre.org/techniques/T1491",
             "deprecated": false
@@ -2680,6 +3009,7 @@ export const intel = {
             "stixId": "attack-pattern--59bd0dec-f8b2-4b9a-9141-37a1e6899761",
             "name": "Unused/Unsupported Cloud Regions",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1535",
             "url": "https://attack.mitre.org/techniques/T1535",
             "deprecated": false
@@ -2688,6 +3018,7 @@ export const intel = {
             "stixId": "attack-pattern--59ff91cd-1430-4075-8563-e6f15f4f9ff5",
             "name": "DHCP Spoofing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1557.003",
             "url": "https://attack.mitre.org/techniques/T1557/003",
             "deprecated": false
@@ -2696,6 +3027,7 @@ export const intel = {
             "stixId": "attack-pattern--5ad95aaa-49c1-4784-821d-2e83f47b079b",
             "name": "AppleScript",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1155",
             "url": "https://attack.mitre.org/techniques/T1155",
             "deprecated": true
@@ -2704,6 +3036,7 @@ export const intel = {
             "stixId": "attack-pattern--5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
             "name": "Remote Service Session Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1563",
             "url": "https://attack.mitre.org/techniques/T1563",
             "deprecated": false
@@ -2712,6 +3045,7 @@ export const intel = {
             "stixId": "attack-pattern--5bfccc3f-2326-4112-86cc-c1ece9d8a2b5",
             "name": "Binary Padding",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.001",
             "url": "https://attack.mitre.org/techniques/T1027/001",
             "deprecated": false
@@ -2720,6 +3054,7 @@ export const intel = {
             "stixId": "attack-pattern--5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
             "name": "Web Shell",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1505.003",
             "url": "https://attack.mitre.org/techniques/T1505/003",
             "deprecated": false
@@ -2728,6 +3063,7 @@ export const intel = {
             "stixId": "attack-pattern--5d2be8b9-d24c-4e98-83bf-2f5f79477163",
             "name": "Group Policy Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1484.001",
             "url": "https://attack.mitre.org/techniques/T1484/001",
             "deprecated": false
@@ -2736,6 +3072,7 @@ export const intel = {
             "stixId": "attack-pattern--5e4a2073-9643-44cb-a0b5-e7f4048446c7",
             "name": "Browser Information Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1217",
             "url": "https://attack.mitre.org/techniques/T1217",
             "deprecated": false
@@ -2744,6 +3081,7 @@ export const intel = {
             "stixId": "attack-pattern--60b508a1-6a5e-46b1-821a-9f7b78752abf",
             "name": "Private Keys",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.004",
             "url": "https://attack.mitre.org/techniques/T1552/004",
             "deprecated": false
@@ -2752,6 +3090,7 @@ export const intel = {
             "stixId": "attack-pattern--60c4b628-4807-4b0b-bbf5-fdac8643c337",
             "name": "Server",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.004",
             "url": "https://attack.mitre.org/techniques/T1583/004",
             "deprecated": false
@@ -2760,6 +3099,7 @@ export const intel = {
             "stixId": "attack-pattern--60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
             "name": "Windows Remote Management",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.006",
             "url": "https://attack.mitre.org/techniques/T1021/006",
             "deprecated": false
@@ -2768,6 +3108,7 @@ export const intel = {
             "stixId": "attack-pattern--613d08bc-e8f4-4791-80b0-c8b974340dfd",
             "name": "Exfiltration Over Bluetooth",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1011.001",
             "url": "https://attack.mitre.org/techniques/T1011/001",
             "deprecated": false
@@ -2776,6 +3117,7 @@ export const intel = {
             "stixId": "attack-pattern--6151cbea-819b-455a-9fa6-99a1cc58797d",
             "name": "Default Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1078.001",
             "url": "https://attack.mitre.org/techniques/T1078/001",
             "deprecated": false
@@ -2784,6 +3126,7 @@ export const intel = {
             "stixId": "attack-pattern--61afc315-860c-4364-825d-0d62b2e91edc",
             "name": "Time Providers",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.003",
             "url": "https://attack.mitre.org/techniques/T1547/003",
             "deprecated": false
@@ -2792,6 +3135,7 @@ export const intel = {
             "stixId": "attack-pattern--62166220-e498-410f-a90a-19d4339d4e99",
             "name": "Image File Execution Options Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1183",
             "url": "https://attack.mitre.org/techniques/T1183",
             "deprecated": true
@@ -2800,6 +3144,7 @@ export const intel = {
             "stixId": "attack-pattern--62b8c999-dcc0-4755-bd69-09442d9359f5",
             "name": "Rundll32",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1085",
             "url": "https://attack.mitre.org/techniques/T1085",
             "deprecated": true
@@ -2808,6 +3153,7 @@ export const intel = {
             "stixId": "attack-pattern--62dfd1ca-52d5-483c-a84b-d6e80bf94b7b",
             "name": "Modify Existing Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1031",
             "url": "https://attack.mitre.org/techniques/T1031",
             "deprecated": true
@@ -2816,6 +3162,7 @@ export const intel = {
             "stixId": "attack-pattern--63220765-d418-44de-8fae-694b3912317d",
             "name": "Trap",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.005",
             "url": "https://attack.mitre.org/techniques/T1546/005",
             "deprecated": false
@@ -2824,6 +3171,7 @@ export const intel = {
             "stixId": "attack-pattern--633a100c-b2c9-41bf-9be5-905c1b16c825",
             "name": "Dynamic Linker Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.006",
             "url": "https://attack.mitre.org/techniques/T1574/006",
             "deprecated": false
@@ -2832,6 +3180,7 @@ export const intel = {
             "stixId": "attack-pattern--635cbe30-392d-4e27-978e-66774357c762",
             "name": "Local Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1136.001",
             "url": "https://attack.mitre.org/techniques/T1136/001",
             "deprecated": false
@@ -2840,6 +3189,7 @@ export const intel = {
             "stixId": "attack-pattern--64196062-5210-42c3-9a02-563a0d1797ef",
             "name": "Communication Through Removable Media",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1092",
             "url": "https://attack.mitre.org/techniques/T1092",
             "deprecated": false
@@ -2848,6 +3198,7 @@ export const intel = {
             "stixId": "attack-pattern--6495ae23-3ab4-43c5-a94f-5638a2c31fd2",
             "name": "Clear Windows Event Logs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.001",
             "url": "https://attack.mitre.org/techniques/T1070/001",
             "deprecated": false
@@ -2856,6 +3207,7 @@ export const intel = {
             "stixId": "attack-pattern--65013dd2-bc61-43e3-afb5-a14c4fa7437a",
             "name": "Email Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1585.002",
             "url": "https://attack.mitre.org/techniques/T1585/002",
             "deprecated": false
@@ -2864,6 +3216,7 @@ export const intel = {
             "stixId": "attack-pattern--650c784b-7504-4df7-ab2c-4ea882384d1e",
             "name": "LLMNR/NBT-NS Poisoning and SMB Relay",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1557.001",
             "url": "https://attack.mitre.org/techniques/T1557/001",
             "deprecated": false
@@ -2872,6 +3225,7 @@ export const intel = {
             "stixId": "attack-pattern--65917ae0-b854-4139-83fe-bf2441cf0196",
             "name": "File and Directory Permissions Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1222",
             "url": "https://attack.mitre.org/techniques/T1222",
             "deprecated": false
@@ -2880,6 +3234,7 @@ export const intel = {
             "stixId": "attack-pattern--65f2d882-3f41-4d48-8a06-29af77ec9f90",
             "name": "LSASS Memory",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.001",
             "url": "https://attack.mitre.org/techniques/T1003/001",
             "deprecated": false
@@ -2888,6 +3243,7 @@ export const intel = {
             "stixId": "attack-pattern--6636bc83-0611-45a6-b74f-1f3daf635b8e",
             "name": "At (Linux)",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.001",
             "url": "https://attack.mitre.org/techniques/T1053/001",
             "deprecated": true
@@ -2896,6 +3252,7 @@ export const intel = {
             "stixId": "attack-pattern--66f73398-8394-4711-85e5-34c8540b22a5",
             "name": "Hooking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1179",
             "url": "https://attack.mitre.org/techniques/T1179",
             "deprecated": true
@@ -2904,6 +3261,7 @@ export const intel = {
             "stixId": "attack-pattern--67073dde-d720-45ae-83da-b12d5e73ca3b",
             "name": "Active Scanning",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1595",
             "url": "https://attack.mitre.org/techniques/T1595",
             "deprecated": false
@@ -2912,6 +3270,7 @@ export const intel = {
             "stixId": "attack-pattern--6747daa2-3533-4e78-8fb8-446ebb86448a",
             "name": "Plist Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.011",
             "url": "https://attack.mitre.org/techniques/T1547/011",
             "deprecated": true
@@ -2920,6 +3279,7 @@ export const intel = {
             "stixId": "attack-pattern--67720091-eee3-4d2d-ae16-8264567f6f5b",
             "name": "Abuse Elevation Control Mechanism",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1548",
             "url": "https://attack.mitre.org/techniques/T1548",
             "deprecated": false
@@ -2928,6 +3288,7 @@ export const intel = {
             "stixId": "attack-pattern--677569f9-a8b0-459e-ab24-7f18091fa7bf",
             "name": "Create Process with Token",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1134.002",
             "url": "https://attack.mitre.org/techniques/T1134/002",
             "deprecated": false
@@ -2936,6 +3297,7 @@ export const intel = {
             "stixId": "attack-pattern--6831414d-bb70-42b7-8030-d4e06b2660c9",
             "name": "Setuid and Setgid",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1548.001",
             "url": "https://attack.mitre.org/techniques/T1548/001",
             "deprecated": false
@@ -2944,6 +3306,7 @@ export const intel = {
             "stixId": "attack-pattern--6836813e-8ec8-4375-b459-abb388cb1a35",
             "name": "Winlogon Helper DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.004",
             "url": "https://attack.mitre.org/techniques/T1547/004",
             "deprecated": false
@@ -2952,6 +3315,7 @@ export const intel = {
             "stixId": "attack-pattern--6856ddd6-2df3-4379-8b87-284603c189c3",
             "name": "System Firmware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1019",
             "url": "https://attack.mitre.org/techniques/T1019",
             "deprecated": true
@@ -2960,6 +3324,7 @@ export const intel = {
             "stixId": "attack-pattern--68a0c5ed-bee2-4513-830d-5b0d650139bd",
             "name": "Distributed Component Object Model",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.003",
             "url": "https://attack.mitre.org/techniques/T1021/003",
             "deprecated": false
@@ -2968,6 +3333,7 @@ export const intel = {
             "stixId": "attack-pattern--68c96494-1a50-403e-8844-69a6af278c68",
             "name": "Change Default File Association",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1042",
             "url": "https://attack.mitre.org/techniques/T1042",
             "deprecated": true
@@ -2976,6 +3342,7 @@ export const intel = {
             "stixId": "attack-pattern--68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
             "name": "Regsvr32",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1117",
             "url": "https://attack.mitre.org/techniques/T1117",
             "deprecated": true
@@ -2984,6 +3351,7 @@ export const intel = {
             "stixId": "attack-pattern--692074ae-bb62-4a5e-a735-02cb6bde458c",
             "name": "Password Spraying",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1110.003",
             "url": "https://attack.mitre.org/techniques/T1110/003",
             "deprecated": false
@@ -2992,6 +3360,7 @@ export const intel = {
             "stixId": "attack-pattern--69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
             "name": "External Proxy",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1090.002",
             "url": "https://attack.mitre.org/techniques/T1090/002",
             "deprecated": false
@@ -3000,6 +3369,7 @@ export const intel = {
             "stixId": "attack-pattern--69e5226d-05dc-4f15-95d7-44f5ed78d06e",
             "name": "Web Portal Capture",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1056.003",
             "url": "https://attack.mitre.org/techniques/T1056/003",
             "deprecated": false
@@ -3008,6 +3378,7 @@ export const intel = {
             "stixId": "attack-pattern--69f897fd-12a9-4c89-ad6a-46d2f3c38262",
             "name": "Email Addresses",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1589.002",
             "url": "https://attack.mitre.org/techniques/T1589/002",
             "deprecated": false
@@ -3016,6 +3387,7 @@ export const intel = {
             "stixId": "attack-pattern--6a3be63a-64c5-4678-a036-03ff8fc35300",
             "name": "Re-opened Applications",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1164",
             "url": "https://attack.mitre.org/techniques/T1164",
             "deprecated": true
@@ -3024,6 +3396,7 @@ export const intel = {
             "stixId": "attack-pattern--6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df",
             "name": "Indicator Blocking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1054",
             "url": "https://attack.mitre.org/techniques/T1054",
             "deprecated": true
@@ -3032,6 +3405,7 @@ export const intel = {
             "stixId": "attack-pattern--6aabc5ec-eae6-422c-8311-38d45ee9838a",
             "name": "Redundant Access",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1108",
             "url": "https://attack.mitre.org/techniques/T1108",
             "deprecated": true
@@ -3040,6 +3414,7 @@ export const intel = {
             "stixId": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
             "name": "Spearphishing Attachment",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1193",
             "url": "https://attack.mitre.org/techniques/T1193",
             "deprecated": true
@@ -3048,6 +3423,7 @@ export const intel = {
             "stixId": "attack-pattern--6add2ab5-2711-4e9d-87c8-7a0be8531530",
             "name": "Cached Domain Credentials",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.005",
             "url": "https://attack.mitre.org/techniques/T1003/005",
             "deprecated": false
@@ -3056,6 +3432,7 @@ export const intel = {
             "stixId": "attack-pattern--6b57dc31-b814-4a03-8706-28bc20d739c4",
             "name": "SSH Authorized Keys",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1098.004",
             "url": "https://attack.mitre.org/techniques/T1098/004",
             "deprecated": false
@@ -3064,6 +3441,7 @@ export const intel = {
             "stixId": "attack-pattern--6be14413-578e-46c1-8304-310762b3ecd5",
             "name": "Kernel Modules and Extensions",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1215",
             "url": "https://attack.mitre.org/techniques/T1215",
             "deprecated": true
@@ -3072,6 +3450,7 @@ export const intel = {
             "stixId": "attack-pattern--6c174520-beea-43d9-aac6-28fb77f3e446",
             "name": "Security Support Provider",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1101",
             "url": "https://attack.mitre.org/techniques/T1101",
             "deprecated": true
@@ -3080,6 +3459,7 @@ export const intel = {
             "stixId": "attack-pattern--6c2957f9-502a-478c-b1dd-d626c0659413",
             "name": "Network Security Appliances",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590.006",
             "url": "https://attack.mitre.org/techniques/T1590/006",
             "deprecated": false
@@ -3088,6 +3468,7 @@ export const intel = {
             "stixId": "attack-pattern--6d4a7fb3-5a24-42be-ae61-6728a2b581f6",
             "name": "Image File Execution Options Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.012",
             "url": "https://attack.mitre.org/techniques/T1546/012",
             "deprecated": false
@@ -3096,6 +3477,7 @@ export const intel = {
             "stixId": "attack-pattern--6e3bd510-6b33-41a4-af80-2d80f3ee0071",
             "name": "Odbcconf",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.008",
             "url": "https://attack.mitre.org/techniques/T1218/008",
             "deprecated": false
@@ -3104,6 +3486,7 @@ export const intel = {
             "stixId": "attack-pattern--6e561441-8431-4773-a9b8-ccf28ef6a968",
             "name": "Search Engines",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1593.002",
             "url": "https://attack.mitre.org/techniques/T1593/002",
             "deprecated": false
@@ -3112,6 +3495,7 @@ export const intel = {
             "stixId": "attack-pattern--6e6845c2-347a-4a6f-a2d1-b74a18ebd352",
             "name": "LSASS Driver",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1177",
             "url": "https://attack.mitre.org/techniques/T1177",
             "deprecated": true
@@ -3120,6 +3504,7 @@ export const intel = {
             "stixId": "attack-pattern--6ee2dc99-91ad-4534-a7d8-a649358c331f",
             "name": "Business Relationships",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1591.002",
             "url": "https://attack.mitre.org/techniques/T1591/002",
             "deprecated": false
@@ -3128,6 +3513,7 @@ export const intel = {
             "stixId": "attack-pattern--6faf650d-bf31-4eb4-802d-1000cf38efaf",
             "name": "Video Capture",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1125",
             "url": "https://attack.mitre.org/techniques/T1125",
             "deprecated": false
@@ -3136,6 +3522,7 @@ export const intel = {
             "stixId": "attack-pattern--6fb6408c-0db3-41d9-a3a1-a32e5f16454e",
             "name": "Gatekeeper Bypass",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1144",
             "url": "https://attack.mitre.org/techniques/T1144",
             "deprecated": true
@@ -3144,6 +3531,7 @@ export const intel = {
             "stixId": "attack-pattern--6ff403bc-93e3-48be-8687-e102fdba8c88",
             "name": "Software Packing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1045",
             "url": "https://attack.mitre.org/techniques/T1045",
             "deprecated": true
@@ -3152,6 +3540,7 @@ export const intel = {
             "stixId": "attack-pattern--7007935a-a8a7-4c0b-bd98-4e85be8ed197",
             "name": "Process Doppelgänging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.013",
             "url": "https://attack.mitre.org/techniques/T1055/013",
             "deprecated": false
@@ -3160,6 +3549,7 @@ export const intel = {
             "stixId": "attack-pattern--707399d6-ab3e-4963-9315-d9d3818cd6a0",
             "name": "System Network Configuration Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1016",
             "url": "https://attack.mitre.org/techniques/T1016",
             "deprecated": false
@@ -3168,6 +3558,7 @@ export const intel = {
             "stixId": "attack-pattern--70857657-bd0b-4695-ad3e-b13f92cac1b4",
             "name": "Delete Cloud Instance",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1578.003",
             "url": "https://attack.mitre.org/techniques/T1578/003",
             "deprecated": false
@@ -3176,6 +3567,7 @@ export const intel = {
             "stixId": "attack-pattern--70910fbd-58dc-4c1c-8c48-814d11fcd022",
             "name": "Code Repositories",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1593.003",
             "url": "https://attack.mitre.org/techniques/T1593/003",
             "deprecated": false
@@ -3184,6 +3576,7 @@ export const intel = {
             "stixId": "attack-pattern--70d81154-b187-45f9-8ec5-295d01255979",
             "name": "Executable Installer File Permissions Weakness",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.005",
             "url": "https://attack.mitre.org/techniques/T1574/005",
             "deprecated": false
@@ -3192,6 +3585,7 @@ export const intel = {
             "stixId": "attack-pattern--70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
             "name": "Accessibility Features",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.008",
             "url": "https://attack.mitre.org/techniques/T1546/008",
             "deprecated": false
@@ -3200,6 +3594,7 @@ export const intel = {
             "stixId": "attack-pattern--723e3a2b-ca0d-4daa-ada8-82ea35d3733a",
             "name": "PowerShell Profile",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1504",
             "url": "https://attack.mitre.org/techniques/T1504",
             "deprecated": true
@@ -3208,6 +3603,7 @@ export const intel = {
             "stixId": "attack-pattern--72b5ef57-325c-411b-93ca-a3ca6fa17e31",
             "name": "SIP and Trust Provider Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1198",
             "url": "https://attack.mitre.org/techniques/T1198",
             "deprecated": true
@@ -3216,6 +3612,7 @@ export const intel = {
             "stixId": "attack-pattern--72b74d71-8169-42aa-92e0-e7b04b9f5a08",
             "name": "Account Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1087",
             "url": "https://attack.mitre.org/techniques/T1087",
             "deprecated": false
@@ -3224,6 +3621,7 @@ export const intel = {
             "stixId": "attack-pattern--731f4f55-b6d0-41d1-a7a9-072a66389aea",
             "name": "Proxy",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1090",
             "url": "https://attack.mitre.org/techniques/T1090",
             "deprecated": false
@@ -3232,6 +3630,7 @@ export const intel = {
             "stixId": "attack-pattern--7385dfaf-6886-4229-9ecd-6fd678040830",
             "name": "Command and Scripting Interpreter",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059",
             "url": "https://attack.mitre.org/techniques/T1059",
             "deprecated": false
@@ -3240,6 +3639,7 @@ export const intel = {
             "stixId": "attack-pattern--74d2a63f-3c7b-4852-92da-02d8fbab16da",
             "name": "Indicator Blocking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.006",
             "url": "https://attack.mitre.org/techniques/T1562/006",
             "deprecated": false
@@ -3248,6 +3648,7 @@ export const intel = {
             "stixId": "attack-pattern--7610cada-1499-41a4-b3dd-46467b68d177",
             "name": "Domain Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1136.002",
             "url": "https://attack.mitre.org/techniques/T1136/002",
             "deprecated": false
@@ -3256,6 +3657,7 @@ export const intel = {
             "stixId": "attack-pattern--76551c52-b111-4884-bc47-ff3e728f0156",
             "name": "Employee Names",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1589.003",
             "url": "https://attack.mitre.org/techniques/T1589/003",
             "deprecated": false
@@ -3264,6 +3666,7 @@ export const intel = {
             "stixId": "attack-pattern--767dbf9e-df3f-45cb-8998-4903ab5f80c0",
             "name": "Domain Trust Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1482",
             "url": "https://attack.mitre.org/techniques/T1482",
             "deprecated": false
@@ -3272,6 +3675,7 @@ export const intel = {
             "stixId": "attack-pattern--768dce68-8d0d-477a-b01d-0eea98b963a1",
             "name": "Golden Ticket",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1558.001",
             "url": "https://attack.mitre.org/techniques/T1558/001",
             "deprecated": false
@@ -3280,6 +3684,7 @@ export const intel = {
             "stixId": "attack-pattern--772bc7a8-a157-42cc-8728-d648e25c7fe7",
             "name": "Component Object Model and Distributed COM",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1175",
             "url": "https://attack.mitre.org/techniques/T1175",
             "deprecated": true
@@ -3288,6 +3693,7 @@ export const intel = {
             "stixId": "attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
             "name": "Automated Exfiltration",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1020",
             "url": "https://attack.mitre.org/techniques/T1020",
             "deprecated": false
@@ -3296,6 +3702,7 @@ export const intel = {
             "stixId": "attack-pattern--774ad5bb-2366-4c13-a8a9-65e50b292e7c",
             "name": "Client Configurations",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1592.004",
             "url": "https://attack.mitre.org/techniques/T1592/004",
             "deprecated": false
@@ -3304,6 +3711,7 @@ export const intel = {
             "stixId": "attack-pattern--77532a55-c283-4cd2-bc5d-2d0b65e9d88c",
             "name": "Disable or Modify Cloud Firewall",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.007",
             "url": "https://attack.mitre.org/techniques/T1562/007",
             "deprecated": false
@@ -3312,6 +3720,7 @@ export const intel = {
             "stixId": "attack-pattern--77eae145-55db-4519-8ae5-77b0c7215d69",
             "name": "Right-to-Left Override",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.002",
             "url": "https://attack.mitre.org/techniques/T1036/002",
             "deprecated": false
@@ -3320,6 +3729,7 @@ export const intel = {
             "stixId": "attack-pattern--7807d3a4-a885-4639-a786-c1ed41484970",
             "name": "Malware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588.001",
             "url": "https://attack.mitre.org/techniques/T1588/001",
             "deprecated": false
@@ -3328,6 +3738,7 @@ export const intel = {
             "stixId": "attack-pattern--791481f8-e96a-41be-b089-a088763083d4",
             "name": "Component Firmware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1542.002",
             "url": "https://attack.mitre.org/techniques/T1542/002",
             "deprecated": false
@@ -3336,6 +3747,7 @@ export const intel = {
             "stixId": "attack-pattern--799ace7f-e227-4411-baa0-8868704f2a69",
             "name": "Indicator Removal",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070",
             "url": "https://attack.mitre.org/techniques/T1070",
             "deprecated": false
@@ -3344,6 +3756,7 @@ export const intel = {
             "stixId": "attack-pattern--79a4052e-1a89-4b09-aea6-51f1d11fe19c",
             "name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1048.001",
             "url": "https://attack.mitre.org/techniques/T1048/001",
             "deprecated": false
@@ -3352,6 +3765,7 @@ export const intel = {
             "stixId": "attack-pattern--79a47ad0-fc3b-4821-9f01-a026b1ddba21",
             "name": "Office Template Macros",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137.001",
             "url": "https://attack.mitre.org/techniques/T1137/001",
             "deprecated": false
@@ -3360,6 +3774,7 @@ export const intel = {
             "stixId": "attack-pattern--79da0971-3147-4af6-a4f5-e8cd447cd795",
             "name": "Virtual Private Server",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.003",
             "url": "https://attack.mitre.org/techniques/T1583/003",
             "deprecated": false
@@ -3368,6 +3783,7 @@ export const intel = {
             "stixId": "attack-pattern--7ad38ef1-381a-406d-872a-38b136eb5ecc",
             "name": "Confluence",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1213.001",
             "url": "https://attack.mitre.org/techniques/T1213/001",
             "deprecated": false
@@ -3376,6 +3792,7 @@ export const intel = {
             "stixId": "attack-pattern--7b211ac6-c815-4189-93a9-ab415deca926",
             "name": "Pass the Ticket",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1550.003",
             "url": "https://attack.mitre.org/techniques/T1550/003",
             "deprecated": false
@@ -3384,6 +3801,7 @@ export const intel = {
             "stixId": "attack-pattern--7b50a1d3-4ca7-45d1-989d-a6503f04bfe1",
             "name": "Container Administration Command",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1609",
             "url": "https://attack.mitre.org/techniques/T1609",
             "deprecated": false
@@ -3392,6 +3810,7 @@ export const intel = {
             "stixId": "attack-pattern--7bc57495-ea59-4380-be31-a64af124ef18",
             "name": "File and Directory Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1083",
             "url": "https://attack.mitre.org/techniques/T1083",
             "deprecated": false
@@ -3400,6 +3819,7 @@ export const intel = {
             "stixId": "attack-pattern--7bd9c723-2f78-4309-82c5-47cad406572b",
             "name": "Dynamic Resolution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1568",
             "url": "https://attack.mitre.org/techniques/T1568",
             "deprecated": false
@@ -3408,6 +3828,7 @@ export const intel = {
             "stixId": "attack-pattern--7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
             "name": "Masquerade Task or Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.004",
             "url": "https://attack.mitre.org/techniques/T1036/004",
             "deprecated": false
@@ -3416,6 +3837,7 @@ export const intel = {
             "stixId": "attack-pattern--7c0f17c9-1af6-4628-9cbd-9e45482dd605",
             "name": "Asynchronous Procedure Call",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.004",
             "url": "https://attack.mitre.org/techniques/T1055/004",
             "deprecated": false
@@ -3424,6 +3846,7 @@ export const intel = {
             "stixId": "attack-pattern--7c46b364-8496-4234-8a56-f7e6727e21e1",
             "name": "Traffic Duplication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1020.001",
             "url": "https://attack.mitre.org/techniques/T1020/001",
             "deprecated": false
@@ -3432,6 +3855,7 @@ export const intel = {
             "stixId": "attack-pattern--7c93aa74-4bc0-4a9e-90ea-f25f86301566",
             "name": "Application Shimming",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1138",
             "url": "https://attack.mitre.org/techniques/T1138",
             "deprecated": true
@@ -3440,6 +3864,7 @@ export const intel = {
             "stixId": "attack-pattern--7d20fff9-8751-404e-badd-ccd71bda0236",
             "name": "Plist File Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1647",
             "url": "https://attack.mitre.org/techniques/T1647",
             "deprecated": false
@@ -3448,6 +3873,7 @@ export const intel = {
             "stixId": "attack-pattern--7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
             "name": "AppCert DLLs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.009",
             "url": "https://attack.mitre.org/techniques/T1546/009",
             "deprecated": false
@@ -3456,6 +3882,7 @@ export const intel = {
             "stixId": "attack-pattern--7d6f590f-544b-45b4-9a42-e0805f342af3",
             "name": "CMSTP",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1191",
             "url": "https://attack.mitre.org/techniques/T1191",
             "deprecated": true
@@ -3464,6 +3891,7 @@ export const intel = {
             "stixId": "attack-pattern--7d751199-05fa-4a72-920f-85df4506c76c",
             "name": "Multi-hop Proxy",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1188",
             "url": "https://attack.mitre.org/techniques/T1188",
             "deprecated": true
@@ -3472,6 +3900,7 @@ export const intel = {
             "stixId": "attack-pattern--7d77a07d-02fe-4e88-8bd9-e9c008c01bf0",
             "name": "Email Forwarding Rule",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1114.003",
             "url": "https://attack.mitre.org/techniques/T1114/003",
             "deprecated": false
@@ -3480,6 +3909,7 @@ export const intel = {
             "stixId": "attack-pattern--7dd95ff6-712e-4056-9626-312ea4ab4c5e",
             "name": "Data Staged",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1074",
             "url": "https://attack.mitre.org/techniques/T1074",
             "deprecated": false
@@ -3488,6 +3918,7 @@ export const intel = {
             "stixId": "attack-pattern--7de1f7ac-5d0c-4c9c-8873-627202205331",
             "name": "Steal or Forge Authentication Certificates",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1649",
             "url": "https://attack.mitre.org/techniques/T1649",
             "deprecated": false
@@ -3496,6 +3927,7 @@ export const intel = {
             "stixId": "attack-pattern--7decb26c-715c-40cf-b7e0-026f7d7cc215",
             "name": "Device Registration",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1098.005",
             "url": "https://attack.mitre.org/techniques/T1098/005",
             "deprecated": false
@@ -3504,6 +3936,7 @@ export const intel = {
             "stixId": "attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475",
             "name": "System Network Connections Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1049",
             "url": "https://attack.mitre.org/techniques/T1049",
             "deprecated": false
@@ -3512,6 +3945,7 @@ export const intel = {
             "stixId": "attack-pattern--7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
             "name": "Compromise Infrastructure",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584",
             "url": "https://attack.mitre.org/techniques/T1584",
             "deprecated": false
@@ -3520,6 +3954,7 @@ export const intel = {
             "stixId": "attack-pattern--7e7c2fba-7cca-486c-9582-4c1bb2851961",
             "name": "Mark-of-the-Web Bypass",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553.005",
             "url": "https://attack.mitre.org/techniques/T1553/005",
             "deprecated": false
@@ -3528,6 +3963,7 @@ export const intel = {
             "stixId": "attack-pattern--7efba77e-3bc4-4ca5-8292-d8201dcd64b5",
             "name": "Disable Crypto Hardware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1600.002",
             "url": "https://attack.mitre.org/techniques/T1600/002",
             "deprecated": false
@@ -3536,6 +3972,7 @@ export const intel = {
             "stixId": "attack-pattern--7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
             "name": "Pre-OS Boot",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1542",
             "url": "https://attack.mitre.org/techniques/T1542",
             "deprecated": false
@@ -3544,6 +3981,7 @@ export const intel = {
             "stixId": "attack-pattern--7fd87010-3a00-4da3-b905-410525e8ec44",
             "name": "Scripting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1064",
             "url": "https://attack.mitre.org/techniques/T1064",
             "deprecated": true
@@ -3552,6 +3990,7 @@ export const intel = {
             "stixId": "attack-pattern--800f9819-7007-4540-a520-40e655876800",
             "name": "Build Image on Host",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1612",
             "url": "https://attack.mitre.org/techniques/T1612",
             "deprecated": false
@@ -3560,6 +3999,7 @@ export const intel = {
             "stixId": "attack-pattern--804c042c-cfe6-449e-bc1a-ba0a998a70db",
             "name": "Shared Webroot",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1051",
             "url": "https://attack.mitre.org/techniques/T1051",
             "deprecated": true
@@ -3568,6 +4008,7 @@ export const intel = {
             "stixId": "attack-pattern--806a49c4-970d-43f9-9acc-ac0ee11e6662",
             "name": "Portable Executable Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.002",
             "url": "https://attack.mitre.org/techniques/T1055/002",
             "deprecated": false
@@ -3576,6 +4017,7 @@ export const intel = {
             "stixId": "attack-pattern--808e6329-ca91-4b87-ac2d-8eadc5f8f327",
             "name": "Verclsid",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.012",
             "url": "https://attack.mitre.org/techniques/T1218/012",
             "deprecated": false
@@ -3584,6 +4026,7 @@ export const intel = {
             "stixId": "attack-pattern--81033c3b-16a4-46e4-8fed-9b030dd03c4a",
             "name": "Compromise Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1586",
             "url": "https://attack.mitre.org/techniques/T1586",
             "deprecated": false
@@ -3592,6 +4035,7 @@ export const intel = {
             "stixId": "attack-pattern--810aa4ad-61c9-49cb-993f-daa06199421d",
             "name": "Launchctl",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1569.001",
             "url": "https://attack.mitre.org/techniques/T1569/001",
             "deprecated": false
@@ -3600,6 +4044,7 @@ export const intel = {
             "stixId": "attack-pattern--810d8072-afb6-4a56-9ee7-86379ac4a6f3",
             "name": "Botnet",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.005",
             "url": "https://attack.mitre.org/techniques/T1584/005",
             "deprecated": false
@@ -3608,6 +4053,7 @@ export const intel = {
             "stixId": "attack-pattern--818302b2-d640-477b-bf88-873120ce85c4",
             "name": "Network Device CLI",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.008",
             "url": "https://attack.mitre.org/techniques/T1059/008",
             "deprecated": false
@@ -3616,6 +4062,7 @@ export const intel = {
             "stixId": "attack-pattern--8187bd2a-866f-4457-9009-86b0ddedffa3",
             "name": "Bash History",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.003",
             "url": "https://attack.mitre.org/techniques/T1552/003",
             "deprecated": false
@@ -3624,6 +4071,7 @@ export const intel = {
             "stixId": "attack-pattern--824add00-99a1-4b15-9a2d-6c5683b7b497",
             "name": "Downgrade Attack",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.010",
             "url": "https://attack.mitre.org/techniques/T1562/010",
             "deprecated": false
@@ -3632,6 +4080,7 @@ export const intel = {
             "stixId": "attack-pattern--8252f135-ed26-4ce1-ae61-f26e94429a19",
             "name": "XPC Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1559.003",
             "url": "https://attack.mitre.org/techniques/T1559/003",
             "deprecated": false
@@ -3640,6 +4089,7 @@ export const intel = {
             "stixId": "attack-pattern--82caa33e-d11a-433a-94ea-9b5a5fbef81d",
             "name": "Virtualization/Sandbox Evasion",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1497",
             "url": "https://attack.mitre.org/techniques/T1497",
             "deprecated": false
@@ -3648,6 +4098,7 @@ export const intel = {
             "stixId": "attack-pattern--830c9528-df21-472c-8c14-a036bf17d665",
             "name": "Web Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1102",
             "url": "https://attack.mitre.org/techniques/T1102",
             "deprecated": false
@@ -3656,6 +4107,7 @@ export const intel = {
             "stixId": "attack-pattern--837f9164-50af-4ac0-8219-379d8a74cefc",
             "name": "Credentials In Files",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.001",
             "url": "https://attack.mitre.org/techniques/T1552/001",
             "deprecated": false
@@ -3664,6 +4116,7 @@ export const intel = {
             "stixId": "attack-pattern--83a766f8-1501-4b3a-a2de-2e2849e8dfc1",
             "name": "DNS Calculation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1568.003",
             "url": "https://attack.mitre.org/techniques/T1568/003",
             "deprecated": false
@@ -3672,6 +4125,7 @@ export const intel = {
             "stixId": "attack-pattern--840a987a-99bd-4a80-a5c9-0cb2baa6cade",
             "name": "Mshta",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.005",
             "url": "https://attack.mitre.org/techniques/T1218/005",
             "deprecated": false
@@ -3680,6 +4134,7 @@ export const intel = {
             "stixId": "attack-pattern--84601337-6a55-4ad7-9c35-79e0d1ea2ab3",
             "name": "Login Items",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.015",
             "url": "https://attack.mitre.org/techniques/T1547/015",
             "deprecated": false
@@ -3688,6 +4143,7 @@ export const intel = {
             "stixId": "attack-pattern--84771bc3-f6a0-403e-b144-01af70e5fda0",
             "name": "Stage Capabilities",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608",
             "url": "https://attack.mitre.org/techniques/T1608",
             "deprecated": false
@@ -3696,6 +4152,7 @@ export const intel = {
             "stixId": "attack-pattern--84ae8255-b4f4-4237-b5c5-e717405a9701",
             "name": "Link Target",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608.005",
             "url": "https://attack.mitre.org/techniques/T1608/005",
             "deprecated": false
@@ -3704,6 +4161,7 @@ export const intel = {
             "stixId": "attack-pattern--84e02621-8fdf-470f-bd58-993bb6a89d91",
             "name": "Multi-Stage Channels",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1104",
             "url": "https://attack.mitre.org/techniques/T1104",
             "deprecated": false
@@ -3712,6 +4170,7 @@ export const intel = {
             "stixId": "attack-pattern--853c4192-4311-43e1-bfbb-b11b14911852",
             "name": "Execution Guardrails",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1480",
             "url": "https://attack.mitre.org/techniques/T1480",
             "deprecated": false
@@ -3720,6 +4179,7 @@ export const intel = {
             "stixId": "attack-pattern--8565825b-21c8-4518-b75e-cbc4c717a156",
             "name": "Cloud Storage Object Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1619",
             "url": "https://attack.mitre.org/techniques/T1619",
             "deprecated": false
@@ -3728,6 +4188,7 @@ export const intel = {
             "stixId": "attack-pattern--861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a",
             "name": "Web Cookies",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1606.001",
             "url": "https://attack.mitre.org/techniques/T1606/001",
             "deprecated": false
@@ -3736,6 +4197,7 @@ export const intel = {
             "stixId": "attack-pattern--86850eff-2729-40c3-b85e-c4af26da4a2d",
             "name": "Token Impersonation/Theft",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1134.001",
             "url": "https://attack.mitre.org/techniques/T1134/001",
             "deprecated": false
@@ -3744,6 +4206,7 @@ export const intel = {
             "stixId": "attack-pattern--86a96bf6-cf8b-411c-aaeb-8959944d64f7",
             "name": "Exfiltration to Code Repository",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1567.001",
             "url": "https://attack.mitre.org/techniques/T1567/001",
             "deprecated": false
@@ -3752,6 +4215,7 @@ export const intel = {
             "stixId": "attack-pattern--8861073d-d1b8-4941-82ce-dce621d398f0",
             "name": "Cloud Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.007",
             "url": "https://attack.mitre.org/techniques/T1021/007",
             "deprecated": false
@@ -3760,6 +4224,7 @@ export const intel = {
             "stixId": "attack-pattern--8868cb5b-d575-4a60-acb2-07d37389a2fd",
             "name": "Port Knocking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1205.001",
             "url": "https://attack.mitre.org/techniques/T1205/001",
             "deprecated": false
@@ -3768,6 +4233,7 @@ export const intel = {
             "stixId": "attack-pattern--88d31120-5bc7-4ce3-a9c0-7cf147be8e54",
             "name": "Web Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1583.006",
             "url": "https://attack.mitre.org/techniques/T1583/006",
             "deprecated": false
@@ -3776,6 +4242,7 @@ export const intel = {
             "stixId": "attack-pattern--890c9858-598c-401d-a4d5-c67ebcdd703a",
             "name": "Steal Application Access Token",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1528",
             "url": "https://attack.mitre.org/techniques/T1528",
             "deprecated": false
@@ -3784,6 +4251,7 @@ export const intel = {
             "stixId": "attack-pattern--8982a661-d84c-48c0-b4ec-1db29c6cf3bc",
             "name": "Spearphishing Attachment",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1598.002",
             "url": "https://attack.mitre.org/techniques/T1598/002",
             "deprecated": false
@@ -3792,6 +4260,7 @@ export const intel = {
             "stixId": "attack-pattern--8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
             "name": "Additional Cloud Credentials",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1098.001",
             "url": "https://attack.mitre.org/techniques/T1098/001",
             "deprecated": false
@@ -3800,6 +4269,7 @@ export const intel = {
             "stixId": "attack-pattern--8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
             "name": "User Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1204",
             "url": "https://attack.mitre.org/techniques/T1204",
             "deprecated": false
@@ -3808,6 +4278,7 @@ export const intel = {
             "stixId": "attack-pattern--8c41090b-aa47-4331-986b-8c9a51a91103",
             "name": "Internal Defacement",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1491.001",
             "url": "https://attack.mitre.org/techniques/T1491/001",
             "deprecated": false
@@ -3816,6 +4287,7 @@ export const intel = {
             "stixId": "attack-pattern--8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
             "name": "Hidden Users",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.002",
             "url": "https://attack.mitre.org/techniques/T1564/002",
             "deprecated": false
@@ -3824,6 +4296,7 @@ export const intel = {
             "stixId": "attack-pattern--8cdeb020-e31e-4f88-a582-f53dcfbda819",
             "name": "Make and Impersonate Token",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1134.003",
             "url": "https://attack.mitre.org/techniques/T1134/003",
             "deprecated": false
@@ -3832,6 +4305,7 @@ export const intel = {
             "stixId": "attack-pattern--8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
             "name": "Group Policy Preferences",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.006",
             "url": "https://attack.mitre.org/techniques/T1552/006",
             "deprecated": false
@@ -3840,6 +4314,7 @@ export const intel = {
             "stixId": "attack-pattern--8df54627-376c-487c-a09c-7d2b5620f56e",
             "name": "Control Panel Items",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1196",
             "url": "https://attack.mitre.org/techniques/T1196",
             "deprecated": true
@@ -3848,6 +4323,7 @@ export const intel = {
             "stixId": "attack-pattern--8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
             "name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1048.002",
             "url": "https://attack.mitre.org/techniques/T1048/002",
             "deprecated": false
@@ -3856,6 +4332,7 @@ export const intel = {
             "stixId": "attack-pattern--8f104855-e5b7-4077-b1f5-bc3103b41abe",
             "name": "Cloud Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1087.004",
             "url": "https://attack.mitre.org/techniques/T1087/004",
             "deprecated": false
@@ -3864,6 +4341,7 @@ export const intel = {
             "stixId": "attack-pattern--8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
             "name": "Process Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1057",
             "url": "https://attack.mitre.org/techniques/T1057",
             "deprecated": false
@@ -3872,6 +4350,7 @@ export const intel = {
             "stixId": "attack-pattern--8f504411-cb96-4dac-a537-8d2bb7679c59",
             "name": "Impair Command History Logging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.003",
             "url": "https://attack.mitre.org/techniques/T1562/003",
             "deprecated": false
@@ -3880,6 +4359,7 @@ export const intel = {
             "stixId": "attack-pattern--8faedf87-dceb-4c35-b2a2-7286f59a3bc3",
             "name": "Launchd",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.004",
             "url": "https://attack.mitre.org/techniques/T1053/004",
             "deprecated": true
@@ -3888,6 +4368,7 @@ export const intel = {
             "stixId": "attack-pattern--90c4a591-d02d-490b-92aa-619d9701ac04",
             "name": "Network Provider DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.008",
             "url": "https://attack.mitre.org/techniques/T1556/008",
             "deprecated": false
@@ -3896,6 +4377,7 @@ export const intel = {
             "stixId": "attack-pattern--910906dd-8c0a-475a-9cc1-5e029e2fad58",
             "name": "Windows Management Instrumentation Event Subscription",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.003",
             "url": "https://attack.mitre.org/techniques/T1546/003",
             "deprecated": false
@@ -3904,6 +4386,7 @@ export const intel = {
             "stixId": "attack-pattern--91177e6d-b616-4a03-ba4b-f3b32f7dda75",
             "name": "CDNs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1596.004",
             "url": "https://attack.mitre.org/techniques/T1596/004",
             "deprecated": false
@@ -3912,6 +4395,7 @@ export const intel = {
             "stixId": "attack-pattern--91541e7e-b969-40c6-bbd8-1b5352ec2938",
             "name": "User Activity Based Checks",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1497.002",
             "url": "https://attack.mitre.org/techniques/T1497/002",
             "deprecated": false
@@ -3920,6 +4404,7 @@ export const intel = {
             "stixId": "attack-pattern--91ce1ede-107f-4d8b-bf4c-735e8789c94b",
             "name": "Input Prompt",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1141",
             "url": "https://attack.mitre.org/techniques/T1141",
             "deprecated": true
@@ -3928,6 +4413,7 @@ export const intel = {
             "stixId": "attack-pattern--926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5",
             "name": "Cloud Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1585.003",
             "url": "https://attack.mitre.org/techniques/T1585/003",
             "deprecated": false
@@ -3936,6 +4422,7 @@ export const intel = {
             "stixId": "attack-pattern--92a78814-b191-47ca-909c-1ccfe3777414",
             "name": "Software Deployment Tools",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1072",
             "url": "https://attack.mitre.org/techniques/T1072",
             "deprecated": false
@@ -3944,6 +4431,7 @@ export const intel = {
             "stixId": "attack-pattern--92d7da27-2d91-488e-a00c-059dc162766d",
             "name": "Exfiltration Over C2 Channel",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1041",
             "url": "https://attack.mitre.org/techniques/T1041",
             "deprecated": false
@@ -3952,6 +4440,7 @@ export const intel = {
             "stixId": "attack-pattern--93591901-3172-4e94-abf8-6034ab26f44a",
             "name": "Parent PID Spoofing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1134.004",
             "url": "https://attack.mitre.org/techniques/T1134/004",
             "deprecated": false
@@ -3960,6 +4449,7 @@ export const intel = {
             "stixId": "attack-pattern--937e4772-8441-4e4a-8bf0-8d447d667e23",
             "name": "Gather Victim Org Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1591",
             "url": "https://attack.mitre.org/techniques/T1591",
             "deprecated": false
@@ -3968,6 +4458,7 @@ export const intel = {
             "stixId": "attack-pattern--9422fc14-1c43-410d-ab0f-a709b76c72dc",
             "name": "Registry Run Keys / Startup Folder",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1060",
             "url": "https://attack.mitre.org/techniques/T1060",
             "deprecated": true
@@ -3976,6 +4467,7 @@ export const intel = {
             "stixId": "attack-pattern--94cb00a4-b295-4d06-aa2b-5653b9c1be9c",
             "name": "Forge Web Credentials",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1606",
             "url": "https://attack.mitre.org/techniques/T1606",
             "deprecated": false
@@ -3984,6 +4476,7 @@ export const intel = {
             "stixId": "attack-pattern--954a1639-f2d6-407d-aef3-4917622ca493",
             "name": "Multi-Factor Authentication Request Generation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1621",
             "url": "https://attack.mitre.org/techniques/T1621",
             "deprecated": false
@@ -3992,6 +4485,7 @@ export const intel = {
             "stixId": "attack-pattern--960c3c86-1480-4d72-b4e0-8c242e84a5c5",
             "name": "Compromise Client Software Binary",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1554",
             "url": "https://attack.mitre.org/techniques/T1554",
             "deprecated": false
@@ -4000,6 +4494,7 @@ export const intel = {
             "stixId": "attack-pattern--9664ad0e-789e-40ac-82e2-d7b17fbe8fb3",
             "name": "Chat Messages",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.008",
             "url": "https://attack.mitre.org/techniques/T1552/008",
             "deprecated": false
@@ -4008,6 +4503,7 @@ export const intel = {
             "stixId": "attack-pattern--970a3432-3237-47ad-bcca-7d8cbb217736",
             "name": "PowerShell",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.001",
             "url": "https://attack.mitre.org/techniques/T1059/001",
             "deprecated": false
@@ -4016,6 +4512,7 @@ export const intel = {
             "stixId": "attack-pattern--970cdb5c-02fb-4c38-b17e-d6327cf3c810",
             "name": "Shortcut Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1023",
             "url": "https://attack.mitre.org/techniques/T1023",
             "deprecated": true
@@ -4024,6 +4521,7 @@ export const intel = {
             "stixId": "attack-pattern--98034fef-d9fb-4667-8dc4-2eab6231724c",
             "name": "Change Default File Association",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.001",
             "url": "https://attack.mitre.org/techniques/T1546/001",
             "deprecated": false
@@ -4032,6 +4530,7 @@ export const intel = {
             "stixId": "attack-pattern--98be40f2-c86b-4ade-b6fc-4964932040e5",
             "name": "VDSO Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.014",
             "url": "https://attack.mitre.org/techniques/T1055/014",
             "deprecated": false
@@ -4040,6 +4539,7 @@ export const intel = {
             "stixId": "attack-pattern--99709758-2b96-48f2-a68a-ad7fbd828091",
             "name": "Multiband Communication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1026",
             "url": "https://attack.mitre.org/techniques/T1026",
             "deprecated": true
@@ -4048,6 +4548,7 @@ export const intel = {
             "stixId": "attack-pattern--9a60a291-8960-4387-8a4a-2ab5c18bb50b",
             "name": "File Transfer Protocols",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1071.002",
             "url": "https://attack.mitre.org/techniques/T1071/002",
             "deprecated": false
@@ -4056,6 +4557,7 @@ export const intel = {
             "stixId": "attack-pattern--9b52fca7-1a36-4da0-b62d-da5bd83b4d69",
             "name": "Component Object Model Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1122",
             "url": "https://attack.mitre.org/techniques/T1122",
             "deprecated": true
@@ -4064,6 +4566,7 @@ export const intel = {
             "stixId": "attack-pattern--9b99b83a-1aac-4e29-b975-b374950551a3",
             "name": "Accessibility Features",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1015",
             "url": "https://attack.mitre.org/techniques/T1015",
             "deprecated": true
@@ -4072,6 +4575,7 @@ export const intel = {
             "stixId": "attack-pattern--9c306d8d-cde7-4b4c-b6e8-d0bb16caca36",
             "name": "Exploitation for Credential Access",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1212",
             "url": "https://attack.mitre.org/techniques/T1212",
             "deprecated": false
@@ -4080,6 +4584,7 @@ export const intel = {
             "stixId": "attack-pattern--9c45eaa3-8604-4780-8988-b5074dbb9ecd",
             "name": "Emond",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.014",
             "url": "https://attack.mitre.org/techniques/T1546/014",
             "deprecated": false
@@ -4088,6 +4593,7 @@ export const intel = {
             "stixId": "attack-pattern--9c99724c-a483-4d60-ad9d-7f004e42e8e8",
             "name": "One-Way Communication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1102.003",
             "url": "https://attack.mitre.org/techniques/T1102/003",
             "deprecated": false
@@ -4096,6 +4602,7 @@ export const intel = {
             "stixId": "attack-pattern--9d48cab2-7929-4812-ad22-f536665f0109",
             "name": "Gather Victim Network Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590",
             "url": "https://attack.mitre.org/techniques/T1590",
             "deprecated": false
@@ -4104,6 +4611,7 @@ export const intel = {
             "stixId": "attack-pattern--9db0cf3a-a3c9-4012-8268-123b9db6fd82",
             "name": "Exploitation of Remote Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1210",
             "url": "https://attack.mitre.org/techniques/T1210",
             "deprecated": false
@@ -4112,6 +4620,7 @@ export const intel = {
             "stixId": "attack-pattern--9ddc2534-e91c-4dab-a8f6-43dab81e8142",
             "name": "Parent PID Spoofing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1502",
             "url": "https://attack.mitre.org/techniques/T1502",
             "deprecated": true
@@ -4120,6 +4629,7 @@ export const intel = {
             "stixId": "attack-pattern--9e09ddb2-1746-4448-9cad-7f8b41777d6d",
             "name": "Keychain",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1142",
             "url": "https://attack.mitre.org/techniques/T1142",
             "deprecated": true
@@ -4128,6 +4638,7 @@ export const intel = {
             "stixId": "attack-pattern--9e7452df-5144-4b6e-b04a-b66dd4016747",
             "name": "Internal Spearphishing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1534",
             "url": "https://attack.mitre.org/techniques/T1534",
             "deprecated": false
@@ -4136,6 +4647,7 @@ export const intel = {
             "stixId": "attack-pattern--9e80ddfb-ce32-4961-a778-ca6a10cfae72",
             "name": "Sudo",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1169",
             "url": "https://attack.mitre.org/techniques/T1169",
             "deprecated": true
@@ -4144,6 +4656,7 @@ export const intel = {
             "stixId": "attack-pattern--9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd",
             "name": "Services File Permissions Weakness",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.010",
             "url": "https://attack.mitre.org/techniques/T1574/010",
             "deprecated": false
@@ -4152,6 +4665,7 @@ export const intel = {
             "stixId": "attack-pattern--9efb1ea7-c37b-4595-9640-b7680cd84279",
             "name": "Registry Run Keys / Startup Folder",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.001",
             "url": "https://attack.mitre.org/techniques/T1547/001",
             "deprecated": false
@@ -4160,6 +4674,7 @@ export const intel = {
             "stixId": "attack-pattern--9fa07bef-9c81-421e-a8e5-ad4366c5a925",
             "name": "Trusted Relationship",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1199",
             "url": "https://attack.mitre.org/techniques/T1199",
             "deprecated": false
@@ -4168,6 +4683,7 @@ export const intel = {
             "stixId": "attack-pattern--a009cb25-4801-4116-9105-80a91cf15c1b",
             "name": "Cloud Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1136.003",
             "url": "https://attack.mitre.org/techniques/T1136/003",
             "deprecated": false
@@ -4176,6 +4692,7 @@ export const intel = {
             "stixId": "attack-pattern--a01bf75f-00b2-4568-a58f-565ff9bf202b",
             "name": "Local Groups",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1069.001",
             "url": "https://attack.mitre.org/techniques/T1069/001",
             "deprecated": false
@@ -4184,6 +4701,7 @@ export const intel = {
             "stixId": "attack-pattern--a0a189c8-d3bd-4991-bf6f-153d185ee373",
             "name": "LC_MAIN Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1149",
             "url": "https://attack.mitre.org/techniques/T1149",
             "deprecated": true
@@ -4192,6 +4710,7 @@ export const intel = {
             "stixId": "attack-pattern--a0e6614a-7740-4b24-bd65-f1bde09fc365",
             "name": "Search Open Websites/Domains",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1593",
             "url": "https://attack.mitre.org/techniques/T1593",
             "deprecated": false
@@ -4200,6 +4719,7 @@ export const intel = {
             "stixId": "attack-pattern--a10641f4-87b4-45a3-a906-92a149cb2c27",
             "name": "Account Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1098",
             "url": "https://attack.mitre.org/techniques/T1098",
             "deprecated": false
@@ -4208,6 +4728,7 @@ export const intel = {
             "stixId": "attack-pattern--a127c32c-cbb0-4f9d-be07-881a792408ec",
             "name": "Mshta",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1170",
             "url": "https://attack.mitre.org/techniques/T1170",
             "deprecated": true
@@ -4216,6 +4737,7 @@ export const intel = {
             "stixId": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
             "name": "Exfiltration Over Alternative Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1048",
             "url": "https://attack.mitre.org/techniques/T1048",
             "deprecated": false
@@ -4224,6 +4746,7 @@ export const intel = {
             "stixId": "attack-pattern--a1b52199-c8c5-438a-9ded-656f1d0888c6",
             "name": "Kernel Modules and Extensions",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.006",
             "url": "https://attack.mitre.org/techniques/T1547/006",
             "deprecated": false
@@ -4232,6 +4755,7 @@ export const intel = {
             "stixId": "attack-pattern--a2029942-0a85-4947-b23c-ca434698171d",
             "name": "GUI Input Capture",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1056.002",
             "url": "https://attack.mitre.org/techniques/T1056/002",
             "deprecated": false
@@ -4240,6 +4764,7 @@ export const intel = {
             "stixId": "attack-pattern--a257ed11-ff3b-4216-8c9d-3938ef57064c",
             "name": "Pass the Ticket",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1097",
             "url": "https://attack.mitre.org/techniques/T1097",
             "deprecated": true
@@ -4248,6 +4773,7 @@ export const intel = {
             "stixId": "attack-pattern--a2fdce72-04b2-409a-ac10-cc1695f4fce0",
             "name": "Tool",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588.002",
             "url": "https://attack.mitre.org/techniques/T1588/002",
             "deprecated": false
@@ -4256,6 +4782,7 @@ export const intel = {
             "stixId": "attack-pattern--a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
             "name": "Exfiltration over USB",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1052.001",
             "url": "https://attack.mitre.org/techniques/T1052/001",
             "deprecated": false
@@ -4264,6 +4791,7 @@ export const intel = {
             "stixId": "attack-pattern--a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde",
             "name": "KernelCallbackTable",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.013",
             "url": "https://attack.mitre.org/techniques/T1574/013",
             "deprecated": false
@@ -4272,6 +4800,7 @@ export const intel = {
             "stixId": "attack-pattern--a51eb150-93b1-484b-a503-e51453b127a4",
             "name": "Search Closed Sources",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1597",
             "url": "https://attack.mitre.org/techniques/T1597",
             "deprecated": false
@@ -4280,6 +4809,7 @@ export const intel = {
             "stixId": "attack-pattern--a542bac9-7bc1-4da7-9a09-96f69e23cc21",
             "name": "Systemd Timers",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.006",
             "url": "https://attack.mitre.org/techniques/T1053/006",
             "deprecated": false
@@ -4288,6 +4818,7 @@ export const intel = {
             "stixId": "attack-pattern--a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
             "name": "Phishing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1566",
             "url": "https://attack.mitre.org/techniques/T1566",
             "deprecated": false
@@ -4296,6 +4827,7 @@ export const intel = {
             "stixId": "attack-pattern--a6525aec-acc4-47fe-92f9-b9b4de4b9228",
             "name": "Graphical User Interface",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1061",
             "url": "https://attack.mitre.org/techniques/T1061",
             "deprecated": true
@@ -4304,6 +4836,7 @@ export const intel = {
             "stixId": "attack-pattern--a6557c75-798f-42e4-be70-ab4502e0a3bc",
             "name": "ROMMONkit",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1542.004",
             "url": "https://attack.mitre.org/techniques/T1542/004",
             "deprecated": false
@@ -4312,6 +4845,7 @@ export const intel = {
             "stixId": "attack-pattern--a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
             "name": "Compiled HTML File",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.001",
             "url": "https://attack.mitre.org/techniques/T1218/001",
             "deprecated": false
@@ -4320,6 +4854,7 @@ export const intel = {
             "stixId": "attack-pattern--a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
             "name": "Network Share Connection Removal",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.005",
             "url": "https://attack.mitre.org/techniques/T1070/005",
             "deprecated": false
@@ -4328,6 +4863,7 @@ export const intel = {
             "stixId": "attack-pattern--a782ebe2-daba-42c7-bc82-e8e9d923162d",
             "name": "Multi-hop Proxy",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1090.003",
             "url": "https://attack.mitre.org/techniques/T1090/003",
             "deprecated": false
@@ -4336,6 +4872,7 @@ export const intel = {
             "stixId": "attack-pattern--a93494bb-4b80-4ea1-8695-3236a49916fd",
             "name": "Brute Force",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1110",
             "url": "https://attack.mitre.org/techniques/T1110",
             "deprecated": false
@@ -4344,6 +4881,7 @@ export const intel = {
             "stixId": "attack-pattern--a9d4b653-6915-42af-98b2-5758c4ceee56",
             "name": "Unix Shell",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.004",
             "url": "https://attack.mitre.org/techniques/T1059/004",
             "deprecated": false
@@ -4352,6 +4890,7 @@ export const intel = {
             "stixId": "attack-pattern--a9e2cea0-c805-4bf8-9e31-f5f0513a3634",
             "name": "Outlook Forms",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137.003",
             "url": "https://attack.mitre.org/techniques/T1137/003",
             "deprecated": false
@@ -4360,6 +4899,7 @@ export const intel = {
             "stixId": "attack-pattern--aa8bfbc9-78dc-41a4-a03b-7453e0fdccda",
             "name": "Dylib Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1157",
             "url": "https://attack.mitre.org/techniques/T1157",
             "deprecated": true
@@ -4368,6 +4908,7 @@ export const intel = {
             "stixId": "attack-pattern--ac08589e-ee59-4935-8667-d845e38fe579",
             "name": "Disable or Modify Tools",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.001",
             "url": "https://attack.mitre.org/techniques/T1562/001",
             "deprecated": false
@@ -4376,6 +4917,7 @@ export const intel = {
             "stixId": "attack-pattern--ac9e6b22-11bf-45d7-9181-c1cb08360931",
             "name": "Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1565",
             "url": "https://attack.mitre.org/techniques/T1565",
             "deprecated": false
@@ -4384,6 +4926,7 @@ export const intel = {
             "stixId": "attack-pattern--acd0ba37-7ba9-4cc5-ac61-796586cd856d",
             "name": "Inter-Process Communication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1559",
             "url": "https://attack.mitre.org/techniques/T1559",
             "deprecated": false
@@ -4392,6 +4935,7 @@ export const intel = {
             "stixId": "attack-pattern--ad255bfe-a9e6-4b52-a258-8d3462abe842",
             "name": "Data Obfuscation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1001",
             "url": "https://attack.mitre.org/techniques/T1001",
             "deprecated": false
@@ -4400,6 +4944,7 @@ export const intel = {
             "stixId": "attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c",
             "name": "Data from Network Shared Drive",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1039",
             "url": "https://attack.mitre.org/techniques/T1039",
             "deprecated": false
@@ -4408,6 +4953,7 @@ export const intel = {
             "stixId": "attack-pattern--ae797531-3219-49a4-bccf-324ad7a4c7b2",
             "name": "Web Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.006",
             "url": "https://attack.mitre.org/techniques/T1584/006",
             "deprecated": false
@@ -4416,6 +4962,7 @@ export const intel = {
             "stixId": "attack-pattern--ae7f3575-0a5e-427e-991b-fe03ad44c754",
             "name": "Modify System Image",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1601",
             "url": "https://attack.mitre.org/techniques/T1601",
             "deprecated": false
@@ -4424,6 +4971,7 @@ export const intel = {
             "stixId": "attack-pattern--aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
             "name": "Hijack Execution Flow",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574",
             "url": "https://attack.mitre.org/techniques/T1574",
             "deprecated": false
@@ -4432,6 +4980,7 @@ export const intel = {
             "stixId": "attack-pattern--b0533c6e-8fea-4788-874f-b799cacc4b92",
             "name": "Indicator Removal from Tools",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.005",
             "url": "https://attack.mitre.org/techniques/T1027/005",
             "deprecated": false
@@ -4440,6 +4989,7 @@ export const intel = {
             "stixId": "attack-pattern--b0c74ef9-c61e-4986-88cb-78da98a355ec",
             "name": "Malicious Image",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1204.003",
             "url": "https://attack.mitre.org/techniques/T1204/003",
             "deprecated": false
@@ -4448,6 +4998,7 @@ export const intel = {
             "stixId": "attack-pattern--b17a1a56-e99c-403c-8948-561df0cffe81",
             "name": "Valid Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1078",
             "url": "https://attack.mitre.org/techniques/T1078",
             "deprecated": false
@@ -4456,6 +5007,7 @@ export const intel = {
             "stixId": "attack-pattern--b18eae87-b469-4e14-b454-b171b416bc18",
             "name": "Non-Standard Port",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1571",
             "url": "https://attack.mitre.org/techniques/T1571",
             "deprecated": false
@@ -4464,6 +5016,7 @@ export const intel = {
             "stixId": "attack-pattern--b1ccd744-3f78-4a0e-9bb2-2002057f7928",
             "name": "Social Media Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1585.001",
             "url": "https://attack.mitre.org/techniques/T1585/001",
             "deprecated": false
@@ -4472,6 +5025,7 @@ export const intel = {
             "stixId": "attack-pattern--b2001907-166b-4d71-bb3c-9d26c871de09",
             "name": "DLL Side-Loading",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1073",
             "url": "https://attack.mitre.org/techniques/T1073",
             "deprecated": true
@@ -4480,6 +5034,7 @@ export const intel = {
             "stixId": "attack-pattern--b200542e-e877-4395-875b-cf1a44537ca4",
             "name": "Process Hollowing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.012",
             "url": "https://attack.mitre.org/techniques/T1055/012",
             "deprecated": false
@@ -4488,6 +5043,7 @@ export const intel = {
             "stixId": "attack-pattern--b21c3b2d-02e6-45b1-980b-e69051040839",
             "name": "Exploitation for Privilege Escalation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1068",
             "url": "https://attack.mitre.org/techniques/T1068",
             "deprecated": false
@@ -4496,6 +5052,7 @@ export const intel = {
             "stixId": "attack-pattern--b22e5153-ac28-4cc6-865c-2054e36285cb",
             "name": "Resource Forking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.009",
             "url": "https://attack.mitre.org/techniques/T1564/009",
             "deprecated": false
@@ -4504,6 +5061,7 @@ export const intel = {
             "stixId": "attack-pattern--b24e2a20-3b3d-4bf0-823b-1ed765398fb0",
             "name": "Account Access Removal",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1531",
             "url": "https://attack.mitre.org/techniques/T1531",
             "deprecated": false
@@ -4512,6 +5070,7 @@ export const intel = {
             "stixId": "attack-pattern--b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
             "name": "Credential Stuffing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1110.004",
             "url": "https://attack.mitre.org/techniques/T1110/004",
             "deprecated": false
@@ -4520,6 +5079,7 @@ export const intel = {
             "stixId": "attack-pattern--b39d03cb-7b98-41c4-a878-c40c1a913dc0",
             "name": "Kerberoasting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1208",
             "url": "https://attack.mitre.org/techniques/T1208",
             "deprecated": true
@@ -4528,6 +5088,7 @@ export const intel = {
             "stixId": "attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
             "name": "Obfuscated Files or Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027",
             "url": "https://attack.mitre.org/techniques/T1027",
             "deprecated": false
@@ -4536,6 +5097,7 @@ export const intel = {
             "stixId": "attack-pattern--b4409cd8-0da9-46e1-a401-a241afd4d1cc",
             "name": "Multi-Factor Authentication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.006",
             "url": "https://attack.mitre.org/techniques/T1556/006",
             "deprecated": false
@@ -4544,6 +5106,7 @@ export const intel = {
             "stixId": "attack-pattern--b4694861-542c-48ea-9eb1-10d356e7140a",
             "name": "Remote Email Collection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1114.002",
             "url": "https://attack.mitre.org/techniques/T1114/002",
             "deprecated": false
@@ -4552,6 +5115,7 @@ export const intel = {
             "stixId": "attack-pattern--b46a801b-fd98-491c-a25a-bca25d6e3001",
             "name": "IIS Components",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1505.004",
             "url": "https://attack.mitre.org/techniques/T1505/004",
             "deprecated": false
@@ -4560,6 +5124,7 @@ export const intel = {
             "stixId": "attack-pattern--b4b7458f-81f2-4d38-84be-1c5ba0167a52",
             "name": "Invalid Code Signature",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.001",
             "url": "https://attack.mitre.org/techniques/T1036/001",
             "deprecated": false
@@ -4568,6 +5133,7 @@ export const intel = {
             "stixId": "attack-pattern--b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
             "name": "Run Virtual Instance",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.006",
             "url": "https://attack.mitre.org/techniques/T1564/006",
             "deprecated": false
@@ -4576,6 +5142,7 @@ export const intel = {
             "stixId": "attack-pattern--b53dbcc6-147d-48bb-9df4-bcb8bb808ff6",
             "name": "Trap",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1154",
             "url": "https://attack.mitre.org/techniques/T1154",
             "deprecated": true
@@ -4584,6 +5151,7 @@ export const intel = {
             "stixId": "attack-pattern--b6075259-dba3-44e9-87c7-e954f37ec0d5",
             "name": "Password Policy Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1201",
             "url": "https://attack.mitre.org/techniques/T1201",
             "deprecated": false
@@ -4592,6 +5160,7 @@ export const intel = {
             "stixId": "attack-pattern--b6301b64-ef57-4cce-bb0b-77026f14a8db",
             "name": "Event Triggered Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546",
             "url": "https://attack.mitre.org/techniques/T1546",
             "deprecated": false
@@ -4600,6 +5169,7 @@ export const intel = {
             "stixId": "attack-pattern--b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
             "name": "Unix Shell Configuration Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.004",
             "url": "https://attack.mitre.org/techniques/T1546/004",
             "deprecated": false
@@ -4608,6 +5178,7 @@ export const intel = {
             "stixId": "attack-pattern--b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
             "name": "Forced Authentication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1187",
             "url": "https://attack.mitre.org/techniques/T1187",
             "deprecated": false
@@ -4616,6 +5187,7 @@ export const intel = {
             "stixId": "attack-pattern--b7dc639b-24cd-482d-a7f1-8897eda21023",
             "name": "SID-History Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1134.005",
             "url": "https://attack.mitre.org/techniques/T1134/005",
             "deprecated": false
@@ -4624,6 +5196,7 @@ export const intel = {
             "stixId": "attack-pattern--b8017880-4b1e-42de-ad10-ae7ac6705166",
             "name": "Network Boundary Bridging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1599",
             "url": "https://attack.mitre.org/techniques/T1599",
             "deprecated": false
@@ -4632,6 +5205,7 @@ export const intel = {
             "stixId": "attack-pattern--b80d107d-fa0d-4b60-9684-b0433e8bdba0",
             "name": "Data Encrypted for Impact",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1486",
             "url": "https://attack.mitre.org/techniques/T1486",
             "deprecated": false
@@ -4640,6 +5214,7 @@ export const intel = {
             "stixId": "attack-pattern--b82f7d37-b826-4ec9-9391-8e121c78aed7",
             "name": "Disk Content Wipe",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1488",
             "url": "https://attack.mitre.org/techniques/T1488",
             "deprecated": true
@@ -4648,6 +5223,7 @@ export const intel = {
             "stixId": "attack-pattern--b83e166d-13d7-4b52-8677-dff90c548fd7",
             "name": "Subvert Trust Controls",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553",
             "url": "https://attack.mitre.org/techniques/T1553",
             "deprecated": false
@@ -4656,6 +5232,7 @@ export const intel = {
             "stixId": "attack-pattern--b84903f0-c7d5-435d-a69e-de47cc3578c0",
             "name": "Elevated Execution with Prompt",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1548.004",
             "url": "https://attack.mitre.org/techniques/T1548/004",
             "deprecated": false
@@ -4664,6 +5241,7 @@ export const intel = {
             "stixId": "attack-pattern--b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d",
             "name": "Firmware",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1592.003",
             "url": "https://attack.mitre.org/techniques/T1592/003",
             "deprecated": false
@@ -4672,6 +5250,7 @@ export const intel = {
             "stixId": "attack-pattern--b8902400-e6c5-4ba2-95aa-2d35b442b118",
             "name": "Encrypted Channel",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1573",
             "url": "https://attack.mitre.org/techniques/T1573",
             "deprecated": false
@@ -4680,6 +5259,7 @@ export const intel = {
             "stixId": "attack-pattern--b8c5c9dd-a662-479d-9428-ae745872537c",
             "name": "Password Filter DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1174",
             "url": "https://attack.mitre.org/techniques/T1174",
             "deprecated": true
@@ -4688,6 +5268,7 @@ export const intel = {
             "stixId": "attack-pattern--b8cfed42-6a8a-4989-ad72-541af74475ec",
             "name": "Authentication Package",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.002",
             "url": "https://attack.mitre.org/techniques/T1547/002",
             "deprecated": false
@@ -4696,6 +5277,7 @@ export const intel = {
             "stixId": "attack-pattern--b97f1d35-4249-4486-a6b5-ee60ccf24fab",
             "name": "Regsvr32",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.010",
             "url": "https://attack.mitre.org/techniques/T1218/010",
             "deprecated": false
@@ -4704,6 +5286,7 @@ export const intel = {
             "stixId": "attack-pattern--b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
             "name": "Data Compressed",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1002",
             "url": "https://attack.mitre.org/techniques/T1002",
             "deprecated": true
@@ -4712,6 +5295,7 @@ export const intel = {
             "stixId": "attack-pattern--ba04e672-da86-4e69-aa15-0eca5db25f43",
             "name": "Exfiltration to Text Storage Sites",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1567.003",
             "url": "https://attack.mitre.org/techniques/T1567/003",
             "deprecated": false
@@ -4720,6 +5304,7 @@ export const intel = {
             "stixId": "attack-pattern--ba8e391f-14b5-496f-81f2-2d5ecd646c1c",
             "name": "Credentials in Files",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1081",
             "url": "https://attack.mitre.org/techniques/T1081",
             "deprecated": true
@@ -4728,6 +5313,7 @@ export const intel = {
             "stixId": "attack-pattern--baf60e1a-afe5-4d31-830f-1b1ba2351884",
             "name": "Software",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1592.002",
             "url": "https://attack.mitre.org/techniques/T1592/002",
             "deprecated": false
@@ -4736,6 +5322,7 @@ export const intel = {
             "stixId": "attack-pattern--bb0e0cb5-f3e4-4118-a4cb-6bf13bfbc9f2",
             "name": "Netsh Helper DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1128",
             "url": "https://attack.mitre.org/techniques/T1128",
             "deprecated": true
@@ -4744,6 +5331,7 @@ export const intel = {
             "stixId": "attack-pattern--bb5a00de-e086-4859-a231-fa793f6797e2",
             "name": "Input Capture",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1056",
             "url": "https://attack.mitre.org/techniques/T1056",
             "deprecated": false
@@ -4752,6 +5340,7 @@ export const intel = {
             "stixId": "attack-pattern--bbc3cba7-84ae-410d-b18b-16750731dfa2",
             "name": "Exploits",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1587.004",
             "url": "https://attack.mitre.org/techniques/T1587/004",
             "deprecated": false
@@ -4760,6 +5349,7 @@ export const intel = {
             "stixId": "attack-pattern--bbe5b322-e2af-4a5e-9625-a4e62bf84ed3",
             "name": "Social Media",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1593.001",
             "url": "https://attack.mitre.org/techniques/T1593/001",
             "deprecated": false
@@ -4768,6 +5358,7 @@ export const intel = {
             "stixId": "attack-pattern--bc0f5e80-91c0-4e04-9fbb-e4e332c85dae",
             "name": "Component Object Model Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.015",
             "url": "https://attack.mitre.org/techniques/T1546/015",
             "deprecated": false
@@ -4776,6 +5367,7 @@ export const intel = {
             "stixId": "attack-pattern--bc76d0a4-db11-4551-9ac4-01a469cfb161",
             "name": "Credentials",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1589.001",
             "url": "https://attack.mitre.org/techniques/T1589/001",
             "deprecated": false
@@ -4784,6 +5376,7 @@ export const intel = {
             "stixId": "attack-pattern--bd369cd9-abb8-41ce-b5bb-fff23ee86c00",
             "name": "Compromise Software Supply Chain",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1195.002",
             "url": "https://attack.mitre.org/techniques/T1195/002",
             "deprecated": false
@@ -4792,6 +5385,7 @@ export const intel = {
             "stixId": "attack-pattern--bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
             "name": "Rename System Utilities",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.003",
             "url": "https://attack.mitre.org/techniques/T1036/003",
             "deprecated": false
@@ -4800,6 +5394,7 @@ export const intel = {
             "stixId": "attack-pattern--be055942-6e63-49d7-9fa1-9cb7d8a8f3f4",
             "name": "Bidirectional Communication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1102.002",
             "url": "https://attack.mitre.org/techniques/T1102/002",
             "deprecated": false
@@ -4808,6 +5403,7 @@ export const intel = {
             "stixId": "attack-pattern--be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
             "name": "Exploitation for Client Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1203",
             "url": "https://attack.mitre.org/techniques/T1203",
             "deprecated": false
@@ -4816,6 +5412,7 @@ export const intel = {
             "stixId": "attack-pattern--bed04f7d-e48a-4e76-bd0f-4c57fe31fc46",
             "name": "Wordlist Scanning",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1595.003",
             "url": "https://attack.mitre.org/techniques/T1595/003",
             "deprecated": false
@@ -4824,6 +5421,7 @@ export const intel = {
             "stixId": "attack-pattern--bef8aaee-961d-4359-a308-4c2182bcedff",
             "name": "Spoof Security Alerting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.011",
             "url": "https://attack.mitre.org/techniques/T1562/011",
             "deprecated": false
@@ -4832,6 +5430,7 @@ export const intel = {
             "stixId": "attack-pattern--bf147104-abf9-4221-95d1-e81585859441",
             "name": "Outlook Home Page",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137.004",
             "url": "https://attack.mitre.org/techniques/T1137/004",
             "deprecated": false
@@ -4840,6 +5439,7 @@ export const intel = {
             "stixId": "attack-pattern--bf176076-b789-408e-8cba-7275e81c0ada",
             "name": "Asymmetric Cryptography",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1573.002",
             "url": "https://attack.mitre.org/techniques/T1573/002",
             "deprecated": false
@@ -4848,6 +5448,7 @@ export const intel = {
             "stixId": "attack-pattern--bf1b6176-597c-4600-bfcd-ac989670f96b",
             "name": "Exfiltration to Cloud Storage",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1567.002",
             "url": "https://attack.mitre.org/techniques/T1567/002",
             "deprecated": false
@@ -4856,6 +5457,7 @@ export const intel = {
             "stixId": "attack-pattern--bf90d72c-c00b-45e3-b3aa-68560560d4c5",
             "name": "Lateral Tool Transfer",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1570",
             "url": "https://attack.mitre.org/techniques/T1570",
             "deprecated": false
@@ -4864,6 +5466,7 @@ export const intel = {
             "stixId": "attack-pattern--bf96a5a3-3bce-43b7-8597-88545984c07b",
             "name": "Path Interception by Unquoted Path",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.009",
             "url": "https://attack.mitre.org/techniques/T1574/009",
             "deprecated": false
@@ -4872,6 +5475,7 @@ export const intel = {
             "stixId": "attack-pattern--c071d8c1-3b3a-4f22-9407-ca4e96921069",
             "name": "Install Digital Certificate",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608.003",
             "url": "https://attack.mitre.org/techniques/T1608/003",
             "deprecated": false
@@ -4880,6 +5484,7 @@ export const intel = {
             "stixId": "attack-pattern--c0a384a4-9a25-40e1-97b6-458388474bc8",
             "name": "Local Job Scheduling",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1168",
             "url": "https://attack.mitre.org/techniques/T1168",
             "deprecated": true
@@ -4888,6 +5493,7 @@ export const intel = {
             "stixId": "attack-pattern--c0df6533-30ee-4a4a-9c6d-17af5abdf0b2",
             "name": "Setuid and Setgid",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1166",
             "url": "https://attack.mitre.org/techniques/T1166",
             "deprecated": true
@@ -4896,6 +5502,7 @@ export const intel = {
             "stixId": "attack-pattern--c0dfe7b0-b873-4618-9ff8-53e31f70907f",
             "name": "Startup Items",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1037.005",
             "url": "https://attack.mitre.org/techniques/T1037/005",
             "deprecated": false
@@ -4904,6 +5511,7 @@ export const intel = {
             "stixId": "attack-pattern--c16e5409-ee53-4d79-afdc-4099dc9292df",
             "name": "Web Shell",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1100",
             "url": "https://attack.mitre.org/techniques/T1100",
             "deprecated": true
@@ -4912,6 +5520,7 @@ export const intel = {
             "stixId": "attack-pattern--c1a452f3-6499-4c12-b7e9-a6a0a102af76",
             "name": "Process Doppelgänging",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1186",
             "url": "https://attack.mitre.org/techniques/T1186",
             "deprecated": true
@@ -4920,6 +5529,7 @@ export const intel = {
             "stixId": "attack-pattern--c1b11bf7-c68e-4fbf-a95b-28efbe7953bb",
             "name": "SSH Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1184",
             "url": "https://attack.mitre.org/techniques/T1184",
             "deprecated": true
@@ -4928,6 +5538,7 @@ export const intel = {
             "stixId": "attack-pattern--c1b68a96-3c48-49ea-a6c0-9b27359f9c19",
             "name": "System Language Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1614.001",
             "url": "https://attack.mitre.org/techniques/T1614/001",
             "deprecated": false
@@ -4936,6 +5547,7 @@ export const intel = {
             "stixId": "attack-pattern--c21d5a77-d422-4a69-acd7-2c53c1faa34b",
             "name": "Non-Application Layer Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1095",
             "url": "https://attack.mitre.org/techniques/T1095",
             "deprecated": false
@@ -4944,6 +5556,7 @@ export const intel = {
             "stixId": "attack-pattern--c23b740b-a42b-47a1-aec2-9d48ddd547ff",
             "name": "Pass the Hash",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1075",
             "url": "https://attack.mitre.org/techniques/T1075",
             "deprecated": true
@@ -4952,6 +5565,7 @@ export const intel = {
             "stixId": "attack-pattern--c2e147a9-d1a8-4074-811a-d8789202d916",
             "name": "Steganography",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.003",
             "url": "https://attack.mitre.org/techniques/T1027/003",
             "deprecated": false
@@ -4960,6 +5574,7 @@ export const intel = {
             "stixId": "attack-pattern--c2f59d25-87fe-44aa-8f83-e8e59d077bf5",
             "name": "DNS Server",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.002",
             "url": "https://attack.mitre.org/techniques/T1584/002",
             "deprecated": false
@@ -4968,6 +5583,7 @@ export const intel = {
             "stixId": "attack-pattern--c325b232-d5bc-4dde-a3ec-71f3db9e8adc",
             "name": "Protocol Impersonation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1001.003",
             "url": "https://attack.mitre.org/techniques/T1001/003",
             "deprecated": false
@@ -4976,6 +5592,7 @@ export const intel = {
             "stixId": "attack-pattern--c32f7008-9fea-41f7-8366-5eb9b74bd896",
             "name": "Query Registry",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1012",
             "url": "https://attack.mitre.org/techniques/T1012",
             "deprecated": false
@@ -4984,6 +5601,7 @@ export const intel = {
             "stixId": "attack-pattern--c3888c54-775d-4b2f-b759-75a2ececcbfd",
             "name": "Data Transfer Size Limits",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1030",
             "url": "https://attack.mitre.org/techniques/T1030",
             "deprecated": false
@@ -4992,6 +5610,7 @@ export const intel = {
             "stixId": "attack-pattern--c3bce4f4-9795-46c6-976e-8676300bbc39",
             "name": "Windows Remote Management",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1028",
             "url": "https://attack.mitre.org/techniques/T1028",
             "deprecated": true
@@ -5000,6 +5619,7 @@ export const intel = {
             "stixId": "attack-pattern--c3c8c916-2f3c-4e71-94b2-240bdfc996f0",
             "name": "Web Session Cookie",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1550.004",
             "url": "https://attack.mitre.org/techniques/T1550/004",
             "deprecated": false
@@ -5008,6 +5628,7 @@ export const intel = {
             "stixId": "attack-pattern--c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
             "name": "Domain Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1078.002",
             "url": "https://attack.mitre.org/techniques/T1078/002",
             "deprecated": false
@@ -5016,6 +5637,7 @@ export const intel = {
             "stixId": "attack-pattern--c48a67ee-b657-45c1-91bf-6cdbe27205f8",
             "name": "Regsvcs/Regasm",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.009",
             "url": "https://attack.mitre.org/techniques/T1218/009",
             "deprecated": false
@@ -5024,6 +5646,7 @@ export const intel = {
             "stixId": "attack-pattern--c4ad009b-6e13-4419-8d21-918a1652de02",
             "name": "Path Interception",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1034",
             "url": "https://attack.mitre.org/techniques/T1034",
             "deprecated": true
@@ -5032,6 +5655,7 @@ export const intel = {
             "stixId": "attack-pattern--c5e31fb5-fcbd-48a4-af8c-5a6ed5b932e5",
             "name": "Web Session Cookie",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1506",
             "url": "https://attack.mitre.org/techniques/T1506",
             "deprecated": true
@@ -5040,6 +5664,7 @@ export const intel = {
             "stixId": "attack-pattern--c615231b-f253-4f58-9d47-d5b4cbdb6839",
             "name": "Install Root Certificate",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1553.004",
             "url": "https://attack.mitre.org/techniques/T1553/004",
             "deprecated": false
@@ -5048,6 +5673,7 @@ export const intel = {
             "stixId": "attack-pattern--c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
             "name": "Network Logon Script",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1037.003",
             "url": "https://attack.mitre.org/techniques/T1037/003",
             "deprecated": false
@@ -5056,6 +5682,7 @@ export const intel = {
             "stixId": "attack-pattern--c675646d-e204-4aa8-978d-e3d6d65885c4",
             "name": "Endpoint Denial of Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1499",
             "url": "https://attack.mitre.org/techniques/T1499",
             "deprecated": false
@@ -5064,6 +5691,7 @@ export const intel = {
             "stixId": "attack-pattern--c726e0a2-a57a-4b7b-a973-d0f013246617",
             "name": "Compile After Delivery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.004",
             "url": "https://attack.mitre.org/techniques/T1027/004",
             "deprecated": false
@@ -5072,6 +5700,7 @@ export const intel = {
             "stixId": "attack-pattern--c848fcf7-6b62-4bde-8216-b6c157d48da0",
             "name": "Uncommonly Used Port",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1065",
             "url": "https://attack.mitre.org/techniques/T1065",
             "deprecated": true
@@ -5080,6 +5709,7 @@ export const intel = {
             "stixId": "attack-pattern--c877e33f-1df6-40d6-b1e7-ce70f16f4979",
             "name": "System Location Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1614",
             "url": "https://attack.mitre.org/techniques/T1614",
             "deprecated": false
@@ -5088,6 +5718,7 @@ export const intel = {
             "stixId": "attack-pattern--c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b",
             "name": "VBA Stomping",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.007",
             "url": "https://attack.mitre.org/techniques/T1564/007",
             "deprecated": false
@@ -5096,6 +5727,7 @@ export const intel = {
             "stixId": "attack-pattern--c8e87b83-edbb-48d4-9295-4974897525b7",
             "name": "BITS Jobs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1197",
             "url": "https://attack.mitre.org/techniques/T1197",
             "deprecated": false
@@ -5104,6 +5736,7 @@ export const intel = {
             "stixId": "attack-pattern--c92e3d68-2349-49e4-a341-7edca2deff96",
             "name": "MSBuild",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1127.001",
             "url": "https://attack.mitre.org/techniques/T1127/001",
             "deprecated": false
@@ -5112,6 +5745,7 @@ export const intel = {
             "stixId": "attack-pattern--ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
             "name": "Bypass User Account Control",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1088",
             "url": "https://attack.mitre.org/techniques/T1088",
             "deprecated": true
@@ -5120,6 +5754,7 @@ export const intel = {
             "stixId": "attack-pattern--ca205a36-c1ad-488b-aa6c-ab34bdd3a36b",
             "name": "Runtime Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1494",
             "url": "https://attack.mitre.org/techniques/T1494",
             "deprecated": true
@@ -5128,6 +5763,7 @@ export const intel = {
             "stixId": "attack-pattern--ca9d3402-ada3-484d-876a-d717bd6e05f2",
             "name": "Domain Fronting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1090.004",
             "url": "https://attack.mitre.org/techniques/T1090/004",
             "deprecated": false
@@ -5136,6 +5772,7 @@ export const intel = {
             "stixId": "attack-pattern--cabe189c-a0e3-4965-a473-dcff00f17213",
             "name": "ARP Cache Poisoning",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1557.002",
             "url": "https://attack.mitre.org/techniques/T1557/002",
             "deprecated": false
@@ -5144,6 +5781,7 @@ export const intel = {
             "stixId": "attack-pattern--cacc40da-4c9e-462c-80d5-fd70a178b12d",
             "name": "Disable Cloud Logs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1562.008",
             "url": "https://attack.mitre.org/techniques/T1562/008",
             "deprecated": false
@@ -5152,6 +5790,7 @@ export const intel = {
             "stixId": "attack-pattern--cba37adb-d6fb-4610-b069-dd04c0643384",
             "name": "Security Software Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1518.001",
             "url": "https://attack.mitre.org/techniques/T1518/001",
             "deprecated": false
@@ -5160,6 +5799,7 @@ export const intel = {
             "stixId": "attack-pattern--cbb66055-0325-4111-aca0-40547b6ad5b0",
             "name": "Hidden Window",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.003",
             "url": "https://attack.mitre.org/techniques/T1564/003",
             "deprecated": false
@@ -5168,6 +5808,7 @@ export const intel = {
             "stixId": "attack-pattern--cc1e737c-236c-4e3b-83ba-32039a626ef8",
             "name": "Transmitted Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1493",
             "url": "https://attack.mitre.org/techniques/T1493",
             "deprecated": true
@@ -5176,6 +5817,7 @@ export const intel = {
             "stixId": "attack-pattern--cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
             "name": "Python",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.006",
             "url": "https://attack.mitre.org/techniques/T1059/006",
             "deprecated": false
@@ -5184,6 +5826,7 @@ export const intel = {
             "stixId": "attack-pattern--cc723aff-ec88-40e3-a224-5af9fd983cc4",
             "name": "Identify Roles",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1591.004",
             "url": "https://attack.mitre.org/techniques/T1591/004",
             "deprecated": false
@@ -5192,6 +5835,7 @@ export const intel = {
             "stixId": "attack-pattern--cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
             "name": "Data Encoding",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1132",
             "url": "https://attack.mitre.org/techniques/T1132",
             "deprecated": false
@@ -5200,6 +5844,7 @@ export const intel = {
             "stixId": "attack-pattern--cc89ecbd-3d33-4a41-bcca-001e702d18fd",
             "name": "AppInit DLLs",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.010",
             "url": "https://attack.mitre.org/techniques/T1546/010",
             "deprecated": false
@@ -5208,6 +5853,7 @@ export const intel = {
             "stixId": "attack-pattern--cca0ccb6-a068-4574-a722-b1556f86833a",
             "name": "Phishing for Information",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1598",
             "url": "https://attack.mitre.org/techniques/T1598",
             "deprecated": false
@@ -5216,6 +5862,7 @@ export const intel = {
             "stixId": "attack-pattern--cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
             "name": "Resource Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1496",
             "url": "https://attack.mitre.org/techniques/T1496",
             "deprecated": false
@@ -5224,6 +5871,7 @@ export const intel = {
             "stixId": "attack-pattern--cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8",
             "name": "Establish Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1585",
             "url": "https://attack.mitre.org/techniques/T1585",
             "deprecated": false
@@ -5232,6 +5880,7 @@ export const intel = {
             "stixId": "attack-pattern--ce0687a0-e692-4b77-964a-0784a8e54ff1",
             "name": "Obtain Capabilities",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588",
             "url": "https://attack.mitre.org/techniques/T1588",
             "deprecated": false
@@ -5240,6 +5889,7 @@ export const intel = {
             "stixId": "attack-pattern--ce4b7013-640e-48a9-b501-d0025a95f4bf",
             "name": "Screensaver",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.002",
             "url": "https://attack.mitre.org/techniques/T1546/002",
             "deprecated": false
@@ -5248,6 +5898,7 @@ export const intel = {
             "stixId": "attack-pattern--ce73ea43-8e77-47ba-9c11-5e9c9c58b9ff",
             "name": "Hidden Users",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1147",
             "url": "https://attack.mitre.org/techniques/T1147",
             "deprecated": true
@@ -5256,6 +5907,7 @@ export const intel = {
             "stixId": "attack-pattern--cf1c2504-433f-4c4e-a1f8-91de45a0318c",
             "name": "Create Cloud Instance",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1578.002",
             "url": "https://attack.mitre.org/techniques/T1578/002",
             "deprecated": false
@@ -5264,6 +5916,7 @@ export const intel = {
             "stixId": "attack-pattern--cf7b3a06-8b42-4c33-bbe9-012120027925",
             "name": "Compile After Delivery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1500",
             "url": "https://attack.mitre.org/techniques/T1500",
             "deprecated": true
@@ -5272,6 +5925,7 @@ export const intel = {
             "stixId": "attack-pattern--cff94884-3b1c-4987-a70b-6d5643c621c3",
             "name": "Code Repositories",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1213.003",
             "url": "https://attack.mitre.org/techniques/T1213/003",
             "deprecated": false
@@ -5280,6 +5934,7 @@ export const intel = {
             "stixId": "attack-pattern--d0613359-5781-4fd2-b5be-c269270be1f6",
             "name": "Transmitted Data Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1565.002",
             "url": "https://attack.mitre.org/techniques/T1565/002",
             "deprecated": false
@@ -5288,6 +5943,7 @@ export const intel = {
             "stixId": "attack-pattern--d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4",
             "name": "/etc/passwd and /etc/shadow",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.008",
             "url": "https://attack.mitre.org/techniques/T1003/008",
             "deprecated": false
@@ -5296,6 +5952,7 @@ export const intel = {
             "stixId": "attack-pattern--d10cbd34-42e3-45c0-84d2-535a09849584",
             "name": "Launch Agent",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1543.001",
             "url": "https://attack.mitre.org/techniques/T1543/001",
             "deprecated": false
@@ -5304,6 +5961,7 @@ export const intel = {
             "stixId": "attack-pattern--d157f9d2-d09a-4efa-bb2a-64963f94e253",
             "name": "System Services",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1569",
             "url": "https://attack.mitre.org/techniques/T1569",
             "deprecated": false
@@ -5312,6 +5970,7 @@ export const intel = {
             "stixId": "attack-pattern--d1fcf083-a721-4223-aedf-bf8960798d62",
             "name": "Windows Command Shell",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.003",
             "url": "https://attack.mitre.org/techniques/T1059/003",
             "deprecated": false
@@ -5320,6 +5979,7 @@ export const intel = {
             "stixId": "attack-pattern--d201d4cc-214d-4a74-a1ba-b3fa09fd4591",
             "name": "Proc Memory",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.009",
             "url": "https://attack.mitre.org/techniques/T1055/009",
             "deprecated": false
@@ -5328,6 +5988,7 @@ export const intel = {
             "stixId": "attack-pattern--d21a2069-23d5-4043-ad6d-64f6b644cb1a",
             "name": "Compiled HTML File",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1223",
             "url": "https://attack.mitre.org/techniques/T1223",
             "deprecated": true
@@ -5336,6 +5997,7 @@ export const intel = {
             "stixId": "attack-pattern--d21bb61f-08ad-4dc1-b001-81ca6cb79954",
             "name": "Acquire Access",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1650",
             "url": "https://attack.mitre.org/techniques/T1650",
             "deprecated": false
@@ -5344,6 +6006,7 @@ export const intel = {
             "stixId": "attack-pattern--d245808a-7086-4310-984a-a84aaaa43f8f",
             "name": "Patch System Image",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1601.001",
             "url": "https://attack.mitre.org/techniques/T1601/001",
             "deprecated": false
@@ -5352,6 +6015,7 @@ export const intel = {
             "stixId": "attack-pattern--d273434a-448e-4598-8e14-607f4a0d5e27",
             "name": "Silver Ticket",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1558.002",
             "url": "https://attack.mitre.org/techniques/T1558/002",
             "deprecated": false
@@ -5360,6 +6024,7 @@ export const intel = {
             "stixId": "attack-pattern--d28ef391-8ed4-45dc-bc4a-2f43abf54416",
             "name": "Data from Information Repositories",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1213",
             "url": "https://attack.mitre.org/techniques/T1213",
             "deprecated": false
@@ -5368,6 +6033,7 @@ export const intel = {
             "stixId": "attack-pattern--d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
             "name": "Clear Persistence",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.009",
             "url": "https://attack.mitre.org/techniques/T1070/009",
             "deprecated": false
@@ -5376,6 +6042,7 @@ export const intel = {
             "stixId": "attack-pattern--d3046a90-580c-4004-8208-66915bc29830",
             "name": "Clear Command History",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1146",
             "url": "https://attack.mitre.org/techniques/T1146",
             "deprecated": true
@@ -5384,6 +6051,7 @@ export const intel = {
             "stixId": "attack-pattern--d336b553-5da9-46ca-98a8-0b23f49fb447",
             "name": "Windows Credential Manager",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1555.004",
             "url": "https://attack.mitre.org/techniques/T1555/004",
             "deprecated": false
@@ -5392,6 +6060,7 @@ export const intel = {
             "stixId": "attack-pattern--d376668f-b208-42de-b1f5-fdfe0ad4b753",
             "name": "Emond",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1519",
             "url": "https://attack.mitre.org/techniques/T1519",
             "deprecated": true
@@ -5400,6 +6069,7 @@ export const intel = {
             "stixId": "attack-pattern--d3df754e-997b-4cf9-97d4-70feb3120847",
             "name": "Spearphishing via Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1194",
             "url": "https://attack.mitre.org/techniques/T1194",
             "deprecated": true
@@ -5408,6 +6078,7 @@ export const intel = {
             "stixId": "attack-pattern--d40239b3-05ff-46d8-9bdd-b46d13463ef9",
             "name": "Hardware Additions",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1200",
             "url": "https://attack.mitre.org/techniques/T1200",
             "deprecated": false
@@ -5416,6 +6087,7 @@ export const intel = {
             "stixId": "attack-pattern--d456de47-a16f-4e46-8980-e67478a12dcb",
             "name": "Server Software Component",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1505",
             "url": "https://attack.mitre.org/techniques/T1505",
             "deprecated": false
@@ -5424,6 +6096,7 @@ export const intel = {
             "stixId": "attack-pattern--d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
             "name": "Data Destruction",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1485",
             "url": "https://attack.mitre.org/techniques/T1485",
             "deprecated": false
@@ -5432,6 +6105,7 @@ export const intel = {
             "stixId": "attack-pattern--d467bc38-284b-4a00-96ac-125f447799fc",
             "name": "Non-Standard Encoding",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1132.002",
             "url": "https://attack.mitre.org/techniques/T1132/002",
             "deprecated": false
@@ -5440,6 +6114,7 @@ export const intel = {
             "stixId": "attack-pattern--d4b96d2c-1032-4b22-9235-2b5b649d0605",
             "name": "Domain Controller Authentication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.001",
             "url": "https://attack.mitre.org/techniques/T1556/001",
             "deprecated": false
@@ -5448,6 +6123,7 @@ export const intel = {
             "stixId": "attack-pattern--d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
             "name": "Transfer Data to Cloud Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1537",
             "url": "https://attack.mitre.org/techniques/T1537",
             "deprecated": false
@@ -5456,6 +6132,7 @@ export const intel = {
             "stixId": "attack-pattern--d4dc46e3-5ba5-45b9-8204-010867cacfcb",
             "name": "HTML Smuggling",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.006",
             "url": "https://attack.mitre.org/techniques/T1027/006",
             "deprecated": false
@@ -5464,6 +6141,7 @@ export const intel = {
             "stixId": "attack-pattern--d50955c2-272d-4ac8-95da-10c29dda1c48",
             "name": "Reversible Encryption",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.005",
             "url": "https://attack.mitre.org/techniques/T1556/005",
             "deprecated": false
@@ -5472,6 +6150,7 @@ export const intel = {
             "stixId": "attack-pattern--d511a6f6-4a33-41d5-bc95-c343875d1377",
             "name": "Command Obfuscation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.010",
             "url": "https://attack.mitre.org/techniques/T1027/010",
             "deprecated": false
@@ -5480,6 +6159,7 @@ export const intel = {
             "stixId": "attack-pattern--d519cfd5-f3a8-43a9-a846-ed0bb40672b1",
             "name": "Install Root Certificate",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1130",
             "url": "https://attack.mitre.org/techniques/T1130",
             "deprecated": true
@@ -5488,6 +6168,7 @@ export const intel = {
             "stixId": "attack-pattern--d54416bd-0803-41ca-870a-ce1af7c05638",
             "name": "Data Encrypted",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1022",
             "url": "https://attack.mitre.org/techniques/T1022",
             "deprecated": true
@@ -5496,6 +6177,7 @@ export const intel = {
             "stixId": "attack-pattern--d63a3fb8-9452-4e9d-a60a-54be68d5998c",
             "name": "File Deletion",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1070.004",
             "url": "https://attack.mitre.org/techniques/T1070/004",
             "deprecated": false
@@ -5504,6 +6186,7 @@ export const intel = {
             "stixId": "attack-pattern--d742a578-d70e-4d0e-96a6-02a9c30204e6",
             "name": "Drive-by Compromise",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1189",
             "url": "https://attack.mitre.org/techniques/T1189",
             "deprecated": false
@@ -5512,6 +6195,7 @@ export const intel = {
             "stixId": "attack-pattern--d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
             "name": "Network Denial of Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1498",
             "url": "https://attack.mitre.org/techniques/T1498",
             "deprecated": false
@@ -5520,6 +6204,7 @@ export const intel = {
             "stixId": "attack-pattern--d94b3ae9-8059-4989-8e9f-ea0f601f80a7",
             "name": "Cloud Administration Command",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1651",
             "url": "https://attack.mitre.org/techniques/T1651",
             "deprecated": false
@@ -5528,6 +6213,7 @@ export const intel = {
             "stixId": "attack-pattern--da051493-ae9c-4b1b-9760-c009c46c9b56",
             "name": "Installer Packages",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.016",
             "url": "https://attack.mitre.org/techniques/T1546/016",
             "deprecated": false
@@ -5536,6 +6222,7 @@ export const intel = {
             "stixId": "attack-pattern--db8f5003-3b20-48f0-9b76-123e44208120",
             "name": "Scanning IP Blocks",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1595.001",
             "url": "https://attack.mitre.org/techniques/T1595/001",
             "deprecated": false
@@ -5544,6 +6231,7 @@ export const intel = {
             "stixId": "attack-pattern--dc27c2ec-c5f9-4228-ba57-d67b590bda93",
             "name": "Hidden Files and Directories",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1158",
             "url": "https://attack.mitre.org/techniques/T1158",
             "deprecated": true
@@ -5552,6 +6240,7 @@ export const intel = {
             "stixId": "attack-pattern--dc31fe1e-d722-49da-8f5f-92c7b5aff534",
             "name": "Template Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1221",
             "url": "https://attack.mitre.org/techniques/T1221",
             "deprecated": false
@@ -5560,6 +6249,7 @@ export const intel = {
             "stixId": "attack-pattern--dca670cf-eeec-438f-8185-fd959d9ef211",
             "name": "RC Scripts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1037.004",
             "url": "https://attack.mitre.org/techniques/T1037/004",
             "deprecated": false
@@ -5568,6 +6258,7 @@ export const intel = {
             "stixId": "attack-pattern--dcaa092b-7de9-4a21-977f-7fcb77e89c48",
             "name": "Access Token Manipulation",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1134",
             "url": "https://attack.mitre.org/techniques/T1134",
             "deprecated": false
@@ -5576,6 +6267,7 @@ export const intel = {
             "stixId": "attack-pattern--dce31a00-1e90-4655-b0f9-e2e71a748a87",
             "name": "Time Providers",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1209",
             "url": "https://attack.mitre.org/techniques/T1209",
             "deprecated": true
@@ -5584,6 +6276,7 @@ export const intel = {
             "stixId": "attack-pattern--dd43c543-bb85-4a6f-aa6e-160d90d06a49",
             "name": "Multi-Factor Authentication Interception",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1111",
             "url": "https://attack.mitre.org/techniques/T1111",
             "deprecated": false
@@ -5592,6 +6285,7 @@ export const intel = {
             "stixId": "attack-pattern--dd901512-6e37-4155-943b-453e3777b125",
             "name": "Launch Agent",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1159",
             "url": "https://attack.mitre.org/techniques/T1159",
             "deprecated": true
@@ -5600,6 +6294,7 @@ export const intel = {
             "stixId": "attack-pattern--deb98323-e13f-4b0c-8d94-175379069062",
             "name": "Software Packing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.002",
             "url": "https://attack.mitre.org/techniques/T1027/002",
             "deprecated": false
@@ -5608,6 +6303,7 @@ export const intel = {
             "stixId": "attack-pattern--df1bc34d-1634-4c93-b89e-8120994fce77",
             "name": "Serverless",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.007",
             "url": "https://attack.mitre.org/techniques/T1584/007",
             "deprecated": false
@@ -5616,6 +6312,7 @@ export const intel = {
             "stixId": "attack-pattern--df8b2a25-8bdf-4856-953c-a04372b1c161",
             "name": "Web Protocols",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1071.001",
             "url": "https://attack.mitre.org/techniques/T1071/001",
             "deprecated": false
@@ -5624,6 +6321,7 @@ export const intel = {
             "stixId": "attack-pattern--dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
             "name": "Visual Basic",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1059.005",
             "url": "https://attack.mitre.org/techniques/T1059/005",
             "deprecated": false
@@ -5632,6 +6330,7 @@ export const intel = {
             "stixId": "attack-pattern--dfebc3b7-d19d-450b-81c7-6dafe4184c04",
             "name": "Hidden File System",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.005",
             "url": "https://attack.mitre.org/techniques/T1564/005",
             "deprecated": false
@@ -5640,6 +6339,7 @@ export const intel = {
             "stixId": "attack-pattern--dfefe2ed-4389-4318-8762-f0272b350a1b",
             "name": "Systemd Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1543.002",
             "url": "https://attack.mitre.org/techniques/T1543/002",
             "deprecated": false
@@ -5648,6 +6348,7 @@ export const intel = {
             "stixId": "attack-pattern--e0033c16-a07e-48aa-8204-7c3ca669998c",
             "name": "RDP Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1563.002",
             "url": "https://attack.mitre.org/techniques/T1563/002",
             "deprecated": false
@@ -5656,6 +6357,7 @@ export const intel = {
             "stixId": "attack-pattern--e01be9c5-e763-4caf-aeb7-000b416aef67",
             "name": "Create Account",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1136",
             "url": "https://attack.mitre.org/techniques/T1136",
             "deprecated": false
@@ -5664,6 +6366,7 @@ export const intel = {
             "stixId": "attack-pattern--e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
             "name": "XDG Autostart Entries",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.013",
             "url": "https://attack.mitre.org/techniques/T1547/013",
             "deprecated": false
@@ -5672,6 +6375,7 @@ export const intel = {
             "stixId": "attack-pattern--e196b5c5-8118-4a1c-ab8a-936586ce3db5",
             "name": "Server",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.004",
             "url": "https://attack.mitre.org/techniques/T1584/004",
             "deprecated": false
@@ -5680,6 +6384,7 @@ export const intel = {
             "stixId": "attack-pattern--e24fcba8-2557-4442-a139-1ee2f2e784db",
             "name": "Cloud Service Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1526",
             "url": "https://attack.mitre.org/techniques/T1526",
             "deprecated": false
@@ -5688,6 +6393,7 @@ export const intel = {
             "stixId": "attack-pattern--e2907cea-4b43-4ed7-a570-0fdf0fbeea00",
             "name": "Space after Filename",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1151",
             "url": "https://attack.mitre.org/techniques/T1151",
             "deprecated": true
@@ -5696,6 +6402,7 @@ export const intel = {
             "stixId": "attack-pattern--e358d692-23c0-4a31-9eb6-ecc13a8d7735",
             "name": "Remote System Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1018",
             "url": "https://attack.mitre.org/techniques/T1018",
             "deprecated": false
@@ -5704,6 +6411,7 @@ export const intel = {
             "stixId": "attack-pattern--e3a12395-188d-4051-9a16-ea8e14d07b88",
             "name": "Network Service Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1046",
             "url": "https://attack.mitre.org/techniques/T1046",
             "deprecated": false
@@ -5712,6 +6420,7 @@ export const intel = {
             "stixId": "attack-pattern--e3b168bd-fcd7-439e-9382-2e6c2f63514d",
             "name": "Domain Properties",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1590.001",
             "url": "https://attack.mitre.org/techniques/T1590/001",
             "deprecated": false
@@ -5720,6 +6429,7 @@ export const intel = {
             "stixId": "attack-pattern--e3b6daca-e963-4a69-aee6-ed4fd653ad58",
             "name": "Software Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1518",
             "url": "https://attack.mitre.org/techniques/T1518",
             "deprecated": false
@@ -5728,6 +6438,7 @@ export const intel = {
             "stixId": "attack-pattern--e49920b0-6c54-40c1-9571-73723653205f",
             "name": "Cloud Service Dashboard",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1538",
             "url": "https://attack.mitre.org/techniques/T1538",
             "deprecated": false
@@ -5736,6 +6447,7 @@ export const intel = {
             "stixId": "attack-pattern--e49ee9d2-0d98-44ef-85e5-5d3100065744",
             "name": "Thread Local Storage",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.005",
             "url": "https://attack.mitre.org/techniques/T1055/005",
             "deprecated": false
@@ -5744,6 +6456,7 @@ export const intel = {
             "stixId": "attack-pattern--e4dc8c01-417f-458d-9ee0-bb0617c1b391",
             "name": "Debugger Evasion",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1622",
             "url": "https://attack.mitre.org/techniques/T1622",
             "deprecated": false
@@ -5752,6 +6465,7 @@ export const intel = {
             "stixId": "attack-pattern--e51137a5-1cdc-499e-911a-abaedaa5ac86",
             "name": "Space after Filename",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1036.006",
             "url": "https://attack.mitre.org/techniques/T1036/006",
             "deprecated": false
@@ -5760,6 +6474,7 @@ export const intel = {
             "stixId": "attack-pattern--e5cc9e7a-e61a-46a1-b869-55fb6eab058e",
             "name": "Re-opened Applications",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.007",
             "url": "https://attack.mitre.org/techniques/T1547/007",
             "deprecated": false
@@ -5768,6 +6483,7 @@ export const intel = {
             "stixId": "attack-pattern--e5d550f3-2202-4634-85f2-4a200a1d49b3",
             "name": "SEO Poisoning",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1608.006",
             "url": "https://attack.mitre.org/techniques/T1608/006",
             "deprecated": false
@@ -5776,6 +6492,7 @@ export const intel = {
             "stixId": "attack-pattern--e624264c-033a-424d-9fd7-fc9c3bbdb03e",
             "name": "Pass the Hash",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1550.002",
             "url": "https://attack.mitre.org/techniques/T1550/002",
             "deprecated": false
@@ -5784,6 +6501,7 @@ export const intel = {
             "stixId": "attack-pattern--e6415f09-df0e-48de-9aba-928c902b7549",
             "name": "Exfiltration Over Physical Medium",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1052",
             "url": "https://attack.mitre.org/techniques/T1052",
             "deprecated": false
@@ -5792,6 +6510,7 @@ export const intel = {
             "stixId": "attack-pattern--e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
             "name": "DLL Side-Loading",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.002",
             "url": "https://attack.mitre.org/techniques/T1574/002",
             "deprecated": false
@@ -5800,6 +6519,7 @@ export const intel = {
             "stixId": "attack-pattern--e6919abc-99f9-4c6c-95a5-14761e7b2add",
             "name": "Ingress Tool Transfer",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1105",
             "url": "https://attack.mitre.org/techniques/T1105",
             "deprecated": false
@@ -5808,6 +6528,7 @@ export const intel = {
             "stixId": "attack-pattern--e74de37c-a829-446c-937d-56a44f0e9306",
             "name": "Additional Email Delegate Permissions",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1098.002",
             "url": "https://attack.mitre.org/techniques/T1098/002",
             "deprecated": false
@@ -5816,6 +6537,7 @@ export const intel = {
             "stixId": "attack-pattern--e7cbc1de-1f79-48ee-abfd-da1241c65a15",
             "name": "Code Signing Certificates",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588.003",
             "url": "https://attack.mitre.org/techniques/T1588/003",
             "deprecated": false
@@ -5824,6 +6546,7 @@ export const intel = {
             "stixId": "attack-pattern--e7eab98d-ae11-4491-bd28-a53ba875865a",
             "name": "Network Share Connection Removal",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1126",
             "url": "https://attack.mitre.org/techniques/T1126",
             "deprecated": true
@@ -5832,6 +6555,7 @@ export const intel = {
             "stixId": "attack-pattern--e848506b-8484-4410-8017-3d235a52f5b3",
             "name": "Serverless Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1648",
             "url": "https://attack.mitre.org/techniques/T1648",
             "deprecated": false
@@ -5840,6 +6564,7 @@ export const intel = {
             "stixId": "attack-pattern--e906ae4d-1d3a-4675-be23-22f7311c0da4",
             "name": "Windows Management Instrumentation Event Subscription",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1084",
             "url": "https://attack.mitre.org/techniques/T1084",
             "deprecated": true
@@ -5848,6 +6573,7 @@ export const intel = {
             "stixId": "attack-pattern--e99ec083-abdd-48de-ad87-4dbf6f8ba2a4",
             "name": "Launch Daemon",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1160",
             "url": "https://attack.mitre.org/techniques/T1160",
             "deprecated": true
@@ -5856,6 +6582,7 @@ export const intel = {
             "stixId": "attack-pattern--ea016b56-ae0e-47fe-967a-cc0ad51af67f",
             "name": "Ptrace System Calls",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.008",
             "url": "https://attack.mitre.org/techniques/T1055/008",
             "deprecated": false
@@ -5864,6 +6591,7 @@ export const intel = {
             "stixId": "attack-pattern--ea4c2f9c-9df1-477c-8c42-6da1118f2ac4",
             "name": "Dynamic API Resolution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1027.007",
             "url": "https://attack.mitre.org/techniques/T1027/007",
             "deprecated": false
@@ -5872,6 +6600,7 @@ export const intel = {
             "stixId": "attack-pattern--eb062747-2193-45de-8fa2-e62549c37ddf",
             "name": "Remote Desktop Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1021.001",
             "url": "https://attack.mitre.org/techniques/T1021/001",
             "deprecated": false
@@ -5880,6 +6609,7 @@ export const intel = {
             "stixId": "attack-pattern--eb125d40-0b2d-41ac-a71a-3229241c2cd3",
             "name": "Logon Script (Windows)",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1037.001",
             "url": "https://attack.mitre.org/techniques/T1037/001",
             "deprecated": false
@@ -5888,6 +6618,7 @@ export const intel = {
             "stixId": "attack-pattern--eb2cb5cb-ae87-4de0-8c35-da2a17aafb99",
             "name": "ListPlanting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.015",
             "url": "https://attack.mitre.org/techniques/T1055/015",
             "deprecated": false
@@ -5896,6 +6627,7 @@ export const intel = {
             "stixId": "attack-pattern--ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
             "name": "Domain Policy Modification",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1484",
             "url": "https://attack.mitre.org/techniques/T1484",
             "deprecated": false
@@ -5904,6 +6636,7 @@ export const intel = {
             "stixId": "attack-pattern--ebbe170d-aa74-4946-8511-9921243415a3",
             "name": "XSL Script Processing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1220",
             "url": "https://attack.mitre.org/techniques/T1220",
             "deprecated": false
@@ -5912,6 +6645,7 @@ export const intel = {
             "stixId": "attack-pattern--ec4be82f-940c-4dcb-87fe-2bbdd17c692f",
             "name": "Scan Databases",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1596.005",
             "url": "https://attack.mitre.org/techniques/T1596/005",
             "deprecated": false
@@ -5920,6 +6654,7 @@ export const intel = {
             "stixId": "attack-pattern--ec8fc7e2-b356-455c-8db5-2e37be158e7d",
             "name": "Hidden Files and Directories",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.001",
             "url": "https://attack.mitre.org/techniques/T1564/001",
             "deprecated": false
@@ -5928,6 +6663,7 @@ export const intel = {
             "stixId": "attack-pattern--ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1",
             "name": "Create Snapshot",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1578.001",
             "url": "https://attack.mitre.org/techniques/T1578/001",
             "deprecated": false
@@ -5936,6 +6672,7 @@ export const intel = {
             "stixId": "attack-pattern--ed730f20-0e44-48b9-85f8-0e2adeb76867",
             "name": "Determine Physical Locations",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1591.001",
             "url": "https://attack.mitre.org/techniques/T1591/001",
             "deprecated": false
@@ -5944,6 +6681,7 @@ export const intel = {
             "stixId": "attack-pattern--ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
             "name": "Office Test",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1137.002",
             "url": "https://attack.mitre.org/techniques/T1137/002",
             "deprecated": false
@@ -5952,6 +6690,7 @@ export const intel = {
             "stixId": "attack-pattern--edadea33-549c-4ed1-9783-8f5a5853cbdf",
             "name": "Develop Capabilities",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1587",
             "url": "https://attack.mitre.org/techniques/T1587",
             "deprecated": false
@@ -5960,6 +6699,7 @@ export const intel = {
             "stixId": "attack-pattern--edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
             "name": "Dynamic Data Exchange",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1173",
             "url": "https://attack.mitre.org/techniques/T1173",
             "deprecated": true
@@ -5968,6 +6708,7 @@ export const intel = {
             "stixId": "attack-pattern--edf91964-b26e-4b4a-9600-ccacd7d7df24",
             "name": "NTDS",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.003",
             "url": "https://attack.mitre.org/techniques/T1003/003",
             "deprecated": false
@@ -5976,6 +6717,7 @@ export const intel = {
             "stixId": "attack-pattern--ee7ff928-801c-4f34-8a99-3df965e581a5",
             "name": "SNMP (MIB Dump)",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1602.001",
             "url": "https://attack.mitre.org/techniques/T1602/001",
             "deprecated": false
@@ -5984,6 +6726,7 @@ export const intel = {
             "stixId": "attack-pattern--eec23884-3fa1-4d8a-ac50-6f104d51e235",
             "name": "Steganography",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1001.002",
             "url": "https://attack.mitre.org/techniques/T1001/002",
             "deprecated": false
@@ -5992,6 +6735,7 @@ export const intel = {
             "stixId": "attack-pattern--ef67e13e-5598-4adc-bdb2-998225874fa9",
             "name": "Malicious Link",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1204.001",
             "url": "https://attack.mitre.org/techniques/T1204/001",
             "deprecated": false
@@ -6000,6 +6744,7 @@ export const intel = {
             "stixId": "attack-pattern--f005e783-57d4-4837-88ad-dbe7faee1c51",
             "name": "Application Access Token",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1550.001",
             "url": "https://attack.mitre.org/techniques/T1550/001",
             "deprecated": false
@@ -6008,6 +6753,7 @@ export const intel = {
             "stixId": "attack-pattern--f0589bc3-a6ae-425a-a3d5-5659bfee07f4",
             "name": "LSASS Driver",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1547.008",
             "url": "https://attack.mitre.org/techniques/T1547/008",
             "deprecated": false
@@ -6016,6 +6762,7 @@ export const intel = {
             "stixId": "attack-pattern--f1951e8a-500e-4a26-8803-76d95c4554b4",
             "name": "Service Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1569.002",
             "url": "https://attack.mitre.org/techniques/T1569/002",
             "deprecated": false
@@ -6024,6 +6771,7 @@ export const intel = {
             "stixId": "attack-pattern--f232fa7a-025c-4d43-abc7-318e81a73d65",
             "name": "Cloud Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1078.004",
             "url": "https://attack.mitre.org/techniques/T1078/004",
             "deprecated": false
@@ -6032,6 +6780,7 @@ export const intel = {
             "stixId": "attack-pattern--f244b8dd-af6c-4391-a497-fc03627ce995",
             "name": "Environmental Keying",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1480.001",
             "url": "https://attack.mitre.org/techniques/T1480/001",
             "deprecated": false
@@ -6040,6 +6789,7 @@ export const intel = {
             "stixId": "attack-pattern--f24faf46-3b26-4dbb-98f2-63460498e433",
             "name": "Fallback Channels",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1008",
             "url": "https://attack.mitre.org/techniques/T1008",
             "deprecated": false
@@ -6048,6 +6798,7 @@ export const intel = {
             "stixId": "attack-pattern--f2857333-11d4-45bf-b064-2c28d8525be5",
             "name": "NTFS File Attributes",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.004",
             "url": "https://attack.mitre.org/techniques/T1564/004",
             "deprecated": false
@@ -6056,6 +6807,7 @@ export const intel = {
             "stixId": "attack-pattern--f2877f7f-9a4c-4251-879f-1224e3006bee",
             "name": "Kerberoasting",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1558.003",
             "url": "https://attack.mitre.org/techniques/T1558/003",
             "deprecated": false
@@ -6064,6 +6816,7 @@ export const intel = {
             "stixId": "attack-pattern--f2d44246-91f1-478a-b6c8-1227e0ca109d",
             "name": "NTFS File Attributes",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1096",
             "url": "https://attack.mitre.org/techniques/T1096",
             "deprecated": true
@@ -6072,6 +6825,7 @@ export const intel = {
             "stixId": "attack-pattern--f303a39a-6255-4b89-aecc-18c4d8ca7163",
             "name": "DCSync",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1003.006",
             "url": "https://attack.mitre.org/techniques/T1003/006",
             "deprecated": false
@@ -6080,6 +6834,7 @@ export const intel = {
             "stixId": "attack-pattern--f3c544dc-673c-4ef3-accb-53229f1ae077",
             "name": "System Time Discovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1124",
             "url": "https://attack.mitre.org/techniques/T1124",
             "deprecated": false
@@ -6088,6 +6843,7 @@ export const intel = {
             "stixId": "attack-pattern--f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
             "name": "At",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1053.002",
             "url": "https://attack.mitre.org/techniques/T1053/002",
             "deprecated": false
@@ -6096,6 +6852,7 @@ export const intel = {
             "stixId": "attack-pattern--f44731de-ea9f-406d-9b83-30ecbb9b4392",
             "name": "Service Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1035",
             "url": "https://attack.mitre.org/techniques/T1035",
             "deprecated": true
@@ -6104,6 +6861,7 @@ export const intel = {
             "stixId": "attack-pattern--f4599aa0-4f85-4a32-80ea-fc39dc965945",
             "name": "Dynamic-link Library Injection",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1055.001",
             "url": "https://attack.mitre.org/techniques/T1055/001",
             "deprecated": false
@@ -6112,6 +6870,7 @@ export const intel = {
             "stixId": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
             "name": "PowerShell",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1086",
             "url": "https://attack.mitre.org/techniques/T1086",
             "deprecated": true
@@ -6120,6 +6879,7 @@ export const intel = {
             "stixId": "attack-pattern--f4b843c1-7e92-4701-8fed-ce82f8be2636",
             "name": "Exploits",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1588.005",
             "url": "https://attack.mitre.org/techniques/T1588/005",
             "deprecated": false
@@ -6128,6 +6888,7 @@ export const intel = {
             "stixId": "attack-pattern--f4c1826f-a322-41cd-9557-562100848c84",
             "name": "Modify Authentication Process",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556",
             "url": "https://attack.mitre.org/techniques/T1556",
             "deprecated": false
@@ -6136,6 +6897,7 @@ export const intel = {
             "stixId": "attack-pattern--f5946b5e-9408-485f-a7f7-b5efc88909b6",
             "name": "Credential API Hooking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1056.004",
             "url": "https://attack.mitre.org/techniques/T1056/004",
             "deprecated": false
@@ -6144,6 +6906,7 @@ export const intel = {
             "stixId": "attack-pattern--f5bb433e-bdf6-4781-84bc-35e97e43be89",
             "name": "Firmware Corruption",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1495",
             "url": "https://attack.mitre.org/techniques/T1495",
             "deprecated": false
@@ -6152,6 +6915,7 @@ export const intel = {
             "stixId": "attack-pattern--f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
             "name": "Inhibit System Recovery",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1490",
             "url": "https://attack.mitre.org/techniques/T1490",
             "deprecated": false
@@ -6160,6 +6924,7 @@ export const intel = {
             "stixId": "attack-pattern--f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
             "name": "Netsh Helper DLL",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1546.007",
             "url": "https://attack.mitre.org/techniques/T1546/007",
             "deprecated": false
@@ -6168,6 +6933,7 @@ export const intel = {
             "stixId": "attack-pattern--f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
             "name": "Spearphishing via Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1566.003",
             "url": "https://attack.mitre.org/techniques/T1566/003",
             "deprecated": false
@@ -6176,6 +6942,7 @@ export const intel = {
             "stixId": "attack-pattern--f6dacc85-b37d-458e-b58d-74fc4bbf5755",
             "name": "Internal Proxy",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1090.001",
             "url": "https://attack.mitre.org/techniques/T1090/001",
             "deprecated": false
@@ -6184,6 +6951,7 @@ export const intel = {
             "stixId": "attack-pattern--f6fe9070-7a65-49ea-ae72-76292f42cebe",
             "name": "System Script Proxy Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1216",
             "url": "https://attack.mitre.org/techniques/T1216",
             "deprecated": false
@@ -6192,6 +6960,7 @@ export const intel = {
             "stixId": "attack-pattern--f72eb8a8-cd4c-461d-a814-3f862befbf00",
             "name": "Custom Command and Control Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1094",
             "url": "https://attack.mitre.org/techniques/T1094",
             "deprecated": true
@@ -6200,6 +6969,7 @@ export const intel = {
             "stixId": "attack-pattern--f7827069-0bf2-4764-af4f-23fae0d181b7",
             "name": "Dead Drop Resolver",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1102.001",
             "url": "https://attack.mitre.org/techniques/T1102/001",
             "deprecated": false
@@ -6208,6 +6978,7 @@ export const intel = {
             "stixId": "attack-pattern--f792d02f-813d-402b-86a5-ab98cb391d3b",
             "name": "InstallUtil",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1118",
             "url": "https://attack.mitre.org/techniques/T1118",
             "deprecated": true
@@ -6216,6 +6987,7 @@ export const intel = {
             "stixId": "attack-pattern--f7c0689c-4dbd-489b-81be-7cb7c7079ade",
             "name": "Junk Data",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1001.001",
             "url": "https://attack.mitre.org/techniques/T1001/001",
             "deprecated": false
@@ -6224,6 +6996,7 @@ export const intel = {
             "stixId": "attack-pattern--f870408c-b1cd-49c7-a5c7-0ef0fc496cc6",
             "name": "Spearphishing Service",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1598.001",
             "url": "https://attack.mitre.org/techniques/T1598/001",
             "deprecated": false
@@ -6232,6 +7005,7 @@ export const intel = {
             "stixId": "attack-pattern--f879d51c-5476-431c-aedf-f14d207e4d1e",
             "name": "Commonly Used Port",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1043",
             "url": "https://attack.mitre.org/techniques/T1043",
             "deprecated": true
@@ -6240,6 +7014,7 @@ export const intel = {
             "stixId": "attack-pattern--f8ef3a62-3f44-40a4-abca-761ab235c436",
             "name": "Container API",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1552.007",
             "url": "https://attack.mitre.org/techniques/T1552/007",
             "deprecated": false
@@ -6248,6 +7023,7 @@ export const intel = {
             "stixId": "attack-pattern--f9cc4d06-775f-4ee1-b401-4e2cc0da30ba",
             "name": "Domains",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1584.001",
             "url": "https://attack.mitre.org/techniques/T1584/001",
             "deprecated": false
@@ -6256,6 +7032,7 @@ export const intel = {
             "stixId": "attack-pattern--f9e9365a-9ca2-4d9c-8e7c-050d73d1101a",
             "name": "SQL Stored Procedures",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1505.001",
             "url": "https://attack.mitre.org/techniques/T1505/001",
             "deprecated": false
@@ -6264,6 +7041,7 @@ export const intel = {
             "stixId": "attack-pattern--fa44a152-ac48-441e-a524-dd7b04b8adcd",
             "name": "Network Device Authentication",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1556.004",
             "url": "https://attack.mitre.org/techniques/T1556/004",
             "deprecated": false
@@ -6272,6 +7050,7 @@ export const intel = {
             "stixId": "attack-pattern--fb640c43-aa6b-431e-a961-a279010424ac",
             "name": "Disk Content Wipe",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1561.001",
             "url": "https://attack.mitre.org/techniques/T1561/001",
             "deprecated": false
@@ -6280,6 +7059,7 @@ export const intel = {
             "stixId": "attack-pattern--fb8d023d-45be-47e9-bc51-f56bcae6435b",
             "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1048.003",
             "url": "https://attack.mitre.org/techniques/T1048/003",
             "deprecated": false
@@ -6288,6 +7068,7 @@ export const intel = {
             "stixId": "attack-pattern--fc742192-19e3-466c-9eb5-964a97b29490",
             "name": "Dylib Hijacking",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.004",
             "url": "https://attack.mitre.org/techniques/T1574/004",
             "deprecated": false
@@ -6296,6 +7077,7 @@ export const intel = {
             "stixId": "attack-pattern--fc74ba38-dc98-461f-8611-b3dbf9978e3d",
             "name": "Downgrade System Image",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1601.002",
             "url": "https://attack.mitre.org/techniques/T1601/002",
             "deprecated": false
@@ -6304,6 +7086,7 @@ export const intel = {
             "stixId": "attack-pattern--fdc47f44-dd32-4b99-af5f-209f556f63c2",
             "name": "Local Accounts",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1078.003",
             "url": "https://attack.mitre.org/techniques/T1078/003",
             "deprecated": false
@@ -6312,6 +7095,7 @@ export const intel = {
             "stixId": "attack-pattern--fe926152-f431-4baf-956c-4ad3cb0bf23b",
             "name": "Exploitation for Defense Evasion",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1211",
             "url": "https://attack.mitre.org/techniques/T1211",
             "deprecated": false
@@ -6320,6 +7104,7 @@ export const intel = {
             "stixId": "attack-pattern--ff25900d-76d5-449b-a351-8824e62fc81b",
             "name": "Trusted Developer Utilities Proxy Execution",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1127",
             "url": "https://attack.mitre.org/techniques/T1127",
             "deprecated": false
@@ -6328,6 +7113,7 @@ export const intel = {
             "stixId": "attack-pattern--ff73aa03-0090-4464-83ac-f89e233c02bc",
             "name": "System Shutdown/Reboot",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1529",
             "url": "https://attack.mitre.org/techniques/T1529",
             "deprecated": false
@@ -6336,6 +7122,7 @@ export const intel = {
             "stixId": "attack-pattern--ffbcfdb0-de22-4106-9ed3-fc23c8a01407",
             "name": "MMC",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1218.014",
             "url": "https://attack.mitre.org/techniques/T1218/014",
             "deprecated": false
@@ -6344,6 +7131,7 @@ export const intel = {
             "stixId": "attack-pattern--ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1",
             "name": "Process Argument Spoofing",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1564.010",
             "url": "https://attack.mitre.org/techniques/T1564/010",
             "deprecated": false
@@ -6352,6 +7140,7 @@ export const intel = {
             "stixId": "attack-pattern--ffe742ed-9100-4686-9e00-c331da544787",
             "name": "Windows Admin Shares",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1077",
             "url": "https://attack.mitre.org/techniques/T1077",
             "deprecated": true
@@ -6360,6 +7149,7 @@ export const intel = {
             "stixId": "attack-pattern--ffeb0780-356e-4261-b036-cfb6bd234335",
             "name": "COR_PROFILER",
             "type": "technique",
+            "matrix": "Enterprise ATT&CK",
             "id": "T1574.012",
             "url": "https://attack.mitre.org/techniques/T1574/012",
             "deprecated": false
@@ -6368,6 +7158,7 @@ export const intel = {
             "stixId": "attack-pattern--008b8f56-6107-48be-aa9f-746f927dbb61",
             "name": "Block Command Message",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0803",
             "url": "https://attack.mitre.org/techniques/T0803",
             "deprecated": false
@@ -6376,6 +7167,7 @@ export const intel = {
             "stixId": "attack-pattern--063b5b92-5361-481a-9c3f-95492ed9a2d8",
             "name": "Service Stop",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0881",
             "url": "https://attack.mitre.org/techniques/T0881",
             "deprecated": false
@@ -6384,6 +7176,7 @@ export const intel = {
             "stixId": "attack-pattern--097924ce-a9a9-4039-8591-e0deedfb8722",
             "name": "Modify Parameter",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0836",
             "url": "https://attack.mitre.org/techniques/T0836",
             "deprecated": false
@@ -6392,6 +7185,7 @@ export const intel = {
             "stixId": "attack-pattern--09a61657-46e1-439e-b3ed-3e4556a78243",
             "name": "Modify Controller Tasking",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0821",
             "url": "https://attack.mitre.org/techniques/T0821",
             "deprecated": false
@@ -6400,6 +7194,7 @@ export const intel = {
             "stixId": "attack-pattern--0fe075d5-beac-4d02-b93e-0f874997db72",
             "name": "Wireless Sniffing",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0887",
             "url": "https://attack.mitre.org/techniques/T0887",
             "deprecated": false
@@ -6408,6 +7203,7 @@ export const intel = {
             "stixId": "attack-pattern--138979ba-0430-4de6-a128-2fc0b056ba36",
             "name": "Loss of View",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0829",
             "url": "https://attack.mitre.org/techniques/T0829",
             "deprecated": false
@@ -6416,6 +7212,7 @@ export const intel = {
             "stixId": "attack-pattern--19a71d1e-6334-4233-8260-b749cae37953",
             "name": "Activate Firmware Update Mode",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0800",
             "url": "https://attack.mitre.org/techniques/T0800",
             "deprecated": false
@@ -6424,6 +7221,7 @@ export const intel = {
             "stixId": "attack-pattern--1af9e3fd-2bcc-414d-adbd-fe3b95c02ca1",
             "name": "Manipulation of Control",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0831",
             "url": "https://attack.mitre.org/techniques/T0831",
             "deprecated": false
@@ -6432,6 +7230,7 @@ export const intel = {
             "stixId": "attack-pattern--1b22b676-9347-4c55-9a35-ef0dc653db5b",
             "name": "Denial of Service",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0814",
             "url": "https://attack.mitre.org/techniques/T0814",
             "deprecated": false
@@ -6440,6 +7239,7 @@ export const intel = {
             "stixId": "attack-pattern--1c478716-71d9-46a4-9a53-fa5d576adb60",
             "name": "Block Serial COM",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0805",
             "url": "https://attack.mitre.org/techniques/T0805",
             "deprecated": false
@@ -6448,6 +7248,7 @@ export const intel = {
             "stixId": "attack-pattern--23270e54-1d68-4c3b-b763-b25607bcef80",
             "name": "Role Identification",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0850",
             "url": "https://attack.mitre.org/techniques/T0850",
             "deprecated": true
@@ -6456,6 +7257,7 @@ export const intel = {
             "stixId": "attack-pattern--24a9253e-8948-4c98-b751-8e2aee53127c",
             "name": "Command-Line Interface",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0807",
             "url": "https://attack.mitre.org/techniques/T0807",
             "deprecated": false
@@ -6464,6 +7266,7 @@ export const intel = {
             "stixId": "attack-pattern--25852363-5968-4673-b81d-341d5ed90bd1",
             "name": "Point & Tag Identification",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0861",
             "url": "https://attack.mitre.org/techniques/T0861",
             "deprecated": false
@@ -6472,6 +7275,7 @@ export const intel = {
             "stixId": "attack-pattern--25dfc8ad-bd73-4dfd-84a9-3c3d383f76e9",
             "name": "Device Restart/Shutdown",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0816",
             "url": "https://attack.mitre.org/techniques/T0816",
             "deprecated": false
@@ -6480,6 +7284,7 @@ export const intel = {
             "stixId": "attack-pattern--2736b752-4ec5-4421-a230-8977dea7649c",
             "name": "User Execution",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0863",
             "url": "https://attack.mitre.org/techniques/T0863",
             "deprecated": false
@@ -6488,6 +7293,7 @@ export const intel = {
             "stixId": "attack-pattern--2877063e-1851-48d2-bcc6-bc1d2733157e",
             "name": "Wireless Compromise",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0860",
             "url": "https://attack.mitre.org/techniques/T0860",
             "deprecated": false
@@ -6496,6 +7302,7 @@ export const intel = {
             "stixId": "attack-pattern--2883c520-7957-46ca-89bd-dab1ad53b601",
             "name": "Change Operating Mode",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0858",
             "url": "https://attack.mitre.org/techniques/T0858",
             "deprecated": false
@@ -6504,6 +7311,7 @@ export const intel = {
             "stixId": "attack-pattern--2900bbd8-308a-4274-b074-5b8bde8347bc",
             "name": "Alarm Suppression",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0878",
             "url": "https://attack.mitre.org/techniques/T0878",
             "deprecated": false
@@ -6512,6 +7320,7 @@ export const intel = {
             "stixId": "attack-pattern--2aa406ed-81c3-4c1d-ba83-cfbee5a2847a",
             "name": "Detect Operating Mode",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0868",
             "url": "https://attack.mitre.org/techniques/T0868",
             "deprecated": false
@@ -6520,6 +7329,7 @@ export const intel = {
             "stixId": "attack-pattern--2bb4d762-bf4a-4bc3-9318-15cc6a354163",
             "name": "Loss of Protection",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0837",
             "url": "https://attack.mitre.org/techniques/T0837",
             "deprecated": false
@@ -6528,6 +7338,7 @@ export const intel = {
             "stixId": "attack-pattern--2d0d40ad-22fa-4cc8-b264-072557e1364b",
             "name": "Monitor Process State",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0801",
             "url": "https://attack.mitre.org/techniques/T0801",
             "deprecated": false
@@ -6536,6 +7347,7 @@ export const intel = {
             "stixId": "attack-pattern--2dc2b567-8821-49f9-9045-8740f3d0b958",
             "name": "Scripting",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0853",
             "url": "https://attack.mitre.org/techniques/T0853",
             "deprecated": false
@@ -6544,6 +7356,7 @@ export const intel = {
             "stixId": "attack-pattern--2fedbe69-581f-447d-8a78-32ee7db939a9",
             "name": "Remote System Information Discovery",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0888",
             "url": "https://attack.mitre.org/techniques/T0888",
             "deprecated": false
@@ -6552,6 +7365,7 @@ export const intel = {
             "stixId": "attack-pattern--3067b85e-271e-4bc5-81ad-ab1a81d411e3",
             "name": "Program Upload",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0845",
             "url": "https://attack.mitre.org/techniques/T0845",
             "deprecated": false
@@ -6560,6 +7374,7 @@ export const intel = {
             "stixId": "attack-pattern--32632a95-6856-47b9-9ab7-fea5cd7dce00",
             "name": "Exploit Public-Facing Application",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0819",
             "url": "https://attack.mitre.org/techniques/T0819",
             "deprecated": false
@@ -6568,6 +7383,7 @@ export const intel = {
             "stixId": "attack-pattern--3405891b-16aa-4bd7-bd7c-733501f9b20f",
             "name": "Data from Information Repositories",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0811",
             "url": "https://attack.mitre.org/techniques/T0811",
             "deprecated": false
@@ -6576,6 +7392,7 @@ export const intel = {
             "stixId": "attack-pattern--35392fb4-a31d-4c6a-b9f2-1c65b7f5e6b9",
             "name": "Transient Cyber Asset",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0864",
             "url": "https://attack.mitre.org/techniques/T0864",
             "deprecated": false
@@ -6584,6 +7401,7 @@ export const intel = {
             "stixId": "attack-pattern--36e9f5bc-ac13-4da4-a2f4-01f4877d9004",
             "name": "Manipulate I/O Image",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0835",
             "url": "https://attack.mitre.org/techniques/T0835",
             "deprecated": false
@@ -6592,6 +7410,7 @@ export const intel = {
             "stixId": "attack-pattern--38213338-1aab-479d-949b-c81b66ccca5c",
             "name": "Network Sniffing",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0842",
             "url": "https://attack.mitre.org/techniques/T0842",
             "deprecated": false
@@ -6600,6 +7419,7 @@ export const intel = {
             "stixId": "attack-pattern--3b6b9246-43f8-4c69-ad7a-2b11cfe0a0d9",
             "name": "Rootkit",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0851",
             "url": "https://attack.mitre.org/techniques/T0851",
             "deprecated": false
@@ -6608,6 +7428,7 @@ export const intel = {
             "stixId": "attack-pattern--3de230d4-3e42-4041-b089-17e1128feded",
             "name": "Automated Collection",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0802",
             "url": "https://attack.mitre.org/techniques/T0802",
             "deprecated": false
@@ -6616,6 +7437,7 @@ export const intel = {
             "stixId": "attack-pattern--3f1f4ccb-9be2-4ff8-8f69-dd972221169b",
             "name": "Block Reporting Message",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0804",
             "url": "https://attack.mitre.org/techniques/T0804",
             "deprecated": false
@@ -6624,6 +7446,7 @@ export const intel = {
             "stixId": "attack-pattern--40b300ba-f553-48bf-862e-9471b220d455",
             "name": "Unauthorized Command Message",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0855",
             "url": "https://attack.mitre.org/techniques/T0855",
             "deprecated": false
@@ -6632,6 +7455,7 @@ export const intel = {
             "stixId": "attack-pattern--493832d9-cea6-4b63-abe7-9a65a6473675",
             "name": "Data Destruction",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0809",
             "url": "https://attack.mitre.org/techniques/T0809",
             "deprecated": false
@@ -6640,6 +7464,7 @@ export const intel = {
             "stixId": "attack-pattern--4c2e1408-9d68-4187-8e6b-a77bc52700ec",
             "name": "Manipulation of View",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0832",
             "url": "https://attack.mitre.org/techniques/T0832",
             "deprecated": false
@@ -6648,6 +7473,7 @@ export const intel = {
             "stixId": "attack-pattern--50d3222f-7550-4a3c-94e1-78cb6c81d064",
             "name": "Data Historian Compromise",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0810",
             "url": "https://attack.mitre.org/techniques/T0810",
             "deprecated": true
@@ -6656,6 +7482,7 @@ export const intel = {
             "stixId": "attack-pattern--539d0484-fe95-485a-b654-86991c0d0d00",
             "name": "Network Service Scanning",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0841",
             "url": "https://attack.mitre.org/techniques/T0841",
             "deprecated": true
@@ -6664,6 +7491,7 @@ export const intel = {
             "stixId": "attack-pattern--53a26eee-1080-4d17-9762-2027d5a1b805",
             "name": "Indicator Removal on Host",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0872",
             "url": "https://attack.mitre.org/techniques/T0872",
             "deprecated": false
@@ -6672,6 +7500,7 @@ export const intel = {
             "stixId": "attack-pattern--53a48c74-0025-45f4-b04a-baa853df8204",
             "name": "I/O Image",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0877",
             "url": "https://attack.mitre.org/techniques/T0877",
             "deprecated": false
@@ -6680,6 +7509,7 @@ export const intel = {
             "stixId": "attack-pattern--56ddc820-6cfb-407f-850b-52c035d123ac",
             "name": "Denial of View",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0815",
             "url": "https://attack.mitre.org/techniques/T0815",
             "deprecated": false
@@ -6688,6 +7518,7 @@ export const intel = {
             "stixId": "attack-pattern--5a2610f6-9fff-41e1-bc27-575ca20383d4",
             "name": "Execution through API",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0871",
             "url": "https://attack.mitre.org/techniques/T0871",
             "deprecated": false
@@ -6696,6 +7527,7 @@ export const intel = {
             "stixId": "attack-pattern--5e0f75da-e108-4688-a6de-a4f07cc2cbe3",
             "name": "Supply Chain Compromise",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0862",
             "url": "https://attack.mitre.org/techniques/T0862",
             "deprecated": false
@@ -6704,6 +7536,7 @@ export const intel = {
             "stixId": "attack-pattern--5f3da2f3-91c8-4d8b-a02f-bf43a11def55",
             "name": "Serial Connection Enumeration",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0854",
             "url": "https://attack.mitre.org/techniques/T0854",
             "deprecated": true
@@ -6712,6 +7545,7 @@ export const intel = {
             "stixId": "attack-pattern--5fa00fdd-4a55-4191-94a0-564181d7fec2",
             "name": "Loss of Safety",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0880",
             "url": "https://attack.mitre.org/techniques/T0880",
             "deprecated": false
@@ -6720,6 +7554,7 @@ export const intel = {
             "stixId": "attack-pattern--63b6942d-8359-4506-bfb3-cf87aa8120ee",
             "name": "Loss of Productivity and Revenue",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0828",
             "url": "https://attack.mitre.org/techniques/T0828",
             "deprecated": false
@@ -6728,6 +7563,7 @@ export const intel = {
             "stixId": "attack-pattern--648f995e-9c3a-41e4-aeee-98bb41037426",
             "name": "Spearphishing Attachment",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0865",
             "url": "https://attack.mitre.org/techniques/T0865",
             "deprecated": false
@@ -6736,6 +7572,7 @@ export const intel = {
             "stixId": "attack-pattern--7374ab87-0782-41f8-b415-678c0950bb2a",
             "name": "Location Identification",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0825",
             "url": "https://attack.mitre.org/techniques/T0825",
             "deprecated": true
@@ -6744,6 +7581,7 @@ export const intel = {
             "stixId": "attack-pattern--7830cfcf-b268-4ac0-a69e-73c6affbae9a",
             "name": "Drive-by Compromise",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0817",
             "url": "https://attack.mitre.org/techniques/T0817",
             "deprecated": false
@@ -6752,6 +7590,7 @@ export const intel = {
             "stixId": "attack-pattern--83ebd22f-b401-4d59-8219-2294172cf916",
             "name": "Damage to Property",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0879",
             "url": "https://attack.mitre.org/techniques/T0879",
             "deprecated": false
@@ -6760,6 +7599,7 @@ export const intel = {
             "stixId": "attack-pattern--8535b71e-3c12-4258-a4ab-40257a1becc4",
             "name": "Spoof Reporting Message",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0856",
             "url": "https://attack.mitre.org/techniques/T0856",
             "deprecated": false
@@ -6768,6 +7608,7 @@ export const intel = {
             "stixId": "attack-pattern--85a45294-08f1-4539-bf00-7da08aa7b0ee",
             "name": "Exploitation of Remote Services",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0866",
             "url": "https://attack.mitre.org/techniques/T0866",
             "deprecated": false
@@ -6776,6 +7617,7 @@ export const intel = {
             "stixId": "attack-pattern--8bb4538f-f16f-49f0-a431-70b5444c7349",
             "name": "Default Credentials",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0812",
             "url": "https://attack.mitre.org/techniques/T0812",
             "deprecated": false
@@ -6784,6 +7626,7 @@ export const intel = {
             "stixId": "attack-pattern--8d2f3bab-507c-4424-b58b-edc977bd215c",
             "name": "External Remote Services",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0822",
             "url": "https://attack.mitre.org/techniques/T0822",
             "deprecated": false
@@ -6792,6 +7635,7 @@ export const intel = {
             "stixId": "attack-pattern--8e7089d3-fba2-44f8-94a8-9a79c53920c4",
             "name": "Brute Force I/O",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0806",
             "url": "https://attack.mitre.org/techniques/T0806",
             "deprecated": false
@@ -6800,6 +7644,7 @@ export const intel = {
             "stixId": "attack-pattern--94f042ae-3033-4a8d-9ec3-26396533a541",
             "name": "Detect Program State",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0870",
             "url": "https://attack.mitre.org/techniques/T0870",
             "deprecated": true
@@ -6808,6 +7653,7 @@ export const intel = {
             "stixId": "attack-pattern--9a505987-ab05-4f46-a9a6-6441442eec3b",
             "name": "Adversary-in-the-Middle",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0830",
             "url": "https://attack.mitre.org/techniques/T0830",
             "deprecated": false
@@ -6816,6 +7662,7 @@ export const intel = {
             "stixId": "attack-pattern--9f947a1c-3860-48a8-8af0-a2dfa3efde03",
             "name": "Exploitation for Evasion",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0820",
             "url": "https://attack.mitre.org/techniques/T0820",
             "deprecated": false
@@ -6824,6 +7671,7 @@ export const intel = {
             "stixId": "attack-pattern--a81696ef-c106-482c-8f80-59c30f2569fb",
             "name": "Loss of Control",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0827",
             "url": "https://attack.mitre.org/techniques/T0827",
             "deprecated": false
@@ -6832,6 +7680,7 @@ export const intel = {
             "stixId": "attack-pattern--a8cfd474-9358-464f-a169-9c6f099a8e8a",
             "name": "Change Program State",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0875",
             "url": "https://attack.mitre.org/techniques/T0875",
             "deprecated": true
@@ -6840,6 +7689,7 @@ export const intel = {
             "stixId": "attack-pattern--ab390887-afc0-4715-826d-b1b167d522ae",
             "name": "Hooking",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0874",
             "url": "https://attack.mitre.org/techniques/T0874",
             "deprecated": false
@@ -6848,6 +7698,7 @@ export const intel = {
             "stixId": "attack-pattern--abb0a255-eb9c-48d0-8f5c-874bb84c0e45",
             "name": "Control Device Identification",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0808",
             "url": "https://attack.mitre.org/techniques/T0808",
             "deprecated": true
@@ -6856,6 +7707,7 @@ export const intel = {
             "stixId": "attack-pattern--ae62fe1a-ea1a-479b-8dc0-65d250bd8bc7",
             "name": "Program Organization Units",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0844",
             "url": "https://attack.mitre.org/techniques/T0844",
             "deprecated": true
@@ -6864,6 +7716,7 @@ export const intel = {
             "stixId": "attack-pattern--b0628bfc-5376-4a38-9182-f324501cb4cf",
             "name": "Graphical User Interface",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0823",
             "url": "https://attack.mitre.org/techniques/T0823",
             "deprecated": false
@@ -6872,6 +7725,7 @@ export const intel = {
             "stixId": "attack-pattern--b14395bd-5419-4ef4-9bd8-696936f509bb",
             "name": "Rogue Master",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0848",
             "url": "https://attack.mitre.org/techniques/T0848",
             "deprecated": false
@@ -6880,6 +7734,7 @@ export const intel = {
             "stixId": "attack-pattern--b52870cc-83f3-473c-b895-72d91751030b",
             "name": "Native API",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0834",
             "url": "https://attack.mitre.org/techniques/T0834",
             "deprecated": false
@@ -6888,6 +7743,7 @@ export const intel = {
             "stixId": "attack-pattern--b5b9bacb-97f2-4249-b804-47fd44de1f95",
             "name": "Loss of Availability",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0826",
             "url": "https://attack.mitre.org/techniques/T0826",
             "deprecated": false
@@ -6896,6 +7752,7 @@ export const intel = {
             "stixId": "attack-pattern--b7e13ee8-182c-4f19-92a4-a88d7d855d54",
             "name": "Theft of Operational Information",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0882",
             "url": "https://attack.mitre.org/techniques/T0882",
             "deprecated": false
@@ -6904,6 +7761,7 @@ export const intel = {
             "stixId": "attack-pattern--b9160e77-ea9e-4ba9-b1c8-53a3c466b13d",
             "name": "System Firmware",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0857",
             "url": "https://attack.mitre.org/techniques/T0857",
             "deprecated": false
@@ -6912,6 +7770,7 @@ export const intel = {
             "stixId": "attack-pattern--ba203963-3182-41ac-af14-7e7ebc83cd61",
             "name": "Masquerading",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0849",
             "url": "https://attack.mitre.org/techniques/T0849",
             "deprecated": false
@@ -6920,6 +7779,7 @@ export const intel = {
             "stixId": "attack-pattern--be69c571-d746-4b1f-bdd0-c0c9817e9068",
             "name": "Program Download",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0843",
             "url": "https://attack.mitre.org/techniques/T0843",
             "deprecated": false
@@ -6928,6 +7788,7 @@ export const intel = {
             "stixId": "attack-pattern--c267bbee-bb59-47fe-85e0-3ed210337c21",
             "name": "Replication Through Removable Media",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0847",
             "url": "https://attack.mitre.org/techniques/T0847",
             "deprecated": false
@@ -6936,6 +7797,7 @@ export const intel = {
             "stixId": "attack-pattern--c5e3cdbc-0387-4be9-8f83-ff5c0865f377",
             "name": "Screen Capture",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0852",
             "url": "https://attack.mitre.org/techniques/T0852",
             "deprecated": false
@@ -6944,6 +7806,7 @@ export const intel = {
             "stixId": "attack-pattern--c9a8d958-fcdb-40d2-af4c-461c8031651a",
             "name": "Hardcoded Credentials",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0891",
             "url": "https://attack.mitre.org/techniques/T0891",
             "deprecated": false
@@ -6952,6 +7815,7 @@ export const intel = {
             "stixId": "attack-pattern--cd2c76a4-5e23-4ca5-9c40-d5e0604f7101",
             "name": "Valid Accounts",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0859",
             "url": "https://attack.mitre.org/techniques/T0859",
             "deprecated": false
@@ -6960,6 +7824,7 @@ export const intel = {
             "stixId": "attack-pattern--cfe68e93-ce94-4c0f-a57d-3aa72cedd618",
             "name": "Exploitation for Privilege Escalation",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0890",
             "url": "https://attack.mitre.org/techniques/T0890",
             "deprecated": false
@@ -6968,6 +7833,7 @@ export const intel = {
             "stixId": "attack-pattern--d5a69cfb-fc2a-46cb-99eb-74b236db5061",
             "name": "Remote System Discovery",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0846",
             "url": "https://attack.mitre.org/techniques/T0846",
             "deprecated": false
@@ -6976,6 +7842,7 @@ export const intel = {
             "stixId": "attack-pattern--d614a9cf-18eb-4800-81e4-ab8ddf0baa73",
             "name": "Engineering Workstation Compromise",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0818",
             "url": "https://attack.mitre.org/techniques/T0818",
             "deprecated": true
@@ -6984,6 +7851,7 @@ export const intel = {
             "stixId": "attack-pattern--d67adac8-e3b9-44f9-9e6d-6c2a7d69dbe4",
             "name": "Connection Proxy",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0884",
             "url": "https://attack.mitre.org/techniques/T0884",
             "deprecated": false
@@ -6992,6 +7860,7 @@ export const intel = {
             "stixId": "attack-pattern--e076cca8-2f08-45c9-aff7-ea5ac798b387",
             "name": "Standard Application Layer Protocol",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0869",
             "url": "https://attack.mitre.org/techniques/T0869",
             "deprecated": false
@@ -7000,6 +7869,7 @@ export const intel = {
             "stixId": "attack-pattern--e0d74479-86d2-465d-bf36-903ebecef43e",
             "name": "Modify Control Logic",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0833",
             "url": "https://attack.mitre.org/techniques/T0833",
             "deprecated": true
@@ -7008,6 +7878,7 @@ export const intel = {
             "stixId": "attack-pattern--e1f9cdd2-9511-4fca-90d7-f3e92cfdd0bf",
             "name": "Remote Services",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0886",
             "url": "https://attack.mitre.org/techniques/T0886",
             "deprecated": false
@@ -7016,6 +7887,7 @@ export const intel = {
             "stixId": "attack-pattern--e2994b6a-122b-4043-b654-7411c5198ec0",
             "name": "I/O Module Discovery",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0824",
             "url": "https://attack.mitre.org/techniques/T0824",
             "deprecated": true
@@ -7024,6 +7896,7 @@ export const intel = {
             "stixId": "attack-pattern--e33c7ecc-5a38-497f-beb2-a9a2049a4c20",
             "name": "Denial of Control",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0813",
             "url": "https://attack.mitre.org/techniques/T0813",
             "deprecated": false
@@ -7032,6 +7905,7 @@ export const intel = {
             "stixId": "attack-pattern--e5de767e-f513-41cd-aa15-33f6ce5fbf92",
             "name": "Modify Alarm Settings",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0838",
             "url": "https://attack.mitre.org/techniques/T0838",
             "deprecated": false
@@ -7040,6 +7914,7 @@ export const intel = {
             "stixId": "attack-pattern--e6c31185-8040-4267-83d3-b217b8a92f07",
             "name": "Commonly Used Port",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0885",
             "url": "https://attack.mitre.org/techniques/T0885",
             "deprecated": false
@@ -7048,6 +7923,7 @@ export const intel = {
             "stixId": "attack-pattern--e72425f8-9ae6-41d3-bfdb-e1b865e60722",
             "name": "Project File Infection",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0873",
             "url": "https://attack.mitre.org/techniques/T0873",
             "deprecated": false
@@ -7056,6 +7932,7 @@ export const intel = {
             "stixId": "attack-pattern--ea0c980c-5cf0-43a7-a049-59c4c207566e",
             "name": "Network Connection Enumeration",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0840",
             "url": "https://attack.mitre.org/techniques/T0840",
             "deprecated": false
@@ -7064,6 +7941,7 @@ export const intel = {
             "stixId": "attack-pattern--ead7bd34-186e-4c79-9a4d-b65bcce6ed9d",
             "name": "Lateral Tool Transfer",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0867",
             "url": "https://attack.mitre.org/techniques/T0867",
             "deprecated": false
@@ -7072,6 +7950,7 @@ export const intel = {
             "stixId": "attack-pattern--efbf7888-f61b-4572-9c80-7e2965c60707",
             "name": "Module Firmware",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0839",
             "url": "https://attack.mitre.org/techniques/T0839",
             "deprecated": false
@@ -7080,6 +7959,7 @@ export const intel = {
             "stixId": "attack-pattern--f8df6b57-14bc-425f-9a91-6f59f6799307",
             "name": "Internet Accessible Device",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0883",
             "url": "https://attack.mitre.org/techniques/T0883",
             "deprecated": false
@@ -7088,6 +7968,7 @@ export const intel = {
             "stixId": "attack-pattern--fa3aa267-da22-4bdd-961f-03223322a8d5",
             "name": "Data from Local System",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0893",
             "url": "https://attack.mitre.org/techniques/T0893",
             "deprecated": false
@@ -7096,6 +7977,7 @@ export const intel = {
             "stixId": "attack-pattern--fab8fc7d-f27f-4fbb-9de6-44740aade05f",
             "name": "Change Credential",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0892",
             "url": "https://attack.mitre.org/techniques/T0892",
             "deprecated": false
@@ -7104,6 +7986,7 @@ export const intel = {
             "stixId": "attack-pattern--fc5fda7e-6b2c-4457-b036-759896a2efa2",
             "name": "Modify Program",
             "type": "technique",
+            "matrix": "ICS ATT&CK",
             "id": "T0889",
             "url": "https://attack.mitre.org/techniques/T0889",
             "deprecated": false
@@ -7112,6 +7995,7 @@ export const intel = {
             "stixId": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
             "name": "Scheduled Task/Job",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1603",
             "url": "https://attack.mitre.org/techniques/T1603",
             "deprecated": false
@@ -7120,6 +8004,7 @@ export const intel = {
             "stixId": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
             "name": "Code Injection",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1540",
             "url": "https://attack.mitre.org/techniques/T1540",
             "deprecated": true
@@ -7128,6 +8013,7 @@ export const intel = {
             "stixId": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
             "name": "Adversary-in-the-Middle",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1638",
             "url": "https://attack.mitre.org/techniques/T1638",
             "deprecated": false
@@ -7136,6 +8022,7 @@ export const intel = {
             "stixId": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
             "name": "Abuse Elevation Control Mechanism",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1626",
             "url": "https://attack.mitre.org/techniques/T1626",
             "deprecated": false
@@ -7144,6 +8031,7 @@ export const intel = {
             "stixId": "attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d",
             "name": "Malicious SMS Message",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1454",
             "url": "https://attack.mitre.org/techniques/T1454",
             "deprecated": true
@@ -7152,6 +8040,7 @@ export const intel = {
             "stixId": "attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d",
             "name": "Obtain Device Cloud Backups",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1470",
             "url": "https://attack.mitre.org/techniques/T1470",
             "deprecated": true
@@ -7160,6 +8049,7 @@ export const intel = {
             "stixId": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
             "name": "Uninstall Malicious Application",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1630.001",
             "url": "https://attack.mitre.org/techniques/T1630/001",
             "deprecated": false
@@ -7168,6 +8058,7 @@ export const intel = {
             "stixId": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
             "name": "Indicator Removal on Host",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1630",
             "url": "https://attack.mitre.org/techniques/T1630",
             "deprecated": false
@@ -7176,6 +8067,7 @@ export const intel = {
             "stixId": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
             "name": "Supply Chain Compromise",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1474",
             "url": "https://attack.mitre.org/techniques/T1474",
             "deprecated": false
@@ -7184,6 +8076,7 @@ export const intel = {
             "stixId": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
             "name": "Impersonate SS7 Nodes",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1430.002",
             "url": "https://attack.mitre.org/techniques/T1430/002",
             "deprecated": false
@@ -7192,6 +8085,7 @@ export const intel = {
             "stixId": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
             "name": "Insecure Third-Party Libraries",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1425",
             "url": "https://attack.mitre.org/techniques/T1425",
             "deprecated": true
@@ -7200,6 +8094,7 @@ export const intel = {
             "stixId": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
             "name": "Protected User Data",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1636",
             "url": "https://attack.mitre.org/techniques/T1636",
             "deprecated": false
@@ -7208,6 +8103,7 @@ export const intel = {
             "stixId": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
             "name": "Asymmetric Cryptography",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1521.002",
             "url": "https://attack.mitre.org/techniques/T1521/002",
             "deprecated": false
@@ -7216,6 +8112,7 @@ export const intel = {
             "stixId": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
             "name": "Software Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1418",
             "url": "https://attack.mitre.org/techniques/T1418",
             "deprecated": false
@@ -7224,6 +8121,7 @@ export const intel = {
             "stixId": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
             "name": "Process Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1424",
             "url": "https://attack.mitre.org/techniques/T1424",
             "deprecated": false
@@ -7232,6 +8130,7 @@ export const intel = {
             "stixId": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
             "name": "Call Log",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1636.002",
             "url": "https://attack.mitre.org/techniques/T1636/002",
             "deprecated": false
@@ -7240,6 +8139,7 @@ export const intel = {
             "stixId": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
             "name": "Security Software Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1418.001",
             "url": "https://attack.mitre.org/techniques/T1418/001",
             "deprecated": false
@@ -7248,6 +8148,7 @@ export const intel = {
             "stixId": "attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2",
             "name": "App Delivered via Email Attachment",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1434",
             "url": "https://attack.mitre.org/techniques/T1434",
             "deprecated": true
@@ -7256,6 +8157,7 @@ export const intel = {
             "stixId": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
             "name": "Ptrace System Calls",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1631.001",
             "url": "https://attack.mitre.org/techniques/T1631/001",
             "deprecated": false
@@ -7264,6 +8166,7 @@ export const intel = {
             "stixId": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
             "name": "Impair Defenses",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1629",
             "url": "https://attack.mitre.org/techniques/T1629",
             "deprecated": false
@@ -7272,6 +8175,7 @@ export const intel = {
             "stixId": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a",
             "name": "Abuse Accessibility Features",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1453",
             "url": "https://attack.mitre.org/techniques/T1453",
             "deprecated": true
@@ -7280,6 +8184,7 @@ export const intel = {
             "stixId": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
             "name": "Exploitation of Remote Services",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1428",
             "url": "https://attack.mitre.org/techniques/T1428",
             "deprecated": false
@@ -7288,6 +8193,7 @@ export const intel = {
             "stixId": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
             "name": "Web Protocols",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1437.001",
             "url": "https://attack.mitre.org/techniques/T1437/001",
             "deprecated": false
@@ -7296,6 +8202,7 @@ export const intel = {
             "stixId": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
             "name": "Steal Application Access Token",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1635",
             "url": "https://attack.mitre.org/techniques/T1635",
             "deprecated": false
@@ -7304,6 +8211,7 @@ export const intel = {
             "stixId": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
             "name": "User Evasion",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1628.002",
             "url": "https://attack.mitre.org/techniques/T1628/002",
             "deprecated": false
@@ -7312,6 +8220,7 @@ export const intel = {
             "stixId": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
             "name": "Virtualization/Sandbox Evasion",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1633",
             "url": "https://attack.mitre.org/techniques/T1633",
             "deprecated": false
@@ -7320,6 +8229,7 @@ export const intel = {
             "stixId": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
             "name": "Keychain",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1579",
             "url": "https://attack.mitre.org/techniques/T1579",
             "deprecated": true
@@ -7328,6 +8238,7 @@ export const intel = {
             "stixId": "attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3",
             "name": "Access Sensitive Data in Device Logs",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1413",
             "url": "https://attack.mitre.org/techniques/T1413",
             "deprecated": true
@@ -7336,6 +8247,7 @@ export const intel = {
             "stixId": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
             "name": "Command and Scripting Interpreter",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1623",
             "url": "https://attack.mitre.org/techniques/T1623",
             "deprecated": false
@@ -7344,6 +8256,7 @@ export const intel = {
             "stixId": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
             "name": "Disable or Modify Tools",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1629.003",
             "url": "https://attack.mitre.org/techniques/T1629/003",
             "deprecated": false
@@ -7352,6 +8265,7 @@ export const intel = {
             "stixId": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
             "name": "Ingress Tool Transfer",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1544",
             "url": "https://attack.mitre.org/techniques/T1544",
             "deprecated": false
@@ -7360,6 +8274,7 @@ export const intel = {
             "stixId": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
             "name": "Dynamic Resolution",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1637",
             "url": "https://attack.mitre.org/techniques/T1637",
             "deprecated": false
@@ -7368,6 +8283,7 @@ export const intel = {
             "stixId": "attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5",
             "name": "Exploit via Radio Interfaces",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1477",
             "url": "https://attack.mitre.org/techniques/T1477",
             "deprecated": true
@@ -7376,6 +8292,7 @@ export const intel = {
             "stixId": "attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790",
             "name": "Network Service Scanning",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1423",
             "url": "https://attack.mitre.org/techniques/T1423",
             "deprecated": false
@@ -7384,6 +8301,7 @@ export const intel = {
             "stixId": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
             "name": "User Evasion",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1618",
             "url": "https://attack.mitre.org/techniques/T1618",
             "deprecated": true
@@ -7392,6 +8310,7 @@ export const intel = {
             "stixId": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
             "name": "Exfiltration Over C2 Channel",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1646",
             "url": "https://attack.mitre.org/techniques/T1646",
             "deprecated": false
@@ -7400,6 +8319,7 @@ export const intel = {
             "stixId": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
             "name": "Exploitation for Privilege Escalation",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1404",
             "url": "https://attack.mitre.org/techniques/T1404",
             "deprecated": false
@@ -7408,6 +8328,7 @@ export const intel = {
             "stixId": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
             "name": "Call Control",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1616",
             "url": "https://attack.mitre.org/techniques/T1616",
             "deprecated": false
@@ -7416,6 +8337,7 @@ export const intel = {
             "stixId": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
             "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1639.001",
             "url": "https://attack.mitre.org/techniques/T1639/001",
             "deprecated": false
@@ -7424,6 +8346,7 @@ export const intel = {
             "stixId": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
             "name": "Broadcast Receivers",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1624.001",
             "url": "https://attack.mitre.org/techniques/T1624/001",
             "deprecated": false
@@ -7432,6 +8355,7 @@ export const intel = {
             "stixId": "attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad",
             "name": "Commonly Used Port",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1436",
             "url": "https://attack.mitre.org/techniques/T1436",
             "deprecated": true
@@ -7440,6 +8364,7 @@ export const intel = {
             "stixId": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
             "name": "Eavesdrop on Insecure Network Communication",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1439",
             "url": "https://attack.mitre.org/techniques/T1439",
             "deprecated": true
@@ -7448,6 +8373,7 @@ export const intel = {
             "stixId": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
             "name": "Access Notifications",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1517",
             "url": "https://attack.mitre.org/techniques/T1517",
             "deprecated": false
@@ -7456,6 +8382,7 @@ export const intel = {
             "stixId": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
             "name": "Network Traffic Capture or Redirection",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1410",
             "url": "https://attack.mitre.org/techniques/T1410",
             "deprecated": true
@@ -7464,6 +8391,7 @@ export const intel = {
             "stixId": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
             "name": "Input Prompt",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1411",
             "url": "https://attack.mitre.org/techniques/T1411",
             "deprecated": true
@@ -7472,6 +8400,7 @@ export const intel = {
             "stixId": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
             "name": "Exfiltration Over Alternative Protocol",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1639",
             "url": "https://attack.mitre.org/techniques/T1639",
             "deprecated": false
@@ -7480,6 +8409,7 @@ export const intel = {
             "stixId": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
             "name": "Biometric Spoofing",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1460",
             "url": "https://attack.mitre.org/techniques/T1460",
             "deprecated": true
@@ -7488,6 +8418,7 @@ export const intel = {
             "stixId": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
             "name": "Boot or Logon Initialization Scripts",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1398",
             "url": "https://attack.mitre.org/techniques/T1398",
             "deprecated": false
@@ -7496,6 +8427,7 @@ export const intel = {
             "stixId": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
             "name": "Execution Guardrails",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1627",
             "url": "https://attack.mitre.org/techniques/T1627",
             "deprecated": false
@@ -7504,6 +8436,7 @@ export const intel = {
             "stixId": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
             "name": "GUI Input Capture",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1417.002",
             "url": "https://attack.mitre.org/techniques/T1417/002",
             "deprecated": false
@@ -7512,6 +8445,7 @@ export const intel = {
             "stixId": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
             "name": "Access Contact List",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1432",
             "url": "https://attack.mitre.org/techniques/T1432",
             "deprecated": true
@@ -7520,6 +8454,7 @@ export const intel = {
             "stixId": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
             "name": "Compromise Client Software Binary",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1645",
             "url": "https://attack.mitre.org/techniques/T1645",
             "deprecated": false
@@ -7528,6 +8463,7 @@ export const intel = {
             "stixId": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
             "name": "Software Packing",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1406.002",
             "url": "https://attack.mitre.org/techniques/T1406/002",
             "deprecated": false
@@ -7536,6 +8472,7 @@ export const intel = {
             "stixId": "attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
             "name": "Abuse of iOS Enterprise App Signing Key",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1445",
             "url": "https://attack.mitre.org/techniques/T1445",
             "deprecated": true
@@ -7544,6 +8481,7 @@ export const intel = {
             "stixId": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
             "name": "Exploit SS7 to Track Device Location",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1450",
             "url": "https://attack.mitre.org/techniques/T1450",
             "deprecated": true
@@ -7552,6 +8490,7 @@ export const intel = {
             "stixId": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
             "name": "Native API",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1575",
             "url": "https://attack.mitre.org/techniques/T1575",
             "deprecated": false
@@ -7560,6 +8499,7 @@ export const intel = {
             "stixId": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
             "name": "Deliver Malicious App via Other Means",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1476",
             "url": "https://attack.mitre.org/techniques/T1476",
             "deprecated": true
@@ -7568,6 +8508,7 @@ export const intel = {
             "stixId": "attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067",
             "name": "Remotely Wipe Data Without Authorization",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1469",
             "url": "https://attack.mitre.org/techniques/T1469",
             "deprecated": true
@@ -7576,6 +8517,7 @@ export const intel = {
             "stixId": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
             "name": "Proxy Through Victim",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1604",
             "url": "https://attack.mitre.org/techniques/T1604",
             "deprecated": false
@@ -7584,6 +8526,7 @@ export const intel = {
             "stixId": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
             "name": "Domain Generation Algorithms",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1520",
             "url": "https://attack.mitre.org/techniques/T1520",
             "deprecated": true
@@ -7592,6 +8535,7 @@ export const intel = {
             "stixId": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
             "name": "Access Calendar Entries",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1435",
             "url": "https://attack.mitre.org/techniques/T1435",
             "deprecated": true
@@ -7600,6 +8544,7 @@ export const intel = {
             "stixId": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
             "name": "Rogue Wi-Fi Access Points",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1465",
             "url": "https://attack.mitre.org/techniques/T1465",
             "deprecated": true
@@ -7608,6 +8553,7 @@ export const intel = {
             "stixId": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
             "name": "Foreground Persistence",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1541",
             "url": "https://attack.mitre.org/techniques/T1541",
             "deprecated": false
@@ -7616,6 +8562,7 @@ export const intel = {
             "stixId": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
             "name": "Replication Through Removable Media",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1458",
             "url": "https://attack.mitre.org/techniques/T1458",
             "deprecated": false
@@ -7624,6 +8571,7 @@ export const intel = {
             "stixId": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
             "name": "Audio Capture",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1429",
             "url": "https://attack.mitre.org/techniques/T1429",
             "deprecated": false
@@ -7632,6 +8580,7 @@ export const intel = {
             "stixId": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
             "name": "Hijack Execution Flow",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1625",
             "url": "https://attack.mitre.org/techniques/T1625",
             "deprecated": false
@@ -7640,6 +8589,7 @@ export const intel = {
             "stixId": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
             "name": "Unix Shell",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1623.001",
             "url": "https://attack.mitre.org/techniques/T1623/001",
             "deprecated": false
@@ -7648,6 +8598,7 @@ export const intel = {
             "stixId": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
             "name": "Application Layer Protocol",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1437",
             "url": "https://attack.mitre.org/techniques/T1437",
             "deprecated": false
@@ -7656,6 +8607,7 @@ export const intel = {
             "stixId": "attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2",
             "name": "App Delivered via Web Download",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1431",
             "url": "https://attack.mitre.org/techniques/T1431",
             "deprecated": true
@@ -7664,6 +8616,7 @@ export const intel = {
             "stixId": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
             "name": "Download New Code at Runtime",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1407",
             "url": "https://attack.mitre.org/techniques/T1407",
             "deprecated": false
@@ -7672,6 +8625,7 @@ export const intel = {
             "stixId": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
             "name": "Remotely Track Device Without Authorization",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1468",
             "url": "https://attack.mitre.org/techniques/T1468",
             "deprecated": true
@@ -7680,6 +8634,7 @@ export const intel = {
             "stixId": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
             "name": "System Checks",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1633.001",
             "url": "https://attack.mitre.org/techniques/T1633/001",
             "deprecated": false
@@ -7688,6 +8643,7 @@ export const intel = {
             "stixId": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
             "name": "Stored Application Data",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1409",
             "url": "https://attack.mitre.org/techniques/T1409",
             "deprecated": false
@@ -7696,6 +8652,7 @@ export const intel = {
             "stixId": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
             "name": "Screen Capture",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1513",
             "url": "https://attack.mitre.org/techniques/T1513",
             "deprecated": false
@@ -7704,6 +8661,7 @@ export const intel = {
             "stixId": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
             "name": "Transmitted Data Manipulation",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1641.001",
             "url": "https://attack.mitre.org/techniques/T1641/001",
             "deprecated": false
@@ -7712,6 +8670,7 @@ export const intel = {
             "stixId": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
             "name": "Manipulate App Store Rankings or Ratings",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1452",
             "url": "https://attack.mitre.org/techniques/T1452",
             "deprecated": true
@@ -7720,6 +8679,7 @@ export const intel = {
             "stixId": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
             "name": "URI Hijacking",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1416",
             "url": "https://attack.mitre.org/techniques/T1416",
             "deprecated": true
@@ -7728,6 +8688,7 @@ export const intel = {
             "stixId": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
             "name": "Compromise Software Dependencies and Development Tools",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1474.001",
             "url": "https://attack.mitre.org/techniques/T1474/001",
             "deprecated": false
@@ -7736,6 +8697,7 @@ export const intel = {
             "stixId": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
             "name": "Evade Analysis Environment",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1523",
             "url": "https://attack.mitre.org/techniques/T1523",
             "deprecated": true
@@ -7744,6 +8706,7 @@ export const intel = {
             "stixId": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
             "name": "URI Hijacking",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1635.001",
             "url": "https://attack.mitre.org/techniques/T1635/001",
             "deprecated": false
@@ -7752,6 +8715,7 @@ export const intel = {
             "stixId": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
             "name": "Subvert Trust Controls",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1632",
             "url": "https://attack.mitre.org/techniques/T1632",
             "deprecated": false
@@ -7760,6 +8724,7 @@ export const intel = {
             "stixId": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
             "name": "Access Call Log",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1433",
             "url": "https://attack.mitre.org/techniques/T1433",
             "deprecated": true
@@ -7768,6 +8733,7 @@ export const intel = {
             "stixId": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
             "name": "Geofencing",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1581",
             "url": "https://attack.mitre.org/techniques/T1581",
             "deprecated": true
@@ -7776,6 +8742,7 @@ export const intel = {
             "stixId": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
             "name": "Device Administrator Permissions",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1401",
             "url": "https://attack.mitre.org/techniques/T1401",
             "deprecated": true
@@ -7784,6 +8751,7 @@ export const intel = {
             "stixId": "attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16",
             "name": "Remotely Install Application",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1443",
             "url": "https://attack.mitre.org/techniques/T1443",
             "deprecated": true
@@ -7792,6 +8760,7 @@ export const intel = {
             "stixId": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
             "name": "Keychain",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1634.001",
             "url": "https://attack.mitre.org/techniques/T1634/001",
             "deprecated": false
@@ -7800,6 +8769,7 @@ export const intel = {
             "stixId": "attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6",
             "name": "Modify Cached Executable Code",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1403",
             "url": "https://attack.mitre.org/techniques/T1403",
             "deprecated": true
@@ -7808,6 +8778,7 @@ export const intel = {
             "stixId": "attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05",
             "name": "Device Type Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1419",
             "url": "https://attack.mitre.org/techniques/T1419",
             "deprecated": true
@@ -7816,6 +8787,7 @@ export const intel = {
             "stixId": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
             "name": "Uninstall Malicious Application",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1576",
             "url": "https://attack.mitre.org/techniques/T1576",
             "deprecated": true
@@ -7824,6 +8796,7 @@ export const intel = {
             "stixId": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
             "name": "Delete Device Data",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1447",
             "url": "https://attack.mitre.org/techniques/T1447",
             "deprecated": true
@@ -7832,6 +8805,7 @@ export const intel = {
             "stixId": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
             "name": "Carrier Billing Fraud",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1448",
             "url": "https://attack.mitre.org/techniques/T1448",
             "deprecated": true
@@ -7840,6 +8814,7 @@ export const intel = {
             "stixId": "attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e",
             "name": "URL Scheme Hijacking",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1415",
             "url": "https://attack.mitre.org/techniques/T1415",
             "deprecated": true
@@ -7848,6 +8823,7 @@ export const intel = {
             "stixId": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
             "name": "Bidirectional Communication",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1481.002",
             "url": "https://attack.mitre.org/techniques/T1481/002",
             "deprecated": false
@@ -7856,6 +8832,7 @@ export const intel = {
             "stixId": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
             "name": "Non-Standard Port",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1509",
             "url": "https://attack.mitre.org/techniques/T1509",
             "deprecated": false
@@ -7864,6 +8841,7 @@ export const intel = {
             "stixId": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
             "name": "Compromise Software Supply Chain",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1474.003",
             "url": "https://attack.mitre.org/techniques/T1474/003",
             "deprecated": false
@@ -7872,6 +8850,7 @@ export const intel = {
             "stixId": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
             "name": "Dead Drop Resolver",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1481.001",
             "url": "https://attack.mitre.org/techniques/T1481/001",
             "deprecated": false
@@ -7880,6 +8859,7 @@ export const intel = {
             "stixId": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
             "name": "Location Tracking",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1430",
             "url": "https://attack.mitre.org/techniques/T1430",
             "deprecated": false
@@ -7888,6 +8868,7 @@ export const intel = {
             "stixId": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
             "name": "Device Administrator Permissions",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1626.001",
             "url": "https://attack.mitre.org/techniques/T1626/001",
             "deprecated": false
@@ -7896,6 +8877,7 @@ export const intel = {
             "stixId": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
             "name": "Device Lockout",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1446",
             "url": "https://attack.mitre.org/techniques/T1446",
             "deprecated": true
@@ -7904,6 +8886,7 @@ export const intel = {
             "stixId": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
             "name": "Remote Device Management Services",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1430.001",
             "url": "https://attack.mitre.org/techniques/T1430/001",
             "deprecated": false
@@ -7912,6 +8895,7 @@ export const intel = {
             "stixId": "attack-pattern--a0464539-e1b7-4455-a355-12495987c300",
             "name": "Attack PC via USB Connection",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1427",
             "url": "https://attack.mitre.org/techniques/T1427",
             "deprecated": true
@@ -7920,6 +8904,7 @@ export const intel = {
             "stixId": "attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881",
             "name": "Stolen Developer Credentials or Signing Keys",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1441",
             "url": "https://attack.mitre.org/techniques/T1441",
             "deprecated": true
@@ -7928,6 +8913,7 @@ export const intel = {
             "stixId": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
             "name": "Rogue Cellular Base Station",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1467",
             "url": "https://attack.mitre.org/techniques/T1467",
             "deprecated": true
@@ -7936,6 +8922,7 @@ export const intel = {
             "stixId": "attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5",
             "name": "SIM Card Swap",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1451",
             "url": "https://attack.mitre.org/techniques/T1451",
             "deprecated": true
@@ -7944,6 +8931,7 @@ export const intel = {
             "stixId": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
             "name": "Input Capture",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1417",
             "url": "https://attack.mitre.org/techniques/T1417",
             "deprecated": false
@@ -7952,6 +8940,7 @@ export const intel = {
             "stixId": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
             "name": "Generate Traffic from Victim",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1643",
             "url": "https://attack.mitre.org/techniques/T1643",
             "deprecated": false
@@ -7960,6 +8949,7 @@ export const intel = {
             "stixId": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
             "name": "Disguise Root/Jailbreak Indicators",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1630.003",
             "url": "https://attack.mitre.org/techniques/T1630/003",
             "deprecated": false
@@ -7968,6 +8958,7 @@ export const intel = {
             "stixId": "attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
             "name": "Masquerade as Legitimate Application",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1444",
             "url": "https://attack.mitre.org/techniques/T1444",
             "deprecated": true
@@ -7976,6 +8967,7 @@ export const intel = {
             "stixId": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
             "name": "Malicious Media Content",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1457",
             "url": "https://attack.mitre.org/techniques/T1457",
             "deprecated": true
@@ -7984,6 +8976,7 @@ export const intel = {
             "stixId": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
             "name": "Calendar Entries",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1636.001",
             "url": "https://attack.mitre.org/techniques/T1636/001",
             "deprecated": false
@@ -7992,6 +8985,7 @@ export const intel = {
             "stixId": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
             "name": "File Deletion",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1630.002",
             "url": "https://attack.mitre.org/techniques/T1630/002",
             "deprecated": false
@@ -8000,6 +8994,7 @@ export const intel = {
             "stixId": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
             "name": "Device Lockout",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1629.002",
             "url": "https://attack.mitre.org/techniques/T1629/002",
             "deprecated": false
@@ -8008,6 +9003,7 @@ export const intel = {
             "stixId": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
             "name": "Keylogging",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1417.001",
             "url": "https://attack.mitre.org/techniques/T1417/001",
             "deprecated": false
@@ -8016,6 +9012,7 @@ export const intel = {
             "stixId": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
             "name": "SMS Control",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1582",
             "url": "https://attack.mitre.org/techniques/T1582",
             "deprecated": false
@@ -8024,6 +9021,7 @@ export const intel = {
             "stixId": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
             "name": "Disguise Root/Jailbreak Indicators",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1408",
             "url": "https://attack.mitre.org/techniques/T1408",
             "deprecated": true
@@ -8032,6 +9030,7 @@ export const intel = {
             "stixId": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
             "name": "Exfiltration Over Other Network Medium",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1438",
             "url": "https://attack.mitre.org/techniques/T1438",
             "deprecated": true
@@ -8040,6 +9039,7 @@ export const intel = {
             "stixId": "attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b",
             "name": "Detect App Analysis Environment",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1440",
             "url": "https://attack.mitre.org/techniques/T1440",
             "deprecated": true
@@ -8048,6 +9048,7 @@ export const intel = {
             "stixId": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
             "name": "Process Injection",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1631",
             "url": "https://attack.mitre.org/techniques/T1631",
             "deprecated": false
@@ -8056,6 +9057,7 @@ export const intel = {
             "stixId": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
             "name": "Malicious Software Development Tools",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1462",
             "url": "https://attack.mitre.org/techniques/T1462",
             "deprecated": true
@@ -8064,6 +9066,7 @@ export const intel = {
             "stixId": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
             "name": "Symmetric Cryptography",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1521.001",
             "url": "https://attack.mitre.org/techniques/T1521/001",
             "deprecated": false
@@ -8072,6 +9075,7 @@ export const intel = {
             "stixId": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
             "name": "Broadcast Receivers",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1402",
             "url": "https://attack.mitre.org/techniques/T1402",
             "deprecated": true
@@ -8080,6 +9084,7 @@ export const intel = {
             "stixId": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
             "name": "Compromise Hardware Supply Chain",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1474.002",
             "url": "https://attack.mitre.org/techniques/T1474/002",
             "deprecated": false
@@ -8088,6 +9093,7 @@ export const intel = {
             "stixId": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
             "name": "Clipboard Data",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1414",
             "url": "https://attack.mitre.org/techniques/T1414",
             "deprecated": false
@@ -8096,6 +9102,7 @@ export const intel = {
             "stixId": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0",
             "name": "Modify System Partition",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1400",
             "url": "https://attack.mitre.org/techniques/T1400",
             "deprecated": true
@@ -8104,6 +9111,7 @@ export const intel = {
             "stixId": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
             "name": "Data Manipulation",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1641",
             "url": "https://attack.mitre.org/techniques/T1641",
             "deprecated": false
@@ -8112,6 +9120,7 @@ export const intel = {
             "stixId": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
             "name": "SMS Messages",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1636.004",
             "url": "https://attack.mitre.org/techniques/T1636/004",
             "deprecated": false
@@ -8120,6 +9129,7 @@ export const intel = {
             "stixId": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
             "name": "Web Service",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1481",
             "url": "https://attack.mitre.org/techniques/T1481",
             "deprecated": false
@@ -8128,6 +9138,7 @@ export const intel = {
             "stixId": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
             "name": "System Runtime API Hijacking",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1625.001",
             "url": "https://attack.mitre.org/techniques/T1625/001",
             "deprecated": false
@@ -8136,6 +9147,7 @@ export const intel = {
             "stixId": "attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f",
             "name": "Exploit Baseband Vulnerability",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1455",
             "url": "https://attack.mitre.org/techniques/T1455",
             "deprecated": true
@@ -8144,6 +9156,7 @@ export const intel = {
             "stixId": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
             "name": "Credentials from Password Store",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1634",
             "url": "https://attack.mitre.org/techniques/T1634",
             "deprecated": false
@@ -8152,6 +9165,7 @@ export const intel = {
             "stixId": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
             "name": "Hooking",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1617",
             "url": "https://attack.mitre.org/techniques/T1617",
             "deprecated": false
@@ -8160,6 +9174,7 @@ export const intel = {
             "stixId": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
             "name": "Install Insecure or Malicious Configuration",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1478",
             "url": "https://attack.mitre.org/techniques/T1478",
             "deprecated": true
@@ -8168,6 +9183,7 @@ export const intel = {
             "stixId": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
             "name": "File and Directory Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1420",
             "url": "https://attack.mitre.org/techniques/T1420",
             "deprecated": false
@@ -8176,6 +9192,7 @@ export const intel = {
             "stixId": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
             "name": "Obfuscated Files or Information",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1406",
             "url": "https://attack.mitre.org/techniques/T1406",
             "deprecated": false
@@ -8184,6 +9201,7 @@ export const intel = {
             "stixId": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
             "name": "Input Injection",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1516",
             "url": "https://attack.mitre.org/techniques/T1516",
             "deprecated": false
@@ -8192,6 +9210,7 @@ export const intel = {
             "stixId": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
             "name": "Network Denial of Service",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1464",
             "url": "https://attack.mitre.org/techniques/T1464",
             "deprecated": false
@@ -8200,6 +9219,7 @@ export const intel = {
             "stixId": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
             "name": "Compromise Application Executable",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1577",
             "url": "https://attack.mitre.org/techniques/T1577",
             "deprecated": false
@@ -8208,6 +9228,7 @@ export const intel = {
             "stixId": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
             "name": "Event Triggered Execution",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1624",
             "url": "https://attack.mitre.org/techniques/T1624",
             "deprecated": false
@@ -8216,6 +9237,7 @@ export const intel = {
             "stixId": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
             "name": "System Network Configuration Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1422",
             "url": "https://attack.mitre.org/techniques/T1422",
             "deprecated": false
@@ -8224,6 +9246,7 @@ export const intel = {
             "stixId": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
             "name": "Manipulate Device Communication",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1463",
             "url": "https://attack.mitre.org/techniques/T1463",
             "deprecated": true
@@ -8232,6 +9255,7 @@ export const intel = {
             "stixId": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
             "name": "Video Capture",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1512",
             "url": "https://attack.mitre.org/techniques/T1512",
             "deprecated": false
@@ -8240,6 +9264,7 @@ export const intel = {
             "stixId": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
             "name": "One-Way Communication",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1481.003",
             "url": "https://attack.mitre.org/techniques/T1481/003",
             "deprecated": false
@@ -8248,6 +9273,7 @@ export const intel = {
             "stixId": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
             "name": "Deliver Malicious App via Authorized App Store",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1475",
             "url": "https://attack.mitre.org/techniques/T1475",
             "deprecated": true
@@ -8256,6 +9282,7 @@ export const intel = {
             "stixId": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
             "name": "Data Encrypted for Impact",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1471",
             "url": "https://attack.mitre.org/techniques/T1471",
             "deprecated": false
@@ -8264,6 +9291,7 @@ export const intel = {
             "stixId": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
             "name": "Prevent Application Removal",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1629.001",
             "url": "https://attack.mitre.org/techniques/T1629/001",
             "deprecated": false
@@ -8272,6 +9300,7 @@ export const intel = {
             "stixId": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
             "name": "System Network Connections Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1421",
             "url": "https://attack.mitre.org/techniques/T1421",
             "deprecated": false
@@ -8280,6 +9309,7 @@ export const intel = {
             "stixId": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
             "name": "Lockscreen Bypass",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1461",
             "url": "https://attack.mitre.org/techniques/T1461",
             "deprecated": false
@@ -8288,6 +9318,7 @@ export const intel = {
             "stixId": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
             "name": "Command-Line Interface",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1605",
             "url": "https://attack.mitre.org/techniques/T1605",
             "deprecated": true
@@ -8296,6 +9327,7 @@ export const intel = {
             "stixId": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
             "name": "Contact List",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1636.003",
             "url": "https://attack.mitre.org/techniques/T1636/003",
             "deprecated": false
@@ -8304,6 +9336,7 @@ export const intel = {
             "stixId": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
             "name": "Data from Local System",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1533",
             "url": "https://attack.mitre.org/techniques/T1533",
             "deprecated": false
@@ -8312,6 +9345,7 @@ export const intel = {
             "stixId": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
             "name": "Account Access Removal",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1640",
             "url": "https://attack.mitre.org/techniques/T1640",
             "deprecated": false
@@ -8320,6 +9354,7 @@ export const intel = {
             "stixId": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
             "name": "System Information Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1426",
             "url": "https://attack.mitre.org/techniques/T1426",
             "deprecated": false
@@ -8328,6 +9363,7 @@ export const intel = {
             "stixId": "attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9",
             "name": "Fake Developer Accounts",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1442",
             "url": "https://attack.mitre.org/techniques/T1442",
             "deprecated": true
@@ -8336,6 +9372,7 @@ export const intel = {
             "stixId": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
             "name": "Clipboard Modification",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1510",
             "url": "https://attack.mitre.org/techniques/T1510",
             "deprecated": true
@@ -8344,6 +9381,7 @@ export const intel = {
             "stixId": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
             "name": "Archive Collected Data",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1532",
             "url": "https://attack.mitre.org/techniques/T1532",
             "deprecated": false
@@ -8352,6 +9390,7 @@ export const intel = {
             "stixId": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
             "name": "Geofencing",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1627.001",
             "url": "https://attack.mitre.org/techniques/T1627/001",
             "deprecated": false
@@ -8360,6 +9399,7 @@ export const intel = {
             "stixId": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
             "name": "Network Information Discovery",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1507",
             "url": "https://attack.mitre.org/techniques/T1507",
             "deprecated": true
@@ -8368,6 +9408,7 @@ export const intel = {
             "stixId": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
             "name": "Capture SMS Messages",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1412",
             "url": "https://attack.mitre.org/techniques/T1412",
             "deprecated": true
@@ -8376,6 +9417,7 @@ export const intel = {
             "stixId": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
             "name": "Endpoint Denial of Service",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1642",
             "url": "https://attack.mitre.org/techniques/T1642",
             "deprecated": false
@@ -8384,6 +9426,7 @@ export const intel = {
             "stixId": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
             "name": "Out of Band Data",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1644",
             "url": "https://attack.mitre.org/techniques/T1644",
             "deprecated": false
@@ -8392,6 +9435,7 @@ export const intel = {
             "stixId": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
             "name": "Encrypted Channel",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1521",
             "url": "https://attack.mitre.org/techniques/T1521",
             "deprecated": false
@@ -8400,6 +9444,7 @@ export const intel = {
             "stixId": "attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884",
             "name": "Exploit TEE Vulnerability",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1405",
             "url": "https://attack.mitre.org/techniques/T1405",
             "deprecated": true
@@ -8408,6 +9453,7 @@ export const intel = {
             "stixId": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
             "name": "Suppress Application Icon",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1628.001",
             "url": "https://attack.mitre.org/techniques/T1628/001",
             "deprecated": false
@@ -8416,6 +9462,7 @@ export const intel = {
             "stixId": "attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468",
             "name": "Modify Trusted Execution Environment",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1399",
             "url": "https://attack.mitre.org/techniques/T1399",
             "deprecated": true
@@ -8424,6 +9471,7 @@ export const intel = {
             "stixId": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
             "name": "Device Unlock Code Guessing or Brute Force",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1459",
             "url": "https://attack.mitre.org/techniques/T1459",
             "deprecated": true
@@ -8432,6 +9480,7 @@ export const intel = {
             "stixId": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
             "name": "Downgrade to Insecure Protocols",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1466",
             "url": "https://attack.mitre.org/techniques/T1466",
             "deprecated": true
@@ -8440,6 +9489,7 @@ export const intel = {
             "stixId": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
             "name": "Generate Fraudulent Advertising Revenue",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1472",
             "url": "https://attack.mitre.org/techniques/T1472",
             "deprecated": true
@@ -8448,6 +9498,7 @@ export const intel = {
             "stixId": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
             "name": "Malicious or Vulnerable Built-in Device Functionality",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1473",
             "url": "https://attack.mitre.org/techniques/T1473",
             "deprecated": true
@@ -8456,6 +9507,7 @@ export const intel = {
             "stixId": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
             "name": "Steganography",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1406.001",
             "url": "https://attack.mitre.org/techniques/T1406/001",
             "deprecated": false
@@ -8464,6 +9516,7 @@ export const intel = {
             "stixId": "attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d",
             "name": "Exploit SS7 to Redirect Phone Calls/SMS",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1449",
             "url": "https://attack.mitre.org/techniques/T1449",
             "deprecated": true
@@ -8472,6 +9525,7 @@ export const intel = {
             "stixId": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
             "name": "Hide Artifacts",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1628",
             "url": "https://attack.mitre.org/techniques/T1628",
             "deprecated": false
@@ -8480,6 +9534,7 @@ export const intel = {
             "stixId": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
             "name": "Code Signing Policy Modification",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1632.001",
             "url": "https://attack.mitre.org/techniques/T1632/001",
             "deprecated": false
@@ -8488,6 +9543,7 @@ export const intel = {
             "stixId": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
             "name": "Domain Generation Algorithms",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1637.001",
             "url": "https://attack.mitre.org/techniques/T1637/001",
             "deprecated": false
@@ -8496,6 +9552,7 @@ export const intel = {
             "stixId": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
             "name": "Drive-By Compromise",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1456",
             "url": "https://attack.mitre.org/techniques/T1456",
             "deprecated": false
@@ -8504,6 +9561,7 @@ export const intel = {
             "stixId": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
             "name": "Suppress Application Icon",
             "type": "technique",
+            "matrix": "Mobile ATT&CK",
             "id": "T1508",
             "url": "https://attack.mitre.org/techniques/T1508",
             "deprecated": true

From 90cba643820e14a6f54415609b76ffe6fa360893 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 17 Aug 2023 18:44:19 -0400
Subject: [PATCH 08/18] add `id` field to `Property`

---
 .../BaseTypes/DiagramObjectModel.ts           |  2 +-
 .../Property/CollectionProperty.ts            |  5 +++-
 .../BlockDiagram/Property/DateProperty.ts     |  5 +++-
 .../Property/DictionaryProperty.ts            |  8 +++++--
 .../BlockDiagram/Property/EnumProperty.ts     |  8 +++++--
 .../BlockDiagram/Property/ListProperty.ts     | 22 ++++++++++-------
 .../BlockDiagram/Property/NumberProperty.ts   |  5 +++-
 .../scripts/BlockDiagram/Property/Property.ts | 24 ++++++++++++++-----
 .../BlockDiagram/Property/RootProperty.ts     |  5 +++-
 .../BlockDiagram/Property/StringProperty.ts   |  5 +++-
 .../PageCommands/CreateSubproperty.ts         | 16 ++++++-------
 11 files changed, 72 insertions(+), 33 deletions(-)

diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/DiagramModelTypes/BaseTypes/DiagramObjectModel.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/DiagramModelTypes/BaseTypes/DiagramObjectModel.ts
index fcc5e774..6e2208aa 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/DiagramModelTypes/BaseTypes/DiagramObjectModel.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/DiagramModelTypes/BaseTypes/DiagramObjectModel.ts
@@ -110,7 +110,7 @@ export abstract class DiagramObjectModel {
         this.boundingBox.yMid = values?.y ?? 0;
         // Value configuration
         this.props = new RootProperty(
-            this, template?.properties ?? {}, values?.properties
+            template.id, this, template?.properties ?? {}, values?.properties
         );
         if(values?.children) {
             for(let i = 0; i < values.children.length; i++) {
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/CollectionProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/CollectionProperty.ts
index 77f95380..dd3b5f42 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/CollectionProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/CollectionProperty.ts
@@ -23,16 +23,19 @@ export abstract class CollectionProperty extends Property {
 
     /**
      * Creates a new {@link CollectionProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
      *  The property's descriptor.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: CollectionPropertyDescriptor
     ) {
-        super(parent, descriptor);
+        super(id, parent, descriptor);
         this.descriptor = descriptor;
         this.value = new Map();
     }
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DateProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DateProperty.ts
index a0f77890..42ba63a6 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DateProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DateProperty.ts
@@ -20,6 +20,8 @@ export class DateProperty extends Property {
 
     /**
      * Creates a new {@link DateProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -28,11 +30,12 @@ export class DateProperty extends Property {
      *  The property's value.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: DatePropertyDescriptor,
         value?: any
     ) {
-        super(parent, descriptor);
+        super(id, parent, descriptor);
         this._value = null;
         this.descriptor = descriptor;
         // Resolve value
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DictionaryProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DictionaryProperty.ts
index 1e5bb1d9..4d68dcc8 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DictionaryProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/DictionaryProperty.ts
@@ -20,6 +20,8 @@ export class DictionaryProperty extends CollectionProperty {
 
     /**
      * Creates a new {@link DictionaryProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -28,11 +30,12 @@ export class DictionaryProperty extends CollectionProperty {
      *  The property's values.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: DictionaryPropertyDescriptor,
         values?: ListValue
     ) {
-        super(parent, descriptor);
+        super(id, parent, descriptor);
         this.descriptor = descriptor;
         this.primaryKey = null;
         // Configure values
@@ -47,7 +50,8 @@ export class DictionaryProperty extends CollectionProperty {
             } else {
                 val = values[key]
             }
-            let prop = Property.create(this, descriptor.form[key], val);
+            let pId = `${ id }.${ key }`;
+            let prop = Property.create(pId, this, descriptor.form[key], val);
             // Add property
             this.value.set(key, prop);
             // Configure primary key
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts
index e252f447..cda2122b 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/EnumProperty.ts
@@ -26,6 +26,8 @@ export class EnumProperty extends Property {
 
     /**
      * Creates a new {@link EnumProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -34,12 +36,14 @@ export class EnumProperty extends Property {
      *  The property's value.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: EnumPropertyDescriptor,
         value?: any
     ) {
-        super(parent, descriptor);
-        let options = Property.create(undefined, descriptor.options);
+        super(id, parent, descriptor);
+        let oId = `${ id }.options`;
+        let options = Property.create(oId, undefined, descriptor.options);
         this.descriptor = descriptor;
         this.options = options as ListProperty;
         this._value = null;
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts
index 5fd6a008..7dd94ed7 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts
@@ -17,6 +17,8 @@ export class ListProperty extends CollectionProperty {
 
     /**
      * Creates a new {@link ListProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -25,34 +27,38 @@ export class ListProperty extends CollectionProperty {
      *  The property's values.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: ListPropertyDescriptor,
         values?: RawEntries
     ) {
-        super(parent, descriptor);
+        super(id, parent, descriptor);
         this.descriptor = descriptor;
         // Configure values
         this.value = new Map();
         if(Array.isArray(values)) {
-            for(let [id, value] of values) {
+            for(let [vId, value] of values) {
                 // Create property
-                let prop = Property.create(this, descriptor.form, value);
+                let pId = `${ id }.${ vId }`;
+                let prop = Property.create(pId, this, descriptor.form, value);
                 // Add property
                 this.value.set(id, prop);
             }
         } else if(descriptor.value) {
             if(Array.isArray(descriptor.value)) {
-                for(let [id, value] of descriptor.value) {
+                for(let [vId, value] of descriptor.value) {
                     // Create property
-                    let prop = Property.create(this, descriptor.form, value);
+                    let pId = `${ id }.${ vId }`;
+                    let prop = Property.create(pId, this, descriptor.form, value);
                     // Add property
                     this.value.set(id, prop);
                 }
             } else {
-                for(let id in descriptor.value) {
+                for(let vId in descriptor.value) {
                     // Create property
                     let value = descriptor.value[id];
-                    let prop = Property.create(this, descriptor.form, value);
+                    let pId = `${ id }.${ vId }`;
+                    let prop = Property.create(pId, this, descriptor.form, value);
                     // Add property
                     this.value.set(id, prop);
                 }
@@ -119,7 +125,7 @@ export class ListProperty extends CollectionProperty {
      * @returns
      *  A randomly generated id.
      */
-    private getNextId() {
+    public getNextId() {
         let id = MD5(Crypto.randomUUID());
         while(this.value.has(id)) {
             id = MD5(Crypto.randomUUID());
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/NumberProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/NumberProperty.ts
index ec8c7bbe..0e7f8ac9 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/NumberProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/NumberProperty.ts
@@ -31,6 +31,8 @@ export class NumberProperty extends Property {
 
     /**
      * Creates a new {@link NumberProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -39,11 +41,12 @@ export class NumberProperty extends Property {
      *  The property's value.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: NumberPropertyDescriptor,
         value?: any
     ) {
-        super(parent, descriptor);
+        super(id, parent, descriptor);
         this.min = descriptor.min ?? -Infinity;
         this.max = descriptor.max ?? Infinity;
         this.descriptor = descriptor;
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/Property.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/Property.ts
index 9b13a16e..821777e9 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/Property.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/Property.ts
@@ -14,6 +14,11 @@ import {
 
 export abstract class Property {
 
+    /**
+     * The property's id.
+     */
+    public readonly id: string;
+
     /**
      * The property's type.
      */
@@ -52,15 +57,19 @@ export abstract class Property {
 
     /**
      * Creates a new {@link Property}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
      *  The property's descriptor.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: PropertyDescriptor
     ) {
+        this.id = id;
         this.type = descriptor.type;
         this.descriptor = descriptor;
         this.trigger = ref(0);
@@ -70,6 +79,8 @@ export abstract class Property {
 
     /**
      * Creates a new {@link Property}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -80,24 +91,25 @@ export abstract class Property {
      *  The {@link Property}.
      */
     public static create(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: PropertyDescriptor,
         values?: any
     ): Property {
         switch(descriptor.type) {
             case PropertyType.String:
-                return new StringProperty(parent, descriptor, values);
+                return new StringProperty(id, parent, descriptor, values);
             case PropertyType.Int:
             case PropertyType.Float:
-                return new NumberProperty(parent, descriptor, values);
+                return new NumberProperty(id, parent, descriptor, values);
             case PropertyType.Date:
-                return new DateProperty(parent, descriptor, values);
+                return new DateProperty(id, parent, descriptor, values);
             case PropertyType.Enum:
-                return new EnumProperty(parent, descriptor, values);
+                return new EnumProperty(id, parent, descriptor, values);
             case PropertyType.List:
-                return new ListProperty(parent, descriptor, values);
+                return new ListProperty(id, parent, descriptor, values);
             case PropertyType.Dictionary:
-                return new DictionaryProperty(parent, descriptor, values);
+                return new DictionaryProperty(id, parent, descriptor, values);
         }
     }
 
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/RootProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/RootProperty.ts
index 87a62369..ecaeb0cd 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/RootProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/RootProperty.ts
@@ -21,6 +21,8 @@ export class RootProperty extends DictionaryProperty {
 
     /**
      * Creates a new {@link RootProperty}.
+     * @param id
+     *  The property's id.
      * @param object
      *  The property's associated object.
      * @param descriptor
@@ -29,6 +31,7 @@ export class RootProperty extends DictionaryProperty {
      *  The property's values.
      */
     constructor(
+        id: string,
         object: DiagramObjectModel,
         descriptor: RootPropertyDescriptor,
         values?: any
@@ -37,7 +40,7 @@ export class RootProperty extends DictionaryProperty {
             type: PropertyType.Dictionary,
             form: descriptor
         }
-        super(undefined, dpd, values);
+        super(id, undefined, dpd, values);
         this.object = object;
     }
 
diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
index 82174963..2005341d 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/StringProperty.ts
@@ -25,6 +25,8 @@ export class StringProperty extends Property {
 
     /**
      * Creates a new {@link StringProperty}.
+     * @param id
+     *  The property's id.
      * @param parent
      *  The property's parent.
      * @param descriptor
@@ -33,11 +35,12 @@ export class StringProperty extends Property {
      *  The property's value.
      */
     constructor(
+        id: string,
         parent: CollectionProperty | undefined,
         descriptor: StringPropertyDescriptor,
         value?: any
     ) {
-        super(parent, descriptor);
+        super(id, parent, descriptor);
         this.descriptor = descriptor;
         this.suggestions = descriptor.suggestions ?? [];
         this._value = null;
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/CreateSubproperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/CreateSubproperty.ts
index e5ed44c5..ba945920 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/CreateSubproperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/CreateSubproperty.ts
@@ -6,12 +6,12 @@ export class CreateSubproperty extends PageCommand {
     /**
      * The property to modify.
      */
-    private _property: ListProperty;
+    public readonly property: ListProperty;
 
     /**
      * The subproperty's id.
      */
-    private _id: string | null;
+    private _id: string;
 
     /**
      * The subproperty.
@@ -30,9 +30,9 @@ export class CreateSubproperty extends PageCommand {
             throw new Error("Property does not have a root.")
         }
         super(root.object.root.id);
-        this._id = null;
-        this._property = property;
-        this._subproperty = Property.create(property, property.descriptor.form);
+        this.property = property;
+        this._id = property.getNextId();
+        this._subproperty = Property.create(this._id, property, property.descriptor.form);
     }
     
 
@@ -42,7 +42,7 @@ export class CreateSubproperty extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._id = this._property.addProperty(this._subproperty);
+        this.property.addProperty(this._subproperty, this._id);
         return true;
     }
 
@@ -50,9 +50,7 @@ export class CreateSubproperty extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        if(this._id) {
-            this._property.removeProperty(this._id);
-        }
+        this.property.removeProperty(this._id);
     }
 
 }

From cc8f1fa85e826232d0f288a2de2713868fa45c0f Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Fri, 18 Aug 2023 10:02:03 -0400
Subject: [PATCH 09/18] expose `Command` constructor fields, extend `Property`
 Commands from `SetProperty`

---
 .../Commands/PageCommands/AddLineObject.ts    | 44 +++++++++----------
 .../store/Commands/PageCommands/AddObject.ts  | 16 +++----
 .../Commands/PageCommands/AttachObject.ts     | 12 ++---
 .../PageCommands/CutSelectedChildren.ts       | 10 ++---
 .../PageCommands/DeleteSubproperty.ts         | 12 ++---
 .../Commands/PageCommands/DetachObject.ts     | 14 +++---
 .../Commands/PageCommands/GroupCommand.ts     | 16 +++----
 .../Commands/PageCommands/HoverObject.ts      |  8 ++--
 .../Commands/PageCommands/MoveObjectBy.ts     | 16 +++----
 .../Commands/PageCommands/MoveObjectTo.ts     | 32 +++++++-------
 .../Commands/PageCommands/PasteToObject.ts    |  8 ++--
 .../Commands/PageCommands/ReorderObject.ts    |  8 ++--
 .../Commands/PageCommands/SelectObject.ts     |  6 +--
 .../Commands/PageCommands/SetDateProperty.ts  | 28 +++++-------
 .../Commands/PageCommands/SetEnumProperty.ts  | 28 +++++-------
 .../PageCommands/SetNumberProperty.ts         | 28 +++++-------
 .../Commands/PageCommands/SetProperty.ts      | 26 +++++++++++
 .../PageCommands/SetStringProperty.ts         | 28 +++++-------
 .../Commands/PageCommands/UnhoverObject.ts    |  6 +--
 .../Commands/PageCommands/UnselectObject.ts   |  6 +--
 .../PageCommands/UserSetObjectPosition.ts     |  8 ++--
 21 files changed, 185 insertions(+), 175 deletions(-)
 create mode 100644 src/attack_flow_builder/src/store/Commands/PageCommands/SetProperty.ts

diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/AddLineObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/AddLineObject.ts
index dfbaedce..5ee1568a 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/AddLineObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/AddLineObject.ts
@@ -11,22 +11,22 @@ export class AddLineObject extends PageCommand {
     /**
      * The line object to add.
      */
-    private _object: DiagramLineModel;
+    public readonly object: DiagramLineModel;
 
     /**
      * The parent object.
      */
-    private _parent: DiagramObjectModel;
+    public readonly parent: DiagramObjectModel;
 
     /**
      * The line's source anchor.
      */
-    private _source: DiagramAnchorModel;
+    public readonly source: DiagramAnchorModel;
 
     /**
      * The line's target anchor.
      */
-    private _target: DiagramAnchorModel | undefined;
+    public readonly target: DiagramAnchorModel | undefined;
 
 
     /**
@@ -47,10 +47,10 @@ export class AddLineObject extends PageCommand {
         target?: DiagramAnchorModel
     ) {
         super(parent.root.id);
-        this._object = object;
-        this._parent = parent;
-        this._source = source;
-        this._target = target;
+        this.object = object;
+        this.parent = parent;
+        this.source = source;
+        this.target = target;
     }
     
 
@@ -61,16 +61,16 @@ export class AddLineObject extends PageCommand {
      */
     public execute(): boolean {
         // Add line
-        this._parent.addChild(this._object);
+        this.parent.addChild(this.object);
         // Connect source
-        let { xMid, yMid } = this._source.boundingBox;
-        this._object.srcEnding.moveTo(xMid, yMid);
-        this._source.addChild(this._object.srcEnding);
+        let { xMid, yMid } = this.source.boundingBox;
+        this.object.srcEnding.moveTo(xMid, yMid);
+        this.source.addChild(this.object.srcEnding);
         // Connect target
-        if(this._target) {
-            let { xMid, yMid } = this._target.boundingBox;
-            this._object.trgEnding.moveTo(xMid, yMid);
-            this._target.addChild(this._object.trgEnding);
+        if(this.target) {
+            let { xMid, yMid } = this.target.boundingBox;
+            this.object.trgEnding.moveTo(xMid, yMid);
+            this.target.addChild(this.object.trgEnding);
         }
         return true;
     }
@@ -79,16 +79,16 @@ export class AddLineObject extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._object.setHover(Hover.Off);
-        this._object.setSelect(Select.False);
+        this.object.setHover(Hover.Off);
+        this.object.setSelect(Select.False);
         // Disconnect source
-        this._source.removeChild(this._object.srcEnding);
+        this.source.removeChild(this.object.srcEnding);
         // Disconnect target
-        if(this._target) {
-            this._target.removeChild(this._object.trgEnding);
+        if(this.target) {
+            this.target.removeChild(this.object.trgEnding);
         }
         // Remove line
-        this._parent.removeChild(this._object);
+        this.parent.removeChild(this.object);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/AddObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/AddObject.ts
index 2bd8d7a6..2676348f 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/AddObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/AddObject.ts
@@ -6,12 +6,12 @@ export class AddObject extends PageCommand {
     /**
      * The object to add.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
     /**
      * The parent object.
      */
-    private _parent: DiagramObjectModel;
+    public readonly parent: DiagramObjectModel;
 
     
     /**
@@ -23,8 +23,8 @@ export class AddObject extends PageCommand {
      */
     constructor(object: DiagramObjectModel, parent: DiagramObjectModel) {
         super(parent.root.id);
-        this._object = object;
-        this._parent = parent;
+        this.object = object;
+        this.parent = parent;
     }
     
 
@@ -34,7 +34,7 @@ export class AddObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._parent.addChild(this._object);
+        this.parent.addChild(this.object);
         return true;
     }
 
@@ -42,11 +42,11 @@ export class AddObject extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._object.setHover(Hover.Off);
-        this._object.setSelect(Select.False);
+        this.object.setHover(Hover.Off);
+        this.object.setSelect(Select.False);
         // Skip check for external attachments. If object entered the diagram
         // with external attachments it should leave with them too.
-        this._parent.removeChild(this._object, true, false);
+        this.parent.removeChild(this.object, true, false);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/AttachObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/AttachObject.ts
index c41c6f75..94ee784b 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/AttachObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/AttachObject.ts
@@ -10,12 +10,12 @@ export class AttachObject extends PageCommand {
     /**
      * The object's anchor.
      */
-    private _anchor: DiagramAnchorModel;
+    public readonly anchor: DiagramAnchorModel;
     
     /**
      * The object.
      */
-    private _object: DiagramAnchorableModel;
+    public readonly object: DiagramAnchorableModel;
 
     
     /**
@@ -32,8 +32,8 @@ export class AttachObject extends PageCommand {
             );
         }
         super(anchor.root.id);
-        this._object = object;
-        this._anchor = anchor;
+        this.object = object;
+        this.anchor = anchor;
     }
     
 
@@ -43,7 +43,7 @@ export class AttachObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._anchor.addChild(this._object);
+        this.anchor.addChild(this.object);
         return true;
     }
 
@@ -51,7 +51,7 @@ export class AttachObject extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._anchor.removeChild(this._object);
+        this.anchor.removeChild(this.object);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/CutSelectedChildren.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/CutSelectedChildren.ts
index 5bc5f2ed..6b7b6782 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/CutSelectedChildren.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/CutSelectedChildren.ts
@@ -8,12 +8,12 @@ export class CutSelectedChildren extends GroupCommand {
     /**
      * The application context.
      */
-    private _context: ApplicationStore
+    public readonly context: ApplicationStore
 
     /**
      * The objects to add to the clipboard.
      */
-    private _objects: DiagramObjectModel[];
+    public readonly objects: DiagramObjectModel[];
 
 
     /**
@@ -25,11 +25,11 @@ export class CutSelectedChildren extends GroupCommand {
      */
     constructor(context: ApplicationStore, object: DiagramObjectModel) {
         super();
-        this._context = context;
+        this.context = context;
         // Get selected children
         let objects = object.children.filter(c => c.isSelected());
         // Clone selection
-        this._objects = object.factory.cloneObjects(...objects);
+        this.objects = object.factory.cloneObjects(...objects);
         // Remove selected children
         this.add(new RemoveSelectedChildren(object));
     }
@@ -42,7 +42,7 @@ export class CutSelectedChildren extends GroupCommand {
      */
     public override execute(): boolean {
         // Set the clipboard
-        this._context.clipboard = this._objects;
+        this.context.clipboard = this.objects;
         // Remove the selected children
         return super.execute();
     }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/DeleteSubproperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/DeleteSubproperty.ts
index c78b5057..52cb79c5 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/DeleteSubproperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/DeleteSubproperty.ts
@@ -6,12 +6,12 @@ export class DeleteSubproperty extends PageCommand {
     /**
      * The property to modify.
      */
-    private _property: ListProperty;
+    public readonly property: ListProperty;
 
     /**
      * The subproperty's id.
      */
-    private _id: string;
+    public readonly id: string;
 
     /**
      * The subproperty.
@@ -41,9 +41,9 @@ export class DeleteSubproperty extends PageCommand {
             throw new Error(`Subproperty '${ id }' does not exist.`);
         }
         super(root.object.root.id);
-        this._id = id;
+        this.id = id;
         this._index = property.indexOf(id);
-        this._property = property;
+        this.property = property;
         this._subproperty = subproperty;
     }
     
@@ -54,7 +54,7 @@ export class DeleteSubproperty extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._property.removeProperty(this._id);
+        this.property.removeProperty(this.id);
         return true;
     }
 
@@ -62,7 +62,7 @@ export class DeleteSubproperty extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._property.addProperty(this._subproperty, this._id, this._index);
+        this.property.addProperty(this._subproperty, this.id, this._index);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/DetachObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/DetachObject.ts
index 4ed05767..c6bf49e5 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/DetachObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/DetachObject.ts
@@ -8,14 +8,14 @@ import {
 export class DetachObject extends PageCommand {
     
     /**
-     * The object's anchor.
+     * The object.
      */
-    private _anchor: DiagramAnchorModel;
+    public readonly object: DiagramAnchorableModel;
 
     /**
-     * The object.
+     * The object's anchor.
      */
-    private _object: DiagramAnchorableModel;
+    private _anchor: DiagramAnchorModel;
 
     /**
      * The object's location in its anchor.
@@ -35,7 +35,7 @@ export class DetachObject extends PageCommand {
             );
         }
         super(object.root.id);
-        this._object = object;
+        this.object = object;
         this._anchor = object.anchor!;
         this._index = object.getIndexInAnchor();
     }
@@ -47,7 +47,7 @@ export class DetachObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._anchor.removeChild(this._object);
+        this._anchor.removeChild(this.object);
         return true;
     }
 
@@ -55,7 +55,7 @@ export class DetachObject extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._anchor.addChild(this._object, this._index);
+        this._anchor.addChild(this.object, this._index);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/GroupCommand.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/GroupCommand.ts
index d8ae4b16..16eae6ef 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/GroupCommand.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/GroupCommand.ts
@@ -6,7 +6,7 @@ export class GroupCommand extends PageCommand {
     /**
      * The list of commands in order of application.
      */
-    private _commands: PageCommand[];
+    public readonly commands: ReadonlyArray<PageCommand>;
     
 
     /**
@@ -14,7 +14,7 @@ export class GroupCommand extends PageCommand {
      */
     constructor() {
         super(PageCommand.NullPage);
-        this._commands = [];
+        this.commands = [];
     }
     
 
@@ -30,7 +30,7 @@ export class GroupCommand extends PageCommand {
             );
         }
         this.page = command.page;
-        this._commands.push(command);
+        (this.commands as PageCommand[]).push(command);
     }
 
     /**
@@ -40,17 +40,17 @@ export class GroupCommand extends PageCommand {
      */
     public execute(): boolean {
         let i = 0;
-        let l = this._commands.length;
+        let l = this.commands.length;
         let record = false;
         try {
             for(; i < l; i++) {
-                let r = this._commands[i].execute();;
+                let r = this.commands[i].execute();;
                 record ||= r;
             }
         } catch (ex) {
             // Rollback on failure
             for(i--; 0 <= i; i--) {
-                this._commands[i].undo();
+                this.commands[i].undo();
             }
             throw ex;
         }
@@ -61,9 +61,9 @@ export class GroupCommand extends PageCommand {
      * Reverts the set of commands.
      */
     public undo() {
-        let l = this._commands.length - 1;
+        let l = this.commands.length - 1;
         for(let i = l; 0 <= i; i--) {
-            this._commands[i].undo();
+            this.commands[i].undo();
         }
     }
 
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/HoverObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/HoverObject.ts
index 9882766b..18c8c1e7 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/HoverObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/HoverObject.ts
@@ -6,7 +6,7 @@ export class HoverObject extends PageCommand {
     /**
      * The object to hover.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
 
     /**
@@ -16,7 +16,7 @@ export class HoverObject extends PageCommand {
      */
     constructor(object: DiagramObjectModel) {
         super(object.root.id);
-        this._object = object;
+        this.object = object;
     }
     
 
@@ -27,9 +27,9 @@ export class HoverObject extends PageCommand {
      */
     public execute(): boolean {
         // Directly hover object
-        this._object.setHover(Hover.Direct);
+        this.object.setHover(Hover.Direct);
         // Indirectly hover object's parents
-        let p = this._object.parent;
+        let p = this.object.parent;
         while(p) {
             p.setHover(Hover.Indirect);
             p = p.parent;
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectBy.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectBy.ts
index 81598bba..19d65126 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectBy.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectBy.ts
@@ -6,17 +6,17 @@ export class MoveObjectBy extends PageCommand {
     /**
      * The object.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
     
     /**
      * The object's change in x.
      */
-    private _dx: number;
+    public readonly dx: number;
 
     /**
      * The object's change in y.
      */
-    private _dy: number;
+    public readonly dy: number;
 
 
     /**
@@ -30,9 +30,9 @@ export class MoveObjectBy extends PageCommand {
      */
     constructor(object: DiagramObjectModel, dx: number, dy: number) {
         super(object.root.id);
-        this._object = object;
-        this._dx = dx;
-        this._dy = dy;
+        this.object = object;
+        this.dx = dx;
+        this.dy = dy;
     }
 
     
@@ -42,7 +42,7 @@ export class MoveObjectBy extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._object.moveBy(this._dx, this._dy);
+        this.object.moveBy(this.dx, this.dy);
         return true;
     }
 
@@ -50,7 +50,7 @@ export class MoveObjectBy extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._object.moveBy(-this._dx, -this._dy);
+        this.object.moveBy(-this.dx, -this.dy);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectTo.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectTo.ts
index d083d758..bf4bbae2 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectTo.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/MoveObjectTo.ts
@@ -6,27 +6,27 @@ export class MoveObjectTo extends PageCommand {
     /**
      * The object.
      */
-    private _object: DiagramObjectModel;
-    
+    public readonly object: DiagramObjectModel;
+
     /**
-     * The object's last x coordinate.
+     * The object's next x coordinate. 
      */
-    private _lx: number;
+    public readonly nx: number;
 
     /**
-     * The object's last y coordinate.
+     * The object's next y coordinate.
      */
-    private _ly: number;
-
+    public readonly ny: number;
+    
     /**
-     * The object's next x coordinate. 
+     * The object's last x coordinate.
      */
-    private _nx: number;
+    private _lx: number;
 
     /**
-     * The object's next y coordinate.
+     * The object's last y coordinate.
      */
-    private _ny: number;
+    private _ly: number;
 
 
     /**
@@ -40,11 +40,11 @@ export class MoveObjectTo extends PageCommand {
      */
     constructor(object: DiagramObjectModel, x: number, y: number) {
         super(object.root.id);
-        this._object = object;
+        this.object = object;
         this._lx = object.boundingBox.xMid;
         this._ly = object.boundingBox.yMid;
-        this._nx = x;
-        this._ny = y;
+        this.nx = x;
+        this.ny = y;
     }
 
 
@@ -54,7 +54,7 @@ export class MoveObjectTo extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._object.moveTo(this._nx, this._ny);
+        this.object.moveTo(this.nx, this.ny);
         return true;
     }
 
@@ -62,7 +62,7 @@ export class MoveObjectTo extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._object.moveTo(this._lx, this._ly);
+        this.object.moveTo(this._lx, this._ly);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/PasteToObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/PasteToObject.ts
index b7b2af09..73050d85 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/PasteToObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/PasteToObject.ts
@@ -9,7 +9,7 @@ export class PasteToObject extends GroupCommand {
     /**
      * The application context.
      */
-    private _context: ApplicationStore;
+    public readonly context: ApplicationStore;
 
 
     /**
@@ -21,7 +21,7 @@ export class PasteToObject extends GroupCommand {
      */
     constructor(context: ApplicationStore, object: DiagramObjectModel) {
         super();
-        this._context = context;
+        this.context = context;
         // Clear the object's current selection
         this.add(new UnselectDescendants(object));
         // Copy the clipboard
@@ -42,8 +42,8 @@ export class PasteToObject extends GroupCommand {
      */
     public override execute(): boolean {
         // Offset the clipboard
-        let o = this._context.settings.edit.clone_offset;
-        for(let obj of this._context.clipboard) {
+        let o = this.context.settings.edit.clone_offset;
+        for(let obj of this.context.clipboard) {
             obj.moveBy(o[0], o[1]);
         }
         // Paste the clipboard
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/ReorderObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/ReorderObject.ts
index 8f0db1df..d779194c 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/ReorderObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/ReorderObject.ts
@@ -9,7 +9,7 @@ export class ReorderObject extends PageCommand {
     /**
      * The object to reorder.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
     /**
      * The object's parent.
@@ -41,7 +41,7 @@ export class ReorderObject extends PageCommand {
             );
         }
         super(object.root.id);
-        this._object = object;
+        this.object = object;
         this._parent = object.parent;
         this._prevIndex = object.getIndexInParent();
         switch(order) {
@@ -67,7 +67,7 @@ export class ReorderObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._parent.reorderChild(this._object.id, this._nextIndex);
+        this._parent.reorderChild(this.object.id, this._nextIndex);
         return true;
     }
 
@@ -75,7 +75,7 @@ export class ReorderObject extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._parent.reorderChild(this._object.id, this._prevIndex);
+        this._parent.reorderChild(this.object.id, this._prevIndex);
     }
     
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SelectObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SelectObject.ts
index 9f63cc0d..461ac76a 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/SelectObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SelectObject.ts
@@ -6,7 +6,7 @@ export class SelectObject extends PageCommand {
     /**
      * The object to select.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
 
     /**
@@ -16,7 +16,7 @@ export class SelectObject extends PageCommand {
      */
     constructor(object: DiagramObjectModel) {
         super(object.root.id);
-        this._object = object;
+        this.object = object;
     }
     
 
@@ -26,7 +26,7 @@ export class SelectObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._object.setSelect(Select.True)
+        this.object.setSelect(Select.True)
         return false;
     }
 
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SetDateProperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SetDateProperty.ts
index aab4a415..50b00491 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/SetDateProperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SetDateProperty.ts
@@ -1,22 +1,22 @@
-import { PageCommand } from "../PageCommand";
+import { SetProperty } from "./SetProperty";
 import { DateProperty } from "@/assets/scripts/BlockDiagram";
 
-export class SetDateProperty extends PageCommand {
+export class SetDateProperty extends SetProperty {
 
     /**
      * The property to modify.
      */
-    private _property: DateProperty;
+    public override readonly property: DateProperty;
 
     /**
-     * The property's current value.
+     * The property's new value.
      */
-    private _lastValue: Date | null;
+    public readonly nextValue: Date | null;
 
     /**
-     * The property's new value.
+     * The property's current value.
      */
-    private _nextValue: Date | null;
+    private _lastValue: Date | null;
 
 
     /**
@@ -28,14 +28,10 @@ export class SetDateProperty extends PageCommand {
      */
     constructor(property: DateProperty, value: Date | null) {
         let lv = property.toRawValue();
-        let root = property.root;
-        if(!root) {
-            throw new Error("Property does not have a root.")
-        }
-        super(root.object.root.id);
-        this._property = property;
+        super(property);
+        this.property = property;
         this._lastValue = lv !== null ? new Date(lv) : lv;
-        this._nextValue = value;
+        this.nextValue = value;
     }
     
 
@@ -45,7 +41,7 @@ export class SetDateProperty extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._property.setValue(this._nextValue);
+        this.property.setValue(this.nextValue);
         return true;
     }
 
@@ -53,7 +49,7 @@ export class SetDateProperty extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._property.setValue(this._lastValue);
+        this.property.setValue(this._lastValue);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SetEnumProperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SetEnumProperty.ts
index 8a5b8d0c..d3770d44 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/SetEnumProperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SetEnumProperty.ts
@@ -1,22 +1,22 @@
-import { PageCommand } from "../PageCommand";
+import { SetProperty } from "./SetProperty";
 import { EnumProperty } from "@/assets/scripts/BlockDiagram";
 
-export class SetEnumProperty extends PageCommand {
+export class SetEnumProperty extends SetProperty {
 
     /**
      * The property to modify.
      */
-    private _property: EnumProperty;
+    public override readonly property: EnumProperty;
 
     /**
-     * The property's current value.
+     * The property's new value.
      */
-    private _lastValue: string | null;
+    public readonly nextValue: string | null;
 
     /**
-     * The property's new value.
+     * The property's current value.
      */
-    private _nextValue: string | null;
+    private _lastValue: string | null;
 
 
     /**
@@ -27,14 +27,10 @@ export class SetEnumProperty extends PageCommand {
      *  The property's new value.
      */
     constructor(property: EnumProperty, value: string) {
-        let root = property.root;
-        if(!root) {
-            throw new Error("Property does not have a root.")
-        }
-        super(root.object.root.id);
-        this._property = property;
+        super(property);
+        this.property = property;
         this._lastValue = property.toRawValue();
-        this._nextValue = value;
+        this.nextValue = value;
     }
     
 
@@ -44,7 +40,7 @@ export class SetEnumProperty extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._property.setValue(this._nextValue);
+        this.property.setValue(this.nextValue);
         return true;
     }
 
@@ -52,7 +48,7 @@ export class SetEnumProperty extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._property.setValue(this._lastValue);
+        this.property.setValue(this._lastValue);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SetNumberProperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SetNumberProperty.ts
index 2c27723f..f3b8ee7f 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/SetNumberProperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SetNumberProperty.ts
@@ -1,22 +1,22 @@
-import { PageCommand } from "../PageCommand";
+import { SetProperty } from "./SetProperty";
 import { NumberProperty } from "@/assets/scripts/BlockDiagram";
 
-export class SetNumberProperty extends PageCommand {
+export class SetNumberProperty extends SetProperty {
 
     /**
      * The property to modify.
      */
-    private _property: NumberProperty;
+    public override readonly property: NumberProperty;
 
     /**
-     * The property's current value.
+     * The property's new value.
      */
-    private _lastValue: number | null;
+    public readonly nextValue: number | null;
 
     /**
-     * The property's new value.
+     * The property's current value.
      */
-    private _nextValue: number | null;
+    private _lastValue: number | null;
 
 
     /**
@@ -27,14 +27,10 @@ export class SetNumberProperty extends PageCommand {
      *  The property's new value.
      */
     constructor(property: NumberProperty, value: number | null) {
-        let root = property.root;
-        if(!root) {
-            throw new Error("Property does not have a root.")
-        }
-        super(root.object.root.id);
-        this._property = property;
+        super(property);
+        this.property = property;
         this._lastValue = property.toRawValue();
-        this._nextValue = value;
+        this.nextValue = value;
     }
     
 
@@ -44,7 +40,7 @@ export class SetNumberProperty extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._property.setValue(this._nextValue);
+        this.property.setValue(this.nextValue);
         return true;
     }
 
@@ -52,7 +48,7 @@ export class SetNumberProperty extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._property.setValue(this._lastValue);
+        this.property.setValue(this._lastValue);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SetProperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SetProperty.ts
new file mode 100644
index 00000000..b5e1f889
--- /dev/null
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SetProperty.ts
@@ -0,0 +1,26 @@
+import { Property } from "@/assets/scripts/BlockDiagram";
+import { PageCommand } from "../PageCommand";
+
+export abstract class SetProperty extends PageCommand {
+
+    /**
+     * The property to modify.
+     */
+    public property: Property;
+
+
+    /**
+     * Sets a property's value.
+     * @param property
+     *  The property.
+     */
+    constructor(property: Property) {
+        let root = property.root;
+        if(!root) {
+            throw new Error("Property does not have a root.")
+        }
+        super(root.object.root.id);
+        this.property = property;
+    }
+
+}
\ No newline at end of file
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts
index 8cb9ff17..2a3c34fa 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/SetStringProperty.ts
@@ -1,22 +1,22 @@
-import { PageCommand } from "../PageCommand";
+import { SetProperty } from "./SetProperty";
 import { StringProperty } from "@/assets/scripts/BlockDiagram";
 
-export class SetStringProperty extends PageCommand {
+export class SetStringProperty extends SetProperty {
 
     /**
      * The property to modify.
      */
-    private _property: StringProperty;
+    public override readonly property: StringProperty;
 
     /**
-     * The property's current value.
+     * The property's new value.
      */
-    private _lastValue: string | null;
+    public readonly nextValue: string | null;
 
     /**
-     * The property's new value.
+     * The property's current value.
      */
-    private _nextValue: string | null;
+    private _lastValue: string | null;
 
 
     /**
@@ -27,14 +27,10 @@ export class SetStringProperty extends PageCommand {
      *  The property's new value.
      */
     constructor(property: StringProperty, value: string | null) {
-        let root = property.root;
-        if(!root) {
-            throw new Error("Property does not have a root.")
-        }
-        super(root.object.root.id);
-        this._property = property;
+        super(property);
+        this.property = property;
         this._lastValue = property.toRawValue();
-        this._nextValue = value;
+        this.nextValue = value;
     }
     
 
@@ -44,7 +40,7 @@ export class SetStringProperty extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._property.setValue(this._nextValue);
+        this.property.setValue(this.nextValue);
         return true;
     }
 
@@ -52,7 +48,7 @@ export class SetStringProperty extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._property.setValue(this._lastValue);
+        this.property.setValue(this._lastValue);
     }
 
 }
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/UnhoverObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/UnhoverObject.ts
index c1913d38..8ac35c34 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/UnhoverObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/UnhoverObject.ts
@@ -6,7 +6,7 @@ export class UnhoverObject extends PageCommand {
     /**
      * The object to un-hover.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
 
     /**
@@ -16,7 +16,7 @@ export class UnhoverObject extends PageCommand {
      */
     constructor(object: DiagramObjectModel) {
         super(object.root.id);
-        this._object = object;
+        this.object = object;
     }
     
 
@@ -26,7 +26,7 @@ export class UnhoverObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        let p: DiagramObjectModel | undefined = this._object;
+        let p: DiagramObjectModel | undefined = this.object;
         while(p) {
             p.setHover(Hover.Off);
             p = p.parent;
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/UnselectObject.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/UnselectObject.ts
index e8af556f..472332c1 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/UnselectObject.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/UnselectObject.ts
@@ -6,7 +6,7 @@ export class UnselectObject extends PageCommand {
     /**
      * The object to unselect.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
 
     /**
@@ -16,7 +16,7 @@ export class UnselectObject extends PageCommand {
      */
     constructor(object: DiagramObjectModel) {
         super(object.root.id);
-        this._object = object;
+        this.object = object;
     }
     
 
@@ -26,7 +26,7 @@ export class UnselectObject extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._object.setSelect(Select.False);
+        this.object.setSelect(Select.False);
         return false;
     }
 
diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/UserSetObjectPosition.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/UserSetObjectPosition.ts
index f80c0554..281e3163 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/UserSetObjectPosition.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/UserSetObjectPosition.ts
@@ -6,7 +6,7 @@ export class UserSetObjectPosition extends PageCommand {
     /**
      * The object.
      */
-    private _object: DiagramObjectModel;
+    public readonly object: DiagramObjectModel;
 
 
     /**
@@ -16,7 +16,7 @@ export class UserSetObjectPosition extends PageCommand {
      */
     constructor(object: DiagramObjectModel) {
         super(object.root.id);
-        this._object = object;
+        this.object = object;
     }
     
 
@@ -26,7 +26,7 @@ export class UserSetObjectPosition extends PageCommand {
      *  True if the command should be recorded, false otherwise.
      */
     public execute(): boolean {
-        this._object.setPositionSetByUser(PositionSetByUser.True);
+        this.object.setPositionSetByUser(PositionSetByUser.True);
         return true;
     }
 
@@ -34,7 +34,7 @@ export class UserSetObjectPosition extends PageCommand {
      * Undoes the page command.
      */
     public undo() {
-        this._object.setPositionSetByUser(PositionSetByUser.False);
+        this.object.setPositionSetByUser(PositionSetByUser.False);
     }
 
 }

From f86443de3426b2baf40039e321c6212c5a02d848 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Fri, 18 Aug 2023 10:06:58 -0400
Subject: [PATCH 10/18] add processor construct

---
 .../DiagramProcessor/DiagramProcessor.ts      | 33 +++++++++++++++++++
 .../src/store/StoreTypes.ts                   |  5 ++-
 .../src/store/Stores/ApplicationStore.ts      | 18 ++++++++--
 3 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 src/attack_flow_builder/src/assets/scripts/DiagramProcessor/DiagramProcessor.ts

diff --git a/src/attack_flow_builder/src/assets/scripts/DiagramProcessor/DiagramProcessor.ts b/src/attack_flow_builder/src/assets/scripts/DiagramProcessor/DiagramProcessor.ts
new file mode 100644
index 00000000..127c15e6
--- /dev/null
+++ b/src/attack_flow_builder/src/assets/scripts/DiagramProcessor/DiagramProcessor.ts
@@ -0,0 +1,33 @@
+import { PageCommand } from "@/store/Commands/PageCommand";
+
+export class DiagramProcessor {
+
+    /**
+     * Processes a page command from the application.
+     * 
+     * @remarks
+     * This function is invoked any time the interface attempts to issue a
+     * command to a Page. This function allows commands to be intercepted and
+     * modified according to the needs of the application. 
+     * 
+     * For example:
+     *  - To ignore a command, return an empty array.
+     *  - To execute a command, return an array consisting of the command.
+     *  - To replace a command with an alternate set of commands, return an
+     *    array consisting of those alternate commands. 
+     *  - To execute the command along with a series of others, return an array
+     *    consisting of all the commands.
+     *  - etc.
+     * 
+     * Commands are executed in the order they're listed.
+     * 
+     * @param command
+     *  The incoming command.
+     * @returns
+     *  The processed set of commands.
+     */
+    public process(command: PageCommand): PageCommand[] {
+        return [command];
+    };
+
+}
diff --git a/src/attack_flow_builder/src/store/StoreTypes.ts b/src/attack_flow_builder/src/store/StoreTypes.ts
index 05f65ac4..28a990a9 100644
--- a/src/attack_flow_builder/src/store/StoreTypes.ts
+++ b/src/attack_flow_builder/src/store/StoreTypes.ts
@@ -1,6 +1,7 @@
 import { PageEditor } from "@/store/PageEditor"
 import { DiagramValidator } from "@/assets/scripts/DiagramValidator/DiagramValidator"
 import { DiagramPublisher } from "@/assets/scripts/DiagramPublisher/DiagramPublisher"
+import { DiagramProcessor } from "@/assets/scripts/DiagramProcessor/DiagramProcessor"
 import { PageRecoveryBank } from "./PageRecoveryBank"
 import { BlockDiagramSchema } from "@/assets/scripts/BlockDiagram/DiagramFactory"
 import { DiagramObjectModel } from "@/assets/scripts/BlockDiagram"
@@ -27,6 +28,7 @@ export type ModuleStore = {
 export type ApplicationStore = {
     settings: AppSettings,
     clipboard: DiagramObjectModel[],
+    processor: DiagramProcessor | undefined,
     publisher: DiagramPublisher | undefined,
     activePage: PageEditor,
     recoveryBank: PageRecoveryBank
@@ -251,7 +253,8 @@ export type AppConfiguration = {
         }
     },
     validator?: typeof DiagramValidator,
-    publisher?: typeof DiagramPublisher
+    publisher?: typeof DiagramPublisher,
+    processor?: typeof DiagramProcessor
 }
 
 
diff --git a/src/attack_flow_builder/src/store/Stores/ApplicationStore.ts b/src/attack_flow_builder/src/store/Stores/ApplicationStore.ts
index 8740d06d..258a3543 100644
--- a/src/attack_flow_builder/src/store/Stores/ApplicationStore.ts
+++ b/src/attack_flow_builder/src/store/Stores/ApplicationStore.ts
@@ -11,12 +11,16 @@ import { ModuleStore, ApplicationStore, BaseAppSettings } from "@/store/StoreTyp
 const Publisher = Configuration.publisher ? 
     new Configuration.publisher() : undefined;
 
+const Processor = Configuration.processor ?
+    new Configuration.processor() : undefined;
+
 export default {
     namespaced: true,
     state: {
         settings: BaseAppSettings,
         clipboard: [],
         publisher: Publisher,
+        processor: Processor,
         activePage: PageEditor.createDummy(),
         recoveryBank: new PageRecoveryBank()
     },
@@ -140,9 +144,17 @@ export default {
                 if(command.page === PageCommand.NullPage)
                     return;
                 // Execute command
-                if(state.activePage.execute(command)) {
-                    // If the command was recorded to the page's undo history,
-                    // store all progress in the recovery bank.
+                let wasRecorded = true;
+                if(state.processor) {
+                    for(let cmd of state.processor.process(command)) {
+                        wasRecorded &&= state.activePage.execute(cmd);
+                    }
+                } else {
+                    wasRecorded &&= state.activePage.execute(command);
+                }
+                if(wasRecorded) {
+                    // If any commands were recorded to the page's undo
+                    // history, store all progress in the recovery bank.
                     state.recoveryBank.storeEditor(state.activePage);
                 };
             } else {

From f6427808d56015a1c5fd169c89884350712448c5 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Fri, 18 Aug 2023 10:07:50 -0400
Subject: [PATCH 11/18] add autofill processor

---
 .../src/assets/builder.config.processor.ts    | 190 ++++++++++++++++++
 .../src/assets/builder.config.ts              |   4 +-
 2 files changed, 193 insertions(+), 1 deletion(-)
 create mode 100644 src/attack_flow_builder/src/assets/builder.config.processor.ts

diff --git a/src/attack_flow_builder/src/assets/builder.config.processor.ts b/src/attack_flow_builder/src/assets/builder.config.processor.ts
new file mode 100644
index 00000000..d060234f
--- /dev/null
+++ b/src/attack_flow_builder/src/assets/builder.config.processor.ts
@@ -0,0 +1,190 @@
+import intel from "./builder.config.intel";
+import { PageCommand } from "@/store/Commands/PageCommand";
+import { StringProperty } from "./scripts/BlockDiagram";
+import { DiagramProcessor } from "./scripts/DiagramProcessor/DiagramProcessor";
+import { GroupCommand, SetStringProperty } from "@/store/Commands/PageCommands";
+
+
+///////////////////////////////////////////////////////////////////////////////
+//  Attack Flow Processor  ////////////////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+
+
+class AttackFlowProcessor extends DiagramProcessor {
+
+    /**
+     * The application's tactic recommendations.
+     */
+    private static TacticRecs = new Set<string>(intel.tactic_recs);
+
+    /**
+     * The application's tactic names.
+     */
+    private static TacticNames = new Set<string>(intel.tactics.map(o => o.name));
+
+    /**
+     * The application's techniques recommendations.
+     */
+    private static TechniqueRecs = new Set<string>(intel.technique_recs);
+
+    /**
+     * The application's technique names.
+     */
+    private static TechniqueNames = new Set<string>(intel.technique.map(o => o.name));
+
+
+    /**
+     * Creates a new {@link AttackFlowProcessor}.
+     */
+    constructor() {
+        super();
+    }
+
+
+    /**
+     * Processes a page command from the application.
+     * 
+     * @remarks
+     * This function is invoked any time the interface attempts to issue a
+     * command to a Page. This function allows commands to be intercepted and
+     * modified according to the needs of the application. 
+     * 
+     * For example:
+     *  - To ignore a command, return an empty array.
+     *  - To execute a command, return an array consisting of the command.
+     *  - To replace a command with an alternate set of commands, return an
+     *    array consisting of those alternate commands instead. 
+     *  - To execute the command along with a series of others, return an array
+     *    consisting of all the commands.
+     *  - etc.
+     * 
+     * Commands are executed in the order listed.
+     * 
+     * @param command
+     *  The incoming command.
+     * @returns
+     *  The processed set of commands.
+     */
+    public override process(command: PageCommand): PageCommand[] {
+        // Modify commands that edit tactic or technique properties
+        if(command instanceof SetStringProperty) {
+            switch(command.property.id) {
+                case "action.tactic_id":
+                    return this.autofillFromTactic(command);
+                case "action.technique_id":
+                    return this.autofillFromTechnique(command);
+                default:
+                    break;
+            }
+        }
+        // Pass all other commands through
+        return [command];
+    }
+
+    /**
+     * Autofills auxillary properties using a tactic property's value.
+     * @param command
+     *  The "set tactic" command.
+     * @returns
+     *  The processed set of commands.
+     */
+    private autofillFromTactic(command: SetStringProperty): PageCommand[] {
+        let property = command.property;
+        let value = command.nextValue;
+        
+        // If value matches tactic recommendation exactly...
+        if(value !== null && AttackFlowProcessor.TacticRecs.has(value)) {
+
+            let cmd = new GroupCommand();
+            cmd.add(command);
+
+            // Resolve tactic ID
+            let tacticId = /TA[0-9]{4}/i.exec(value);
+            if(tacticId === null) {
+                throw new Error("Tactic ID could not be resolved from text.");
+            }
+
+            // Resolve tactic
+            let tactic = intel.tactics.find(o => o.id === tacticId![0])!;
+            if(!tactic) {
+                throw new Error(`Could not resolve tactic '${ tacticId }'.`);
+            }
+
+            // Autofill
+            let rootProps = property.root!.value;
+            let nameProp = rootProps.get("name")! as StringProperty;
+            let tacticRefProp = rootProps.get("tactic_ref")! as StringProperty;
+
+            // Autofill name ONLY if empty or matches another autofilled tactic name
+            let nameValue = nameProp.toRawValue();
+            if(!nameValue || AttackFlowProcessor.TacticNames.has(nameValue)) {
+                cmd.add(new SetStringProperty(nameProp, tactic.name));
+            }
+
+            // Autofill tactic reference property
+            cmd.add(new SetStringProperty(tacticRefProp, tactic.stixId));
+
+            // Return command
+            return [cmd];
+
+        }
+        return [command];
+    }
+
+    /**
+     * Autofills auxillary properties using a technique property's value.
+     * @param command
+     *  The "set technique" command.
+     * @returns
+     *  The processed set of commands.
+     */
+    private autofillFromTechnique(command: SetStringProperty) {
+        let property = command.property;
+        let value = command.nextValue;
+        
+        // If value matches technique recommendation exactly...
+        if(value !== null && AttackFlowProcessor.TechniqueRecs.has(value)) {
+
+            let cmd = new GroupCommand();
+            cmd.add(command);
+
+            // Resolve technique ID
+            let techniqueId = /T[0-9]{4}(?:\.[0-9]{3})?/i.exec(value);
+            if(techniqueId === null) {
+                throw new Error("Technique ID could not be resolved from text.");
+            }
+
+            // Resolve technique
+            let technique = intel.technique.find(o => o.id === techniqueId![0])!;
+            if(!technique) {
+                throw new Error(`Could not resolve technique '${ techniqueId }'.`);
+            }
+
+            // Autofill
+            let rootProps = property.root!.value;
+            let nameProp = rootProps.get("name")! as StringProperty;
+            let techniqueRefProp = rootProps.get("technique_ref")! as StringProperty;
+            
+            // Autofill name ONLY if empty or matches another tactic or technique name
+            let nameValue = nameProp.toRawValue();
+            if(
+                !nameValue || 
+                AttackFlowProcessor.TacticNames.has(nameValue) ||
+                AttackFlowProcessor.TechniqueNames.has(nameValue)
+            ) {
+                cmd.add(new SetStringProperty(nameProp, technique.name));
+            }
+
+            // Autofill technique reference property
+            cmd.add(new SetStringProperty(techniqueRefProp, technique.stixId));
+
+            // Return command
+            return [cmd];
+
+        }
+        return [command];
+    }
+
+}
+
+export default AttackFlowProcessor;
diff --git a/src/attack_flow_builder/src/assets/builder.config.ts b/src/attack_flow_builder/src/assets/builder.config.ts
index 09b10ff1..91d223b2 100644
--- a/src/attack_flow_builder/src/assets/builder.config.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.ts
@@ -1,6 +1,7 @@
 import intel from "./builder.config.intel";
 import validator from "./builder.config.validator";
 import publisher from "./builder.config.publisher";
+import processor from "./builder.config.processor";
 import { AppConfiguration } from "@/store/StoreTypes";
 import { Colors, DarkTheme } from "./scripts/BlockDiagram/DiagramFactory/Themes";
 import {
@@ -848,7 +849,8 @@ const config: AppConfiguration = {
         }
     },
     validator,
-    publisher
+    publisher,
+    processor
 };
 
 export default config;

From 6de7bd4a8704cb871186301f6c436dfb72b400a4 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Fri, 18 Aug 2023 10:10:00 -0400
Subject: [PATCH 12/18] prevent cut command from breaking when nothing is
 selected

---
 .../src/store/Commands/PageCommands/RemoveSelectedChildren.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/attack_flow_builder/src/store/Commands/PageCommands/RemoveSelectedChildren.ts b/src/attack_flow_builder/src/store/Commands/PageCommands/RemoveSelectedChildren.ts
index 5186a67f..7d2c04cb 100644
--- a/src/attack_flow_builder/src/store/Commands/PageCommands/RemoveSelectedChildren.ts
+++ b/src/attack_flow_builder/src/store/Commands/PageCommands/RemoveSelectedChildren.ts
@@ -23,7 +23,9 @@ export class RemoveSelectedChildren extends GroupCommand {
             this.add(new UnselectObject(obj));
         }
         // Remove children
-        this.add(new RemoveObjects(objects));
+        if(0 < objects.length) {
+            this.add(new RemoveObjects(objects));
+        }
     }
 
 }

From 7d84e9d732e6f639abe22e4d70f4e1286c008eab Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Tue, 22 Aug 2023 15:42:10 -0400
Subject: [PATCH 13/18] fix bug that kept `ListProperty` from enumerating
 options

---
 .../assets/scripts/BlockDiagram/Property/ListProperty.ts    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts
index 7dd94ed7..ac0f841a 100644
--- a/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts
+++ b/src/attack_flow_builder/src/assets/scripts/BlockDiagram/Property/ListProperty.ts
@@ -42,7 +42,7 @@ export class ListProperty extends CollectionProperty {
                 let pId = `${ id }.${ vId }`;
                 let prop = Property.create(pId, this, descriptor.form, value);
                 // Add property
-                this.value.set(id, prop);
+                this.value.set(vId, prop);
             }
         } else if(descriptor.value) {
             if(Array.isArray(descriptor.value)) {
@@ -51,7 +51,7 @@ export class ListProperty extends CollectionProperty {
                     let pId = `${ id }.${ vId }`;
                     let prop = Property.create(pId, this, descriptor.form, value);
                     // Add property
-                    this.value.set(id, prop);
+                    this.value.set(vId, prop);
                 }
             } else {
                 for(let vId in descriptor.value) {
@@ -60,7 +60,7 @@ export class ListProperty extends CollectionProperty {
                     let pId = `${ id }.${ vId }`;
                     let prop = Property.create(pId, this, descriptor.form, value);
                     // Add property
-                    this.value.set(id, prop);
+                    this.value.set(vId, prop);
                 }
             }
         }

From de178e34adcad2515eae727234b1459e73c3a7a9 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Tue, 22 Aug 2023 15:54:12 -0400
Subject: [PATCH 14/18] allow "Escape" key to stop `TextField` suggestions

---
 .../src/components/Controls/Fields/TextField.vue              | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue b/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue
index 5ed12767..45bd6e85 100644
--- a/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue
+++ b/src/attack_flow_builder/src/components/Controls/Fields/TextField.vue
@@ -155,6 +155,10 @@ export default defineComponent({
       let idx = s.findIndex(o => o.value === this.select);
       let canAcceptSuggestion;
       switch(event.key) {
+        case "Escape":
+          this.stopSuggestions();
+          event.preventDefault();
+          break;
         case "ArrowUp":
           if(0 < idx) {
             this.select = s[idx - 1].value;

From 795dd8769d20207c2eb526cddf73af8682143a25 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Tue, 22 Aug 2023 15:56:11 -0400
Subject: [PATCH 15/18] limit tactic and technique suggestions to ID only

---
 .../attack/update_attack_intel.js             |    4 +-
 .../src/assets/builder.config.intel.ts        | 2116 ++++++++---------
 2 files changed, 1060 insertions(+), 1060 deletions(-)

diff --git a/src/attack_flow_builder/attack/update_attack_intel.js b/src/attack_flow_builder/attack/update_attack_intel.js
index 47329c44..d354357e 100644
--- a/src/attack_flow_builder/attack/update_attack_intel.js
+++ b/src/attack_flow_builder/attack/update_attack_intel.js
@@ -38,9 +38,9 @@ async function updateApplicationAttackIntel(path, ...urls) {
     console.log("→ Generating Application Intel File...");
     let intel = {
         tactics        : types.get("tactic"),
-        tactic_recs    : types.get("tactic").map(o => `${o.id} - ${o.name} (${o.matrix})`).sort(),
+        tactic_recs    : types.get("tactic").map(o => o.id).sort(),
         technique      : types.get("technique"),
-        technique_recs : types.get("technique").map(o => `${o.id} - ${o.name}`).sort()
+        technique_recs : types.get("technique").map(o => o.id).sort()
     };
     
     // Generate intel file
diff --git a/src/attack_flow_builder/src/assets/builder.config.intel.ts b/src/attack_flow_builder/src/assets/builder.config.intel.ts
index 58bb5740..0f3d4162 100644
--- a/src/attack_flow_builder/src/assets/builder.config.intel.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.intel.ts
@@ -362,46 +362,46 @@ export const intel = {
         }
     ],
     "tactic_recs": [
-        "TA0001 - Initial Access (Enterprise ATT&CK)",
-        "TA0002 - Execution (Enterprise ATT&CK)",
-        "TA0003 - Persistence (Enterprise ATT&CK)",
-        "TA0004 - Privilege Escalation (Enterprise ATT&CK)",
-        "TA0005 - Defense Evasion (Enterprise ATT&CK)",
-        "TA0006 - Credential Access (Enterprise ATT&CK)",
-        "TA0007 - Discovery (Enterprise ATT&CK)",
-        "TA0008 - Lateral Movement (Enterprise ATT&CK)",
-        "TA0009 - Collection (Enterprise ATT&CK)",
-        "TA0010 - Exfiltration (Enterprise ATT&CK)",
-        "TA0011 - Command and Control (Enterprise ATT&CK)",
-        "TA0027 - Initial Access (Mobile ATT&CK)",
-        "TA0028 - Persistence (Mobile ATT&CK)",
-        "TA0029 - Privilege Escalation (Mobile ATT&CK)",
-        "TA0030 - Defense Evasion (Mobile ATT&CK)",
-        "TA0031 - Credential Access (Mobile ATT&CK)",
-        "TA0032 - Discovery (Mobile ATT&CK)",
-        "TA0033 - Lateral Movement (Mobile ATT&CK)",
-        "TA0034 - Impact (Mobile ATT&CK)",
-        "TA0035 - Collection (Mobile ATT&CK)",
-        "TA0036 - Exfiltration (Mobile ATT&CK)",
-        "TA0037 - Command and Control (Mobile ATT&CK)",
-        "TA0038 - Network Effects (Mobile ATT&CK)",
-        "TA0039 - Remote Service Effects (Mobile ATT&CK)",
-        "TA0040 - Impact (Enterprise ATT&CK)",
-        "TA0041 - Execution (Mobile ATT&CK)",
-        "TA0042 - Resource Development (Enterprise ATT&CK)",
-        "TA0043 - Reconnaissance (Enterprise ATT&CK)",
-        "TA0100 - Collection (ICS ATT&CK)",
-        "TA0101 - Command and Control (ICS ATT&CK)",
-        "TA0102 - Discovery (ICS ATT&CK)",
-        "TA0103 - Evasion (ICS ATT&CK)",
-        "TA0104 - Execution (ICS ATT&CK)",
-        "TA0105 - Impact (ICS ATT&CK)",
-        "TA0106 - Impair Process Control (ICS ATT&CK)",
-        "TA0107 - Inhibit Response Function (ICS ATT&CK)",
-        "TA0108 - Initial Access (ICS ATT&CK)",
-        "TA0109 - Lateral Movement (ICS ATT&CK)",
-        "TA0110 - Persistence (ICS ATT&CK)",
-        "TA0111 - Privilege Escalation (ICS ATT&CK)"
+        "TA0001",
+        "TA0002",
+        "TA0003",
+        "TA0004",
+        "TA0005",
+        "TA0006",
+        "TA0007",
+        "TA0008",
+        "TA0009",
+        "TA0010",
+        "TA0011",
+        "TA0027",
+        "TA0028",
+        "TA0029",
+        "TA0030",
+        "TA0031",
+        "TA0032",
+        "TA0033",
+        "TA0034",
+        "TA0035",
+        "TA0036",
+        "TA0037",
+        "TA0038",
+        "TA0039",
+        "TA0040",
+        "TA0041",
+        "TA0042",
+        "TA0043",
+        "TA0100",
+        "TA0101",
+        "TA0102",
+        "TA0103",
+        "TA0104",
+        "TA0105",
+        "TA0106",
+        "TA0107",
+        "TA0108",
+        "TA0109",
+        "TA0110",
+        "TA0111"
     ],
     "technique": [
         {
@@ -9568,1024 +9568,1024 @@ export const intel = {
         }
     ],
     "technique_recs": [
-        "T0800 - Activate Firmware Update Mode",
-        "T0801 - Monitor Process State",
-        "T0802 - Automated Collection",
-        "T0803 - Block Command Message",
-        "T0804 - Block Reporting Message",
-        "T0805 - Block Serial COM",
-        "T0806 - Brute Force I/O",
-        "T0807 - Command-Line Interface",
-        "T0808 - Control Device Identification",
-        "T0809 - Data Destruction",
-        "T0810 - Data Historian Compromise",
-        "T0811 - Data from Information Repositories",
-        "T0812 - Default Credentials",
-        "T0813 - Denial of Control",
-        "T0814 - Denial of Service",
-        "T0815 - Denial of View",
-        "T0816 - Device Restart/Shutdown",
-        "T0817 - Drive-by Compromise",
-        "T0818 - Engineering Workstation Compromise",
-        "T0819 - Exploit Public-Facing Application",
-        "T0820 - Exploitation for Evasion",
-        "T0821 - Modify Controller Tasking",
-        "T0822 - External Remote Services",
-        "T0823 - Graphical User Interface",
-        "T0824 - I/O Module Discovery",
-        "T0825 - Location Identification",
-        "T0826 - Loss of Availability",
-        "T0827 - Loss of Control",
-        "T0828 - Loss of Productivity and Revenue",
-        "T0829 - Loss of View",
-        "T0830 - Adversary-in-the-Middle",
-        "T0831 - Manipulation of Control",
-        "T0832 - Manipulation of View",
-        "T0833 - Modify Control Logic",
-        "T0834 - Native API",
-        "T0835 - Manipulate I/O Image",
-        "T0836 - Modify Parameter",
-        "T0837 - Loss of Protection",
-        "T0838 - Modify Alarm Settings",
-        "T0839 - Module Firmware",
-        "T0840 - Network Connection Enumeration",
-        "T0841 - Network Service Scanning",
-        "T0842 - Network Sniffing",
-        "T0843 - Program Download",
-        "T0844 - Program Organization Units",
-        "T0845 - Program Upload",
-        "T0846 - Remote System Discovery",
-        "T0847 - Replication Through Removable Media",
-        "T0848 - Rogue Master",
-        "T0849 - Masquerading",
-        "T0850 - Role Identification",
-        "T0851 - Rootkit",
-        "T0852 - Screen Capture",
-        "T0853 - Scripting",
-        "T0854 - Serial Connection Enumeration",
-        "T0855 - Unauthorized Command Message",
-        "T0856 - Spoof Reporting Message",
-        "T0857 - System Firmware",
-        "T0858 - Change Operating Mode",
-        "T0859 - Valid Accounts",
-        "T0860 - Wireless Compromise",
-        "T0861 - Point & Tag Identification",
-        "T0862 - Supply Chain Compromise",
-        "T0863 - User Execution",
-        "T0864 - Transient Cyber Asset",
-        "T0865 - Spearphishing Attachment",
-        "T0866 - Exploitation of Remote Services",
-        "T0867 - Lateral Tool Transfer",
-        "T0868 - Detect Operating Mode",
-        "T0869 - Standard Application Layer Protocol",
-        "T0870 - Detect Program State",
-        "T0871 - Execution through API",
-        "T0872 - Indicator Removal on Host",
-        "T0873 - Project File Infection",
-        "T0874 - Hooking",
-        "T0875 - Change Program State",
-        "T0877 - I/O Image",
-        "T0878 - Alarm Suppression",
-        "T0879 - Damage to Property",
-        "T0880 - Loss of Safety",
-        "T0881 - Service Stop",
-        "T0882 - Theft of Operational Information",
-        "T0883 - Internet Accessible Device",
-        "T0884 - Connection Proxy",
-        "T0885 - Commonly Used Port",
-        "T0886 - Remote Services",
-        "T0887 - Wireless Sniffing",
-        "T0888 - Remote System Information Discovery",
-        "T0889 - Modify Program",
-        "T0890 - Exploitation for Privilege Escalation",
-        "T0891 - Hardcoded Credentials",
-        "T0892 - Change Credential",
-        "T0893 - Data from Local System",
-        "T1001 - Data Obfuscation",
-        "T1001.001 - Junk Data",
-        "T1001.002 - Steganography",
-        "T1001.003 - Protocol Impersonation",
-        "T1002 - Data Compressed",
-        "T1003 - OS Credential Dumping",
-        "T1003.001 - LSASS Memory",
-        "T1003.002 - Security Account Manager",
-        "T1003.003 - NTDS",
-        "T1003.004 - LSA Secrets",
-        "T1003.005 - Cached Domain Credentials",
-        "T1003.006 - DCSync",
-        "T1003.007 - Proc Filesystem",
-        "T1003.008 - /etc/passwd and /etc/shadow",
-        "T1004 - Winlogon Helper DLL",
-        "T1005 - Data from Local System",
-        "T1006 - Direct Volume Access",
-        "T1007 - System Service Discovery",
-        "T1008 - Fallback Channels",
-        "T1009 - Binary Padding",
-        "T1010 - Application Window Discovery",
-        "T1011 - Exfiltration Over Other Network Medium",
-        "T1011.001 - Exfiltration Over Bluetooth",
-        "T1012 - Query Registry",
-        "T1013 - Port Monitors",
-        "T1014 - Rootkit",
-        "T1015 - Accessibility Features",
-        "T1016 - System Network Configuration Discovery",
-        "T1016.001 - Internet Connection Discovery",
-        "T1017 - Application Deployment Software",
-        "T1018 - Remote System Discovery",
-        "T1019 - System Firmware",
-        "T1020 - Automated Exfiltration",
-        "T1020.001 - Traffic Duplication",
-        "T1021 - Remote Services",
-        "T1021.001 - Remote Desktop Protocol",
-        "T1021.002 - SMB/Windows Admin Shares",
-        "T1021.003 - Distributed Component Object Model",
-        "T1021.004 - SSH",
-        "T1021.005 - VNC",
-        "T1021.006 - Windows Remote Management",
-        "T1021.007 - Cloud Services",
-        "T1022 - Data Encrypted",
-        "T1023 - Shortcut Modification",
-        "T1024 - Custom Cryptographic Protocol",
-        "T1025 - Data from Removable Media",
-        "T1026 - Multiband Communication",
-        "T1027 - Obfuscated Files or Information",
-        "T1027.001 - Binary Padding",
-        "T1027.002 - Software Packing",
-        "T1027.003 - Steganography",
-        "T1027.004 - Compile After Delivery",
-        "T1027.005 - Indicator Removal from Tools",
-        "T1027.006 - HTML Smuggling",
-        "T1027.007 - Dynamic API Resolution",
-        "T1027.008 - Stripped Payloads",
-        "T1027.009 - Embedded Payloads",
-        "T1027.010 - Command Obfuscation",
-        "T1027.011 - Fileless Storage",
-        "T1028 - Windows Remote Management",
-        "T1029 - Scheduled Transfer",
-        "T1030 - Data Transfer Size Limits",
-        "T1031 - Modify Existing Service",
-        "T1032 - Standard Cryptographic Protocol",
-        "T1033 - System Owner/User Discovery",
-        "T1034 - Path Interception",
-        "T1035 - Service Execution",
-        "T1036 - Masquerading",
-        "T1036.001 - Invalid Code Signature",
-        "T1036.002 - Right-to-Left Override",
-        "T1036.003 - Rename System Utilities",
-        "T1036.004 - Masquerade Task or Service",
-        "T1036.005 - Match Legitimate Name or Location",
-        "T1036.006 - Space after Filename",
-        "T1036.007 - Double File Extension",
-        "T1036.008 - Masquerade File Type",
-        "T1037 - Boot or Logon Initialization Scripts",
-        "T1037.001 - Logon Script (Windows)",
-        "T1037.002 - Login Hook",
-        "T1037.003 - Network Logon Script",
-        "T1037.004 - RC Scripts",
-        "T1037.005 - Startup Items",
-        "T1038 - DLL Search Order Hijacking",
-        "T1039 - Data from Network Shared Drive",
-        "T1040 - Network Sniffing",
-        "T1041 - Exfiltration Over C2 Channel",
-        "T1042 - Change Default File Association",
-        "T1043 - Commonly Used Port",
-        "T1044 - File System Permissions Weakness",
-        "T1045 - Software Packing",
-        "T1046 - Network Service Discovery",
-        "T1047 - Windows Management Instrumentation",
-        "T1048 - Exfiltration Over Alternative Protocol",
-        "T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
-        "T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
-        "T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol",
-        "T1049 - System Network Connections Discovery",
-        "T1050 - New Service",
-        "T1051 - Shared Webroot",
-        "T1052 - Exfiltration Over Physical Medium",
-        "T1052.001 - Exfiltration over USB",
-        "T1053 - Scheduled Task/Job",
-        "T1053.001 - At (Linux)",
-        "T1053.002 - At",
-        "T1053.003 - Cron",
-        "T1053.004 - Launchd",
-        "T1053.005 - Scheduled Task",
-        "T1053.006 - Systemd Timers",
-        "T1053.007 - Container Orchestration Job",
-        "T1054 - Indicator Blocking",
-        "T1055 - Process Injection",
-        "T1055.001 - Dynamic-link Library Injection",
-        "T1055.002 - Portable Executable Injection",
-        "T1055.003 - Thread Execution Hijacking",
-        "T1055.004 - Asynchronous Procedure Call",
-        "T1055.005 - Thread Local Storage",
-        "T1055.008 - Ptrace System Calls",
-        "T1055.009 - Proc Memory",
-        "T1055.011 - Extra Window Memory Injection",
-        "T1055.012 - Process Hollowing",
-        "T1055.013 - Process Doppelgänging",
-        "T1055.014 - VDSO Hijacking",
-        "T1055.015 - ListPlanting",
-        "T1056 - Input Capture",
-        "T1056.001 - Keylogging",
-        "T1056.002 - GUI Input Capture",
-        "T1056.003 - Web Portal Capture",
-        "T1056.004 - Credential API Hooking",
-        "T1057 - Process Discovery",
-        "T1058 - Service Registry Permissions Weakness",
-        "T1059 - Command and Scripting Interpreter",
-        "T1059.001 - PowerShell",
-        "T1059.002 - AppleScript",
-        "T1059.003 - Windows Command Shell",
-        "T1059.004 - Unix Shell",
-        "T1059.005 - Visual Basic",
-        "T1059.006 - Python",
-        "T1059.007 - JavaScript",
-        "T1059.008 - Network Device CLI",
-        "T1059.009 - Cloud API",
-        "T1060 - Registry Run Keys / Startup Folder",
-        "T1061 - Graphical User Interface",
-        "T1062 - Hypervisor",
-        "T1063 - Security Software Discovery",
-        "T1064 - Scripting",
-        "T1065 - Uncommonly Used Port",
-        "T1066 - Indicator Removal from Tools",
-        "T1067 - Bootkit",
-        "T1068 - Exploitation for Privilege Escalation",
-        "T1069 - Permission Groups Discovery",
-        "T1069.001 - Local Groups",
-        "T1069.002 - Domain Groups",
-        "T1069.003 - Cloud Groups",
-        "T1070 - Indicator Removal",
-        "T1070.001 - Clear Windows Event Logs",
-        "T1070.002 - Clear Linux or Mac System Logs",
-        "T1070.003 - Clear Command History",
-        "T1070.004 - File Deletion",
-        "T1070.005 - Network Share Connection Removal",
-        "T1070.006 - Timestomp",
-        "T1070.007 - Clear Network Connection History and Configurations",
-        "T1070.008 - Clear Mailbox Data",
-        "T1070.009 - Clear Persistence",
-        "T1071 - Application Layer Protocol",
-        "T1071.001 - Web Protocols",
-        "T1071.002 - File Transfer Protocols",
-        "T1071.003 - Mail Protocols",
-        "T1071.004 - DNS",
-        "T1072 - Software Deployment Tools",
-        "T1073 - DLL Side-Loading",
-        "T1074 - Data Staged",
-        "T1074.001 - Local Data Staging",
-        "T1074.002 - Remote Data Staging",
-        "T1075 - Pass the Hash",
-        "T1076 - Remote Desktop Protocol",
-        "T1077 - Windows Admin Shares",
-        "T1078 - Valid Accounts",
-        "T1078.001 - Default Accounts",
-        "T1078.002 - Domain Accounts",
-        "T1078.003 - Local Accounts",
-        "T1078.004 - Cloud Accounts",
-        "T1079 - Multilayer Encryption",
-        "T1080 - Taint Shared Content",
-        "T1081 - Credentials in Files",
-        "T1082 - System Information Discovery",
-        "T1083 - File and Directory Discovery",
-        "T1084 - Windows Management Instrumentation Event Subscription",
-        "T1085 - Rundll32",
-        "T1086 - PowerShell",
-        "T1087 - Account Discovery",
-        "T1087.001 - Local Account",
-        "T1087.002 - Domain Account",
-        "T1087.003 - Email Account",
-        "T1087.004 - Cloud Account",
-        "T1088 - Bypass User Account Control",
-        "T1089 - Disabling Security Tools",
-        "T1090 - Proxy",
-        "T1090.001 - Internal Proxy",
-        "T1090.002 - External Proxy",
-        "T1090.003 - Multi-hop Proxy",
-        "T1090.004 - Domain Fronting",
-        "T1091 - Replication Through Removable Media",
-        "T1092 - Communication Through Removable Media",
-        "T1093 - Process Hollowing",
-        "T1094 - Custom Command and Control Protocol",
-        "T1095 - Non-Application Layer Protocol",
-        "T1096 - NTFS File Attributes",
-        "T1097 - Pass the Ticket",
-        "T1098 - Account Manipulation",
-        "T1098.001 - Additional Cloud Credentials",
-        "T1098.002 - Additional Email Delegate Permissions",
-        "T1098.003 - Additional Cloud Roles",
-        "T1098.004 - SSH Authorized Keys",
-        "T1098.005 - Device Registration",
-        "T1099 - Timestomp",
-        "T1100 - Web Shell",
-        "T1101 - Security Support Provider",
-        "T1102 - Web Service",
-        "T1102.001 - Dead Drop Resolver",
-        "T1102.002 - Bidirectional Communication",
-        "T1102.003 - One-Way Communication",
-        "T1103 - AppInit DLLs",
-        "T1104 - Multi-Stage Channels",
-        "T1105 - Ingress Tool Transfer",
-        "T1106 - Native API",
-        "T1107 - File Deletion",
-        "T1108 - Redundant Access",
-        "T1109 - Component Firmware",
-        "T1110 - Brute Force",
-        "T1110.001 - Password Guessing",
-        "T1110.002 - Password Cracking",
-        "T1110.003 - Password Spraying",
-        "T1110.004 - Credential Stuffing",
-        "T1111 - Multi-Factor Authentication Interception",
-        "T1112 - Modify Registry",
-        "T1113 - Screen Capture",
-        "T1114 - Email Collection",
-        "T1114.001 - Local Email Collection",
-        "T1114.002 - Remote Email Collection",
-        "T1114.003 - Email Forwarding Rule",
-        "T1115 - Clipboard Data",
-        "T1116 - Code Signing",
-        "T1117 - Regsvr32",
-        "T1118 - InstallUtil",
-        "T1119 - Automated Collection",
-        "T1120 - Peripheral Device Discovery",
-        "T1121 - Regsvcs/Regasm",
-        "T1122 - Component Object Model Hijacking",
-        "T1123 - Audio Capture",
-        "T1124 - System Time Discovery",
-        "T1125 - Video Capture",
-        "T1126 - Network Share Connection Removal",
-        "T1127 - Trusted Developer Utilities Proxy Execution",
-        "T1127.001 - MSBuild",
-        "T1128 - Netsh Helper DLL",
-        "T1129 - Shared Modules",
-        "T1130 - Install Root Certificate",
-        "T1131 - Authentication Package",
-        "T1132 - Data Encoding",
-        "T1132.001 - Standard Encoding",
-        "T1132.002 - Non-Standard Encoding",
-        "T1133 - External Remote Services",
-        "T1134 - Access Token Manipulation",
-        "T1134.001 - Token Impersonation/Theft",
-        "T1134.002 - Create Process with Token",
-        "T1134.003 - Make and Impersonate Token",
-        "T1134.004 - Parent PID Spoofing",
-        "T1134.005 - SID-History Injection",
-        "T1135 - Network Share Discovery",
-        "T1136 - Create Account",
-        "T1136.001 - Local Account",
-        "T1136.002 - Domain Account",
-        "T1136.003 - Cloud Account",
-        "T1137 - Office Application Startup",
-        "T1137.001 - Office Template Macros",
-        "T1137.002 - Office Test",
-        "T1137.003 - Outlook Forms",
-        "T1137.004 - Outlook Home Page",
-        "T1137.005 - Outlook Rules",
-        "T1137.006 - Add-ins",
-        "T1138 - Application Shimming",
-        "T1139 - Bash History",
-        "T1140 - Deobfuscate/Decode Files or Information",
-        "T1141 - Input Prompt",
-        "T1142 - Keychain",
-        "T1143 - Hidden Window",
-        "T1144 - Gatekeeper Bypass",
-        "T1145 - Private Keys",
-        "T1146 - Clear Command History",
-        "T1147 - Hidden Users",
-        "T1148 - HISTCONTROL",
-        "T1149 - LC_MAIN Hijacking",
-        "T1150 - Plist Modification",
-        "T1151 - Space after Filename",
-        "T1152 - Launchctl",
-        "T1153 - Source",
-        "T1154 - Trap",
-        "T1155 - AppleScript",
-        "T1156 - Malicious Shell Modification",
-        "T1157 - Dylib Hijacking",
-        "T1158 - Hidden Files and Directories",
-        "T1159 - Launch Agent",
-        "T1160 - Launch Daemon",
-        "T1161 - LC_LOAD_DYLIB Addition",
-        "T1162 - Login Item",
-        "T1163 - Rc.common",
-        "T1164 - Re-opened Applications",
-        "T1165 - Startup Items",
-        "T1166 - Setuid and Setgid",
-        "T1167 - Securityd Memory",
-        "T1168 - Local Job Scheduling",
-        "T1169 - Sudo",
-        "T1170 - Mshta",
-        "T1171 - LLMNR/NBT-NS Poisoning and Relay",
-        "T1172 - Domain Fronting",
-        "T1173 - Dynamic Data Exchange",
-        "T1174 - Password Filter DLL",
-        "T1175 - Component Object Model and Distributed COM",
-        "T1176 - Browser Extensions",
-        "T1177 - LSASS Driver",
-        "T1178 - SID-History Injection",
-        "T1179 - Hooking",
-        "T1180 - Screensaver",
-        "T1181 - Extra Window Memory Injection",
-        "T1182 - AppCert DLLs",
-        "T1183 - Image File Execution Options Injection",
-        "T1184 - SSH Hijacking",
-        "T1185 - Browser Session Hijacking",
-        "T1186 - Process Doppelgänging",
-        "T1187 - Forced Authentication",
-        "T1188 - Multi-hop Proxy",
-        "T1189 - Drive-by Compromise",
-        "T1190 - Exploit Public-Facing Application",
-        "T1191 - CMSTP",
-        "T1192 - Spearphishing Link",
-        "T1193 - Spearphishing Attachment",
-        "T1194 - Spearphishing via Service",
-        "T1195 - Supply Chain Compromise",
-        "T1195.001 - Compromise Software Dependencies and Development Tools",
-        "T1195.002 - Compromise Software Supply Chain",
-        "T1195.003 - Compromise Hardware Supply Chain",
-        "T1196 - Control Panel Items",
-        "T1197 - BITS Jobs",
-        "T1198 - SIP and Trust Provider Hijacking",
-        "T1199 - Trusted Relationship",
-        "T1200 - Hardware Additions",
-        "T1201 - Password Policy Discovery",
-        "T1202 - Indirect Command Execution",
-        "T1203 - Exploitation for Client Execution",
-        "T1204 - User Execution",
-        "T1204.001 - Malicious Link",
-        "T1204.002 - Malicious File",
-        "T1204.003 - Malicious Image",
-        "T1205 - Traffic Signaling",
-        "T1205.001 - Port Knocking",
-        "T1205.002 - Socket Filters",
-        "T1206 - Sudo Caching",
-        "T1207 - Rogue Domain Controller",
-        "T1208 - Kerberoasting",
-        "T1209 - Time Providers",
-        "T1210 - Exploitation of Remote Services",
-        "T1211 - Exploitation for Defense Evasion",
-        "T1212 - Exploitation for Credential Access",
-        "T1213 - Data from Information Repositories",
-        "T1213.001 - Confluence",
-        "T1213.002 - Sharepoint",
-        "T1213.003 - Code Repositories",
-        "T1214 - Credentials in Registry",
-        "T1215 - Kernel Modules and Extensions",
-        "T1216 - System Script Proxy Execution",
-        "T1216.001 - PubPrn",
-        "T1217 - Browser Information Discovery",
-        "T1218 - System Binary Proxy Execution",
-        "T1218.001 - Compiled HTML File",
-        "T1218.002 - Control Panel",
-        "T1218.003 - CMSTP",
-        "T1218.004 - InstallUtil",
-        "T1218.005 - Mshta",
-        "T1218.007 - Msiexec",
-        "T1218.008 - Odbcconf",
-        "T1218.009 - Regsvcs/Regasm",
-        "T1218.010 - Regsvr32",
-        "T1218.011 - Rundll32",
-        "T1218.012 - Verclsid",
-        "T1218.013 - Mavinject",
-        "T1218.014 - MMC",
-        "T1219 - Remote Access Software",
-        "T1220 - XSL Script Processing",
-        "T1221 - Template Injection",
-        "T1222 - File and Directory Permissions Modification",
-        "T1222.001 - Windows File and Directory Permissions Modification",
-        "T1222.002 - Linux and Mac File and Directory Permissions Modification",
-        "T1223 - Compiled HTML File",
-        "T1398 - Boot or Logon Initialization Scripts",
-        "T1399 - Modify Trusted Execution Environment",
-        "T1400 - Modify System Partition",
-        "T1401 - Device Administrator Permissions",
-        "T1402 - Broadcast Receivers",
-        "T1403 - Modify Cached Executable Code",
-        "T1404 - Exploitation for Privilege Escalation",
-        "T1405 - Exploit TEE Vulnerability",
-        "T1406 - Obfuscated Files or Information",
-        "T1406.001 - Steganography",
-        "T1406.002 - Software Packing",
-        "T1407 - Download New Code at Runtime",
-        "T1408 - Disguise Root/Jailbreak Indicators",
-        "T1409 - Stored Application Data",
-        "T1410 - Network Traffic Capture or Redirection",
-        "T1411 - Input Prompt",
-        "T1412 - Capture SMS Messages",
-        "T1413 - Access Sensitive Data in Device Logs",
-        "T1414 - Clipboard Data",
-        "T1415 - URL Scheme Hijacking",
-        "T1416 - URI Hijacking",
-        "T1417 - Input Capture",
-        "T1417.001 - Keylogging",
-        "T1417.002 - GUI Input Capture",
-        "T1418 - Software Discovery",
-        "T1418.001 - Security Software Discovery",
-        "T1419 - Device Type Discovery",
-        "T1420 - File and Directory Discovery",
-        "T1421 - System Network Connections Discovery",
-        "T1422 - System Network Configuration Discovery",
-        "T1423 - Network Service Scanning",
-        "T1424 - Process Discovery",
-        "T1425 - Insecure Third-Party Libraries",
-        "T1426 - System Information Discovery",
-        "T1427 - Attack PC via USB Connection",
-        "T1428 - Exploitation of Remote Services",
-        "T1429 - Audio Capture",
-        "T1430 - Location Tracking",
-        "T1430.001 - Remote Device Management Services",
-        "T1430.002 - Impersonate SS7 Nodes",
-        "T1431 - App Delivered via Web Download",
-        "T1432 - Access Contact List",
-        "T1433 - Access Call Log",
-        "T1434 - App Delivered via Email Attachment",
-        "T1435 - Access Calendar Entries",
-        "T1436 - Commonly Used Port",
-        "T1437 - Application Layer Protocol",
-        "T1437.001 - Web Protocols",
-        "T1438 - Exfiltration Over Other Network Medium",
-        "T1439 - Eavesdrop on Insecure Network Communication",
-        "T1440 - Detect App Analysis Environment",
-        "T1441 - Stolen Developer Credentials or Signing Keys",
-        "T1442 - Fake Developer Accounts",
-        "T1443 - Remotely Install Application",
-        "T1444 - Masquerade as Legitimate Application",
-        "T1445 - Abuse of iOS Enterprise App Signing Key",
-        "T1446 - Device Lockout",
-        "T1447 - Delete Device Data",
-        "T1448 - Carrier Billing Fraud",
-        "T1449 - Exploit SS7 to Redirect Phone Calls/SMS",
-        "T1450 - Exploit SS7 to Track Device Location",
-        "T1451 - SIM Card Swap",
-        "T1452 - Manipulate App Store Rankings or Ratings",
-        "T1453 - Abuse Accessibility Features",
-        "T1454 - Malicious SMS Message",
-        "T1455 - Exploit Baseband Vulnerability",
-        "T1456 - Drive-By Compromise",
-        "T1457 - Malicious Media Content",
-        "T1458 - Replication Through Removable Media",
-        "T1459 - Device Unlock Code Guessing or Brute Force",
-        "T1460 - Biometric Spoofing",
-        "T1461 - Lockscreen Bypass",
-        "T1462 - Malicious Software Development Tools",
-        "T1463 - Manipulate Device Communication",
-        "T1464 - Network Denial of Service",
-        "T1465 - Rogue Wi-Fi Access Points",
-        "T1466 - Downgrade to Insecure Protocols",
-        "T1467 - Rogue Cellular Base Station",
-        "T1468 - Remotely Track Device Without Authorization",
-        "T1469 - Remotely Wipe Data Without Authorization",
-        "T1470 - Obtain Device Cloud Backups",
-        "T1471 - Data Encrypted for Impact",
-        "T1472 - Generate Fraudulent Advertising Revenue",
-        "T1473 - Malicious or Vulnerable Built-in Device Functionality",
-        "T1474 - Supply Chain Compromise",
-        "T1474.001 - Compromise Software Dependencies and Development Tools",
-        "T1474.002 - Compromise Hardware Supply Chain",
-        "T1474.003 - Compromise Software Supply Chain",
-        "T1475 - Deliver Malicious App via Authorized App Store",
-        "T1476 - Deliver Malicious App via Other Means",
-        "T1477 - Exploit via Radio Interfaces",
-        "T1478 - Install Insecure or Malicious Configuration",
-        "T1480 - Execution Guardrails",
-        "T1480.001 - Environmental Keying",
-        "T1481 - Web Service",
-        "T1481.001 - Dead Drop Resolver",
-        "T1481.002 - Bidirectional Communication",
-        "T1481.003 - One-Way Communication",
-        "T1482 - Domain Trust Discovery",
-        "T1483 - Domain Generation Algorithms",
-        "T1484 - Domain Policy Modification",
-        "T1484.001 - Group Policy Modification",
-        "T1484.002 - Domain Trust Modification",
-        "T1485 - Data Destruction",
-        "T1486 - Data Encrypted for Impact",
-        "T1487 - Disk Structure Wipe",
-        "T1488 - Disk Content Wipe",
-        "T1489 - Service Stop",
-        "T1490 - Inhibit System Recovery",
-        "T1491 - Defacement",
-        "T1491.001 - Internal Defacement",
-        "T1491.002 - External Defacement",
-        "T1492 - Stored Data Manipulation",
-        "T1493 - Transmitted Data Manipulation",
-        "T1494 - Runtime Data Manipulation",
-        "T1495 - Firmware Corruption",
-        "T1496 - Resource Hijacking",
-        "T1497 - Virtualization/Sandbox Evasion",
-        "T1497.001 - System Checks",
-        "T1497.002 - User Activity Based Checks",
-        "T1497.003 - Time Based Evasion",
-        "T1498 - Network Denial of Service",
-        "T1498.001 - Direct Network Flood",
-        "T1498.002 - Reflection Amplification",
-        "T1499 - Endpoint Denial of Service",
-        "T1499.001 - OS Exhaustion Flood",
-        "T1499.002 - Service Exhaustion Flood",
-        "T1499.003 - Application Exhaustion Flood",
-        "T1499.004 - Application or System Exploitation",
-        "T1500 - Compile After Delivery",
-        "T1501 - Systemd Service",
-        "T1502 - Parent PID Spoofing",
-        "T1503 - Credentials from Web Browsers",
-        "T1504 - PowerShell Profile",
-        "T1505 - Server Software Component",
-        "T1505.001 - SQL Stored Procedures",
-        "T1505.002 - Transport Agent",
-        "T1505.003 - Web Shell",
-        "T1505.004 - IIS Components",
-        "T1505.005 - Terminal Services DLL",
-        "T1506 - Web Session Cookie",
-        "T1507 - Network Information Discovery",
-        "T1508 - Suppress Application Icon",
-        "T1509 - Non-Standard Port",
-        "T1510 - Clipboard Modification",
-        "T1512 - Video Capture",
-        "T1513 - Screen Capture",
-        "T1514 - Elevated Execution with Prompt",
-        "T1516 - Input Injection",
-        "T1517 - Access Notifications",
-        "T1518 - Software Discovery",
-        "T1518.001 - Security Software Discovery",
-        "T1519 - Emond",
-        "T1520 - Domain Generation Algorithms",
-        "T1521 - Encrypted Channel",
-        "T1521.001 - Symmetric Cryptography",
-        "T1521.002 - Asymmetric Cryptography",
-        "T1522 - Cloud Instance Metadata API",
-        "T1523 - Evade Analysis Environment",
-        "T1525 - Implant Internal Image",
-        "T1526 - Cloud Service Discovery",
-        "T1527 - Application Access Token",
-        "T1528 - Steal Application Access Token",
-        "T1529 - System Shutdown/Reboot",
-        "T1530 - Data from Cloud Storage",
-        "T1531 - Account Access Removal",
-        "T1532 - Archive Collected Data",
-        "T1533 - Data from Local System",
-        "T1534 - Internal Spearphishing",
-        "T1535 - Unused/Unsupported Cloud Regions",
-        "T1536 - Revert Cloud Instance",
-        "T1537 - Transfer Data to Cloud Account",
-        "T1538 - Cloud Service Dashboard",
-        "T1539 - Steal Web Session Cookie",
-        "T1540 - Code Injection",
-        "T1541 - Foreground Persistence",
-        "T1542 - Pre-OS Boot",
-        "T1542.001 - System Firmware",
-        "T1542.002 - Component Firmware",
-        "T1542.003 - Bootkit",
-        "T1542.004 - ROMMONkit",
-        "T1542.005 - TFTP Boot",
-        "T1543 - Create or Modify System Process",
-        "T1543.001 - Launch Agent",
-        "T1543.002 - Systemd Service",
-        "T1543.003 - Windows Service",
-        "T1543.004 - Launch Daemon",
-        "T1544 - Ingress Tool Transfer",
-        "T1546 - Event Triggered Execution",
-        "T1546.001 - Change Default File Association",
-        "T1546.002 - Screensaver",
-        "T1546.003 - Windows Management Instrumentation Event Subscription",
-        "T1546.004 - Unix Shell Configuration Modification",
-        "T1546.005 - Trap",
-        "T1546.006 - LC_LOAD_DYLIB Addition",
-        "T1546.007 - Netsh Helper DLL",
-        "T1546.008 - Accessibility Features",
-        "T1546.009 - AppCert DLLs",
-        "T1546.010 - AppInit DLLs",
-        "T1546.011 - Application Shimming",
-        "T1546.012 - Image File Execution Options Injection",
-        "T1546.013 - PowerShell Profile",
-        "T1546.014 - Emond",
-        "T1546.015 - Component Object Model Hijacking",
-        "T1546.016 - Installer Packages",
-        "T1547 - Boot or Logon Autostart Execution",
-        "T1547.001 - Registry Run Keys / Startup Folder",
-        "T1547.002 - Authentication Package",
-        "T1547.003 - Time Providers",
-        "T1547.004 - Winlogon Helper DLL",
-        "T1547.005 - Security Support Provider",
-        "T1547.006 - Kernel Modules and Extensions",
-        "T1547.007 - Re-opened Applications",
-        "T1547.008 - LSASS Driver",
-        "T1547.009 - Shortcut Modification",
-        "T1547.010 - Port Monitors",
-        "T1547.011 - Plist Modification",
-        "T1547.012 - Print Processors",
-        "T1547.013 - XDG Autostart Entries",
-        "T1547.014 - Active Setup",
-        "T1547.015 - Login Items",
-        "T1548 - Abuse Elevation Control Mechanism",
-        "T1548.001 - Setuid and Setgid",
-        "T1548.002 - Bypass User Account Control",
-        "T1548.003 - Sudo and Sudo Caching",
-        "T1548.004 - Elevated Execution with Prompt",
-        "T1550 - Use Alternate Authentication Material",
-        "T1550.001 - Application Access Token",
-        "T1550.002 - Pass the Hash",
-        "T1550.003 - Pass the Ticket",
-        "T1550.004 - Web Session Cookie",
-        "T1552 - Unsecured Credentials",
-        "T1552.001 - Credentials In Files",
-        "T1552.002 - Credentials in Registry",
-        "T1552.003 - Bash History",
-        "T1552.004 - Private Keys",
-        "T1552.005 - Cloud Instance Metadata API",
-        "T1552.006 - Group Policy Preferences",
-        "T1552.007 - Container API",
-        "T1552.008 - Chat Messages",
-        "T1553 - Subvert Trust Controls",
-        "T1553.001 - Gatekeeper Bypass",
-        "T1553.002 - Code Signing",
-        "T1553.003 - SIP and Trust Provider Hijacking",
-        "T1553.004 - Install Root Certificate",
-        "T1553.005 - Mark-of-the-Web Bypass",
-        "T1553.006 - Code Signing Policy Modification",
-        "T1554 - Compromise Client Software Binary",
-        "T1555 - Credentials from Password Stores",
-        "T1555.001 - Keychain",
-        "T1555.002 - Securityd Memory",
-        "T1555.003 - Credentials from Web Browsers",
-        "T1555.004 - Windows Credential Manager",
-        "T1555.005 - Password Managers",
-        "T1556 - Modify Authentication Process",
-        "T1556.001 - Domain Controller Authentication",
-        "T1556.002 - Password Filter DLL",
-        "T1556.003 - Pluggable Authentication Modules",
-        "T1556.004 - Network Device Authentication",
-        "T1556.005 - Reversible Encryption",
-        "T1556.006 - Multi-Factor Authentication",
-        "T1556.007 - Hybrid Identity",
-        "T1556.008 - Network Provider DLL",
-        "T1557 - Adversary-in-the-Middle",
-        "T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay",
-        "T1557.002 - ARP Cache Poisoning",
-        "T1557.003 - DHCP Spoofing",
-        "T1558 - Steal or Forge Kerberos Tickets",
-        "T1558.001 - Golden Ticket",
-        "T1558.002 - Silver Ticket",
-        "T1558.003 - Kerberoasting",
-        "T1558.004 - AS-REP Roasting",
-        "T1559 - Inter-Process Communication",
-        "T1559.001 - Component Object Model",
-        "T1559.002 - Dynamic Data Exchange",
-        "T1559.003 - XPC Services",
-        "T1560 - Archive Collected Data",
-        "T1560.001 - Archive via Utility",
-        "T1560.002 - Archive via Library",
-        "T1560.003 - Archive via Custom Method",
-        "T1561 - Disk Wipe",
-        "T1561.001 - Disk Content Wipe",
-        "T1561.002 - Disk Structure Wipe",
-        "T1562 - Impair Defenses",
-        "T1562.001 - Disable or Modify Tools",
-        "T1562.002 - Disable Windows Event Logging",
-        "T1562.003 - Impair Command History Logging",
-        "T1562.004 - Disable or Modify System Firewall",
-        "T1562.006 - Indicator Blocking",
-        "T1562.007 - Disable or Modify Cloud Firewall",
-        "T1562.008 - Disable Cloud Logs",
-        "T1562.009 - Safe Mode Boot",
-        "T1562.010 - Downgrade Attack",
-        "T1562.011 - Spoof Security Alerting",
-        "T1563 - Remote Service Session Hijacking",
-        "T1563.001 - SSH Hijacking",
-        "T1563.002 - RDP Hijacking",
-        "T1564 - Hide Artifacts",
-        "T1564.001 - Hidden Files and Directories",
-        "T1564.002 - Hidden Users",
-        "T1564.003 - Hidden Window",
-        "T1564.004 - NTFS File Attributes",
-        "T1564.005 - Hidden File System",
-        "T1564.006 - Run Virtual Instance",
-        "T1564.007 - VBA Stomping",
-        "T1564.008 - Email Hiding Rules",
-        "T1564.009 - Resource Forking",
-        "T1564.010 - Process Argument Spoofing",
-        "T1565 - Data Manipulation",
-        "T1565.001 - Stored Data Manipulation",
-        "T1565.002 - Transmitted Data Manipulation",
-        "T1565.003 - Runtime Data Manipulation",
-        "T1566 - Phishing",
-        "T1566.001 - Spearphishing Attachment",
-        "T1566.002 - Spearphishing Link",
-        "T1566.003 - Spearphishing via Service",
-        "T1567 - Exfiltration Over Web Service",
-        "T1567.001 - Exfiltration to Code Repository",
-        "T1567.002 - Exfiltration to Cloud Storage",
-        "T1567.003 - Exfiltration to Text Storage Sites",
-        "T1568 - Dynamic Resolution",
-        "T1568.001 - Fast Flux DNS",
-        "T1568.002 - Domain Generation Algorithms",
-        "T1568.003 - DNS Calculation",
-        "T1569 - System Services",
-        "T1569.001 - Launchctl",
-        "T1569.002 - Service Execution",
-        "T1570 - Lateral Tool Transfer",
-        "T1571 - Non-Standard Port",
-        "T1572 - Protocol Tunneling",
-        "T1573 - Encrypted Channel",
-        "T1573.001 - Symmetric Cryptography",
-        "T1573.002 - Asymmetric Cryptography",
-        "T1574 - Hijack Execution Flow",
-        "T1574.001 - DLL Search Order Hijacking",
-        "T1574.002 - DLL Side-Loading",
-        "T1574.004 - Dylib Hijacking",
-        "T1574.005 - Executable Installer File Permissions Weakness",
-        "T1574.006 - Dynamic Linker Hijacking",
-        "T1574.007 - Path Interception by PATH Environment Variable",
-        "T1574.008 - Path Interception by Search Order Hijacking",
-        "T1574.009 - Path Interception by Unquoted Path",
-        "T1574.010 - Services File Permissions Weakness",
-        "T1574.011 - Services Registry Permissions Weakness",
-        "T1574.012 - COR_PROFILER",
-        "T1574.013 - KernelCallbackTable",
-        "T1575 - Native API",
-        "T1576 - Uninstall Malicious Application",
-        "T1577 - Compromise Application Executable",
-        "T1578 - Modify Cloud Compute Infrastructure",
-        "T1578.001 - Create Snapshot",
-        "T1578.002 - Create Cloud Instance",
-        "T1578.003 - Delete Cloud Instance",
-        "T1578.004 - Revert Cloud Instance",
-        "T1579 - Keychain",
-        "T1580 - Cloud Infrastructure Discovery",
-        "T1581 - Geofencing",
-        "T1582 - SMS Control",
-        "T1583 - Acquire Infrastructure",
-        "T1583.001 - Domains",
-        "T1583.002 - DNS Server",
-        "T1583.003 - Virtual Private Server",
-        "T1583.004 - Server",
-        "T1583.005 - Botnet",
-        "T1583.006 - Web Services",
-        "T1583.007 - Serverless",
-        "T1583.008 - Malvertising",
-        "T1584 - Compromise Infrastructure",
-        "T1584.001 - Domains",
-        "T1584.002 - DNS Server",
-        "T1584.003 - Virtual Private Server",
-        "T1584.004 - Server",
-        "T1584.005 - Botnet",
-        "T1584.006 - Web Services",
-        "T1584.007 - Serverless",
-        "T1585 - Establish Accounts",
-        "T1585.001 - Social Media Accounts",
-        "T1585.002 - Email Accounts",
-        "T1585.003 - Cloud Accounts",
-        "T1586 - Compromise Accounts",
-        "T1586.001 - Social Media Accounts",
-        "T1586.002 - Email Accounts",
-        "T1586.003 - Cloud Accounts",
-        "T1587 - Develop Capabilities",
-        "T1587.001 - Malware",
-        "T1587.002 - Code Signing Certificates",
-        "T1587.003 - Digital Certificates",
-        "T1587.004 - Exploits",
-        "T1588 - Obtain Capabilities",
-        "T1588.001 - Malware",
-        "T1588.002 - Tool",
-        "T1588.003 - Code Signing Certificates",
-        "T1588.004 - Digital Certificates",
-        "T1588.005 - Exploits",
-        "T1588.006 - Vulnerabilities",
-        "T1589 - Gather Victim Identity Information",
-        "T1589.001 - Credentials",
-        "T1589.002 - Email Addresses",
-        "T1589.003 - Employee Names",
-        "T1590 - Gather Victim Network Information",
-        "T1590.001 - Domain Properties",
-        "T1590.002 - DNS",
-        "T1590.003 - Network Trust Dependencies",
-        "T1590.004 - Network Topology",
-        "T1590.005 - IP Addresses",
-        "T1590.006 - Network Security Appliances",
-        "T1591 - Gather Victim Org Information",
-        "T1591.001 - Determine Physical Locations",
-        "T1591.002 - Business Relationships",
-        "T1591.003 - Identify Business Tempo",
-        "T1591.004 - Identify Roles",
-        "T1592 - Gather Victim Host Information",
-        "T1592.001 - Hardware",
-        "T1592.002 - Software",
-        "T1592.003 - Firmware",
-        "T1592.004 - Client Configurations",
-        "T1593 - Search Open Websites/Domains",
-        "T1593.001 - Social Media",
-        "T1593.002 - Search Engines",
-        "T1593.003 - Code Repositories",
-        "T1594 - Search Victim-Owned Websites",
-        "T1595 - Active Scanning",
-        "T1595.001 - Scanning IP Blocks",
-        "T1595.002 - Vulnerability Scanning",
-        "T1595.003 - Wordlist Scanning",
-        "T1596 - Search Open Technical Databases",
-        "T1596.001 - DNS/Passive DNS",
-        "T1596.002 - WHOIS",
-        "T1596.003 - Digital Certificates",
-        "T1596.004 - CDNs",
-        "T1596.005 - Scan Databases",
-        "T1597 - Search Closed Sources",
-        "T1597.001 - Threat Intel Vendors",
-        "T1597.002 - Purchase Technical Data",
-        "T1598 - Phishing for Information",
-        "T1598.001 - Spearphishing Service",
-        "T1598.002 - Spearphishing Attachment",
-        "T1598.003 - Spearphishing Link",
-        "T1599 - Network Boundary Bridging",
-        "T1599.001 - Network Address Translation Traversal",
-        "T1600 - Weaken Encryption",
-        "T1600.001 - Reduce Key Space",
-        "T1600.002 - Disable Crypto Hardware",
-        "T1601 - Modify System Image",
-        "T1601.001 - Patch System Image",
-        "T1601.002 - Downgrade System Image",
-        "T1602 - Data from Configuration Repository",
-        "T1602.001 - SNMP (MIB Dump)",
-        "T1602.002 - Network Device Configuration Dump",
-        "T1603 - Scheduled Task/Job",
-        "T1604 - Proxy Through Victim",
-        "T1605 - Command-Line Interface",
-        "T1606 - Forge Web Credentials",
-        "T1606.001 - Web Cookies",
-        "T1606.002 - SAML Tokens",
-        "T1608 - Stage Capabilities",
-        "T1608.001 - Upload Malware",
-        "T1608.002 - Upload Tool",
-        "T1608.003 - Install Digital Certificate",
-        "T1608.004 - Drive-by Target",
-        "T1608.005 - Link Target",
-        "T1608.006 - SEO Poisoning",
-        "T1609 - Container Administration Command",
-        "T1610 - Deploy Container",
-        "T1611 - Escape to Host",
-        "T1612 - Build Image on Host",
-        "T1613 - Container and Resource Discovery",
-        "T1614 - System Location Discovery",
-        "T1614.001 - System Language Discovery",
-        "T1615 - Group Policy Discovery",
-        "T1616 - Call Control",
-        "T1617 - Hooking",
-        "T1618 - User Evasion",
-        "T1619 - Cloud Storage Object Discovery",
-        "T1620 - Reflective Code Loading",
-        "T1621 - Multi-Factor Authentication Request Generation",
-        "T1622 - Debugger Evasion",
-        "T1623 - Command and Scripting Interpreter",
-        "T1623.001 - Unix Shell",
-        "T1624 - Event Triggered Execution",
-        "T1624.001 - Broadcast Receivers",
-        "T1625 - Hijack Execution Flow",
-        "T1625.001 - System Runtime API Hijacking",
-        "T1626 - Abuse Elevation Control Mechanism",
-        "T1626.001 - Device Administrator Permissions",
-        "T1627 - Execution Guardrails",
-        "T1627.001 - Geofencing",
-        "T1628 - Hide Artifacts",
-        "T1628.001 - Suppress Application Icon",
-        "T1628.002 - User Evasion",
-        "T1629 - Impair Defenses",
-        "T1629.001 - Prevent Application Removal",
-        "T1629.002 - Device Lockout",
-        "T1629.003 - Disable or Modify Tools",
-        "T1630 - Indicator Removal on Host",
-        "T1630.001 - Uninstall Malicious Application",
-        "T1630.002 - File Deletion",
-        "T1630.003 - Disguise Root/Jailbreak Indicators",
-        "T1631 - Process Injection",
-        "T1631.001 - Ptrace System Calls",
-        "T1632 - Subvert Trust Controls",
-        "T1632.001 - Code Signing Policy Modification",
-        "T1633 - Virtualization/Sandbox Evasion",
-        "T1633.001 - System Checks",
-        "T1634 - Credentials from Password Store",
-        "T1634.001 - Keychain",
-        "T1635 - Steal Application Access Token",
-        "T1635.001 - URI Hijacking",
-        "T1636 - Protected User Data",
-        "T1636.001 - Calendar Entries",
-        "T1636.002 - Call Log",
-        "T1636.003 - Contact List",
-        "T1636.004 - SMS Messages",
-        "T1637 - Dynamic Resolution",
-        "T1637.001 - Domain Generation Algorithms",
-        "T1638 - Adversary-in-the-Middle",
-        "T1639 - Exfiltration Over Alternative Protocol",
-        "T1639.001 - Exfiltration Over Unencrypted Non-C2 Protocol",
-        "T1640 - Account Access Removal",
-        "T1641 - Data Manipulation",
-        "T1641.001 - Transmitted Data Manipulation",
-        "T1642 - Endpoint Denial of Service",
-        "T1643 - Generate Traffic from Victim",
-        "T1644 - Out of Band Data",
-        "T1645 - Compromise Client Software Binary",
-        "T1646 - Exfiltration Over C2 Channel",
-        "T1647 - Plist File Modification",
-        "T1648 - Serverless Execution",
-        "T1649 - Steal or Forge Authentication Certificates",
-        "T1650 - Acquire Access",
-        "T1651 - Cloud Administration Command",
-        "T1652 - Device Driver Discovery"
+        "T0800",
+        "T0801",
+        "T0802",
+        "T0803",
+        "T0804",
+        "T0805",
+        "T0806",
+        "T0807",
+        "T0808",
+        "T0809",
+        "T0810",
+        "T0811",
+        "T0812",
+        "T0813",
+        "T0814",
+        "T0815",
+        "T0816",
+        "T0817",
+        "T0818",
+        "T0819",
+        "T0820",
+        "T0821",
+        "T0822",
+        "T0823",
+        "T0824",
+        "T0825",
+        "T0826",
+        "T0827",
+        "T0828",
+        "T0829",
+        "T0830",
+        "T0831",
+        "T0832",
+        "T0833",
+        "T0834",
+        "T0835",
+        "T0836",
+        "T0837",
+        "T0838",
+        "T0839",
+        "T0840",
+        "T0841",
+        "T0842",
+        "T0843",
+        "T0844",
+        "T0845",
+        "T0846",
+        "T0847",
+        "T0848",
+        "T0849",
+        "T0850",
+        "T0851",
+        "T0852",
+        "T0853",
+        "T0854",
+        "T0855",
+        "T0856",
+        "T0857",
+        "T0858",
+        "T0859",
+        "T0860",
+        "T0861",
+        "T0862",
+        "T0863",
+        "T0864",
+        "T0865",
+        "T0866",
+        "T0867",
+        "T0868",
+        "T0869",
+        "T0870",
+        "T0871",
+        "T0872",
+        "T0873",
+        "T0874",
+        "T0875",
+        "T0877",
+        "T0878",
+        "T0879",
+        "T0880",
+        "T0881",
+        "T0882",
+        "T0883",
+        "T0884",
+        "T0885",
+        "T0886",
+        "T0887",
+        "T0888",
+        "T0889",
+        "T0890",
+        "T0891",
+        "T0892",
+        "T0893",
+        "T1001",
+        "T1001.001",
+        "T1001.002",
+        "T1001.003",
+        "T1002",
+        "T1003",
+        "T1003.001",
+        "T1003.002",
+        "T1003.003",
+        "T1003.004",
+        "T1003.005",
+        "T1003.006",
+        "T1003.007",
+        "T1003.008",
+        "T1004",
+        "T1005",
+        "T1006",
+        "T1007",
+        "T1008",
+        "T1009",
+        "T1010",
+        "T1011",
+        "T1011.001",
+        "T1012",
+        "T1013",
+        "T1014",
+        "T1015",
+        "T1016",
+        "T1016.001",
+        "T1017",
+        "T1018",
+        "T1019",
+        "T1020",
+        "T1020.001",
+        "T1021",
+        "T1021.001",
+        "T1021.002",
+        "T1021.003",
+        "T1021.004",
+        "T1021.005",
+        "T1021.006",
+        "T1021.007",
+        "T1022",
+        "T1023",
+        "T1024",
+        "T1025",
+        "T1026",
+        "T1027",
+        "T1027.001",
+        "T1027.002",
+        "T1027.003",
+        "T1027.004",
+        "T1027.005",
+        "T1027.006",
+        "T1027.007",
+        "T1027.008",
+        "T1027.009",
+        "T1027.010",
+        "T1027.011",
+        "T1028",
+        "T1029",
+        "T1030",
+        "T1031",
+        "T1032",
+        "T1033",
+        "T1034",
+        "T1035",
+        "T1036",
+        "T1036.001",
+        "T1036.002",
+        "T1036.003",
+        "T1036.004",
+        "T1036.005",
+        "T1036.006",
+        "T1036.007",
+        "T1036.008",
+        "T1037",
+        "T1037.001",
+        "T1037.002",
+        "T1037.003",
+        "T1037.004",
+        "T1037.005",
+        "T1038",
+        "T1039",
+        "T1040",
+        "T1041",
+        "T1042",
+        "T1043",
+        "T1044",
+        "T1045",
+        "T1046",
+        "T1047",
+        "T1048",
+        "T1048.001",
+        "T1048.002",
+        "T1048.003",
+        "T1049",
+        "T1050",
+        "T1051",
+        "T1052",
+        "T1052.001",
+        "T1053",
+        "T1053.001",
+        "T1053.002",
+        "T1053.003",
+        "T1053.004",
+        "T1053.005",
+        "T1053.006",
+        "T1053.007",
+        "T1054",
+        "T1055",
+        "T1055.001",
+        "T1055.002",
+        "T1055.003",
+        "T1055.004",
+        "T1055.005",
+        "T1055.008",
+        "T1055.009",
+        "T1055.011",
+        "T1055.012",
+        "T1055.013",
+        "T1055.014",
+        "T1055.015",
+        "T1056",
+        "T1056.001",
+        "T1056.002",
+        "T1056.003",
+        "T1056.004",
+        "T1057",
+        "T1058",
+        "T1059",
+        "T1059.001",
+        "T1059.002",
+        "T1059.003",
+        "T1059.004",
+        "T1059.005",
+        "T1059.006",
+        "T1059.007",
+        "T1059.008",
+        "T1059.009",
+        "T1060",
+        "T1061",
+        "T1062",
+        "T1063",
+        "T1064",
+        "T1065",
+        "T1066",
+        "T1067",
+        "T1068",
+        "T1069",
+        "T1069.001",
+        "T1069.002",
+        "T1069.003",
+        "T1070",
+        "T1070.001",
+        "T1070.002",
+        "T1070.003",
+        "T1070.004",
+        "T1070.005",
+        "T1070.006",
+        "T1070.007",
+        "T1070.008",
+        "T1070.009",
+        "T1071",
+        "T1071.001",
+        "T1071.002",
+        "T1071.003",
+        "T1071.004",
+        "T1072",
+        "T1073",
+        "T1074",
+        "T1074.001",
+        "T1074.002",
+        "T1075",
+        "T1076",
+        "T1077",
+        "T1078",
+        "T1078.001",
+        "T1078.002",
+        "T1078.003",
+        "T1078.004",
+        "T1079",
+        "T1080",
+        "T1081",
+        "T1082",
+        "T1083",
+        "T1084",
+        "T1085",
+        "T1086",
+        "T1087",
+        "T1087.001",
+        "T1087.002",
+        "T1087.003",
+        "T1087.004",
+        "T1088",
+        "T1089",
+        "T1090",
+        "T1090.001",
+        "T1090.002",
+        "T1090.003",
+        "T1090.004",
+        "T1091",
+        "T1092",
+        "T1093",
+        "T1094",
+        "T1095",
+        "T1096",
+        "T1097",
+        "T1098",
+        "T1098.001",
+        "T1098.002",
+        "T1098.003",
+        "T1098.004",
+        "T1098.005",
+        "T1099",
+        "T1100",
+        "T1101",
+        "T1102",
+        "T1102.001",
+        "T1102.002",
+        "T1102.003",
+        "T1103",
+        "T1104",
+        "T1105",
+        "T1106",
+        "T1107",
+        "T1108",
+        "T1109",
+        "T1110",
+        "T1110.001",
+        "T1110.002",
+        "T1110.003",
+        "T1110.004",
+        "T1111",
+        "T1112",
+        "T1113",
+        "T1114",
+        "T1114.001",
+        "T1114.002",
+        "T1114.003",
+        "T1115",
+        "T1116",
+        "T1117",
+        "T1118",
+        "T1119",
+        "T1120",
+        "T1121",
+        "T1122",
+        "T1123",
+        "T1124",
+        "T1125",
+        "T1126",
+        "T1127",
+        "T1127.001",
+        "T1128",
+        "T1129",
+        "T1130",
+        "T1131",
+        "T1132",
+        "T1132.001",
+        "T1132.002",
+        "T1133",
+        "T1134",
+        "T1134.001",
+        "T1134.002",
+        "T1134.003",
+        "T1134.004",
+        "T1134.005",
+        "T1135",
+        "T1136",
+        "T1136.001",
+        "T1136.002",
+        "T1136.003",
+        "T1137",
+        "T1137.001",
+        "T1137.002",
+        "T1137.003",
+        "T1137.004",
+        "T1137.005",
+        "T1137.006",
+        "T1138",
+        "T1139",
+        "T1140",
+        "T1141",
+        "T1142",
+        "T1143",
+        "T1144",
+        "T1145",
+        "T1146",
+        "T1147",
+        "T1148",
+        "T1149",
+        "T1150",
+        "T1151",
+        "T1152",
+        "T1153",
+        "T1154",
+        "T1155",
+        "T1156",
+        "T1157",
+        "T1158",
+        "T1159",
+        "T1160",
+        "T1161",
+        "T1162",
+        "T1163",
+        "T1164",
+        "T1165",
+        "T1166",
+        "T1167",
+        "T1168",
+        "T1169",
+        "T1170",
+        "T1171",
+        "T1172",
+        "T1173",
+        "T1174",
+        "T1175",
+        "T1176",
+        "T1177",
+        "T1178",
+        "T1179",
+        "T1180",
+        "T1181",
+        "T1182",
+        "T1183",
+        "T1184",
+        "T1185",
+        "T1186",
+        "T1187",
+        "T1188",
+        "T1189",
+        "T1190",
+        "T1191",
+        "T1192",
+        "T1193",
+        "T1194",
+        "T1195",
+        "T1195.001",
+        "T1195.002",
+        "T1195.003",
+        "T1196",
+        "T1197",
+        "T1198",
+        "T1199",
+        "T1200",
+        "T1201",
+        "T1202",
+        "T1203",
+        "T1204",
+        "T1204.001",
+        "T1204.002",
+        "T1204.003",
+        "T1205",
+        "T1205.001",
+        "T1205.002",
+        "T1206",
+        "T1207",
+        "T1208",
+        "T1209",
+        "T1210",
+        "T1211",
+        "T1212",
+        "T1213",
+        "T1213.001",
+        "T1213.002",
+        "T1213.003",
+        "T1214",
+        "T1215",
+        "T1216",
+        "T1216.001",
+        "T1217",
+        "T1218",
+        "T1218.001",
+        "T1218.002",
+        "T1218.003",
+        "T1218.004",
+        "T1218.005",
+        "T1218.007",
+        "T1218.008",
+        "T1218.009",
+        "T1218.010",
+        "T1218.011",
+        "T1218.012",
+        "T1218.013",
+        "T1218.014",
+        "T1219",
+        "T1220",
+        "T1221",
+        "T1222",
+        "T1222.001",
+        "T1222.002",
+        "T1223",
+        "T1398",
+        "T1399",
+        "T1400",
+        "T1401",
+        "T1402",
+        "T1403",
+        "T1404",
+        "T1405",
+        "T1406",
+        "T1406.001",
+        "T1406.002",
+        "T1407",
+        "T1408",
+        "T1409",
+        "T1410",
+        "T1411",
+        "T1412",
+        "T1413",
+        "T1414",
+        "T1415",
+        "T1416",
+        "T1417",
+        "T1417.001",
+        "T1417.002",
+        "T1418",
+        "T1418.001",
+        "T1419",
+        "T1420",
+        "T1421",
+        "T1422",
+        "T1423",
+        "T1424",
+        "T1425",
+        "T1426",
+        "T1427",
+        "T1428",
+        "T1429",
+        "T1430",
+        "T1430.001",
+        "T1430.002",
+        "T1431",
+        "T1432",
+        "T1433",
+        "T1434",
+        "T1435",
+        "T1436",
+        "T1437",
+        "T1437.001",
+        "T1438",
+        "T1439",
+        "T1440",
+        "T1441",
+        "T1442",
+        "T1443",
+        "T1444",
+        "T1445",
+        "T1446",
+        "T1447",
+        "T1448",
+        "T1449",
+        "T1450",
+        "T1451",
+        "T1452",
+        "T1453",
+        "T1454",
+        "T1455",
+        "T1456",
+        "T1457",
+        "T1458",
+        "T1459",
+        "T1460",
+        "T1461",
+        "T1462",
+        "T1463",
+        "T1464",
+        "T1465",
+        "T1466",
+        "T1467",
+        "T1468",
+        "T1469",
+        "T1470",
+        "T1471",
+        "T1472",
+        "T1473",
+        "T1474",
+        "T1474.001",
+        "T1474.002",
+        "T1474.003",
+        "T1475",
+        "T1476",
+        "T1477",
+        "T1478",
+        "T1480",
+        "T1480.001",
+        "T1481",
+        "T1481.001",
+        "T1481.002",
+        "T1481.003",
+        "T1482",
+        "T1483",
+        "T1484",
+        "T1484.001",
+        "T1484.002",
+        "T1485",
+        "T1486",
+        "T1487",
+        "T1488",
+        "T1489",
+        "T1490",
+        "T1491",
+        "T1491.001",
+        "T1491.002",
+        "T1492",
+        "T1493",
+        "T1494",
+        "T1495",
+        "T1496",
+        "T1497",
+        "T1497.001",
+        "T1497.002",
+        "T1497.003",
+        "T1498",
+        "T1498.001",
+        "T1498.002",
+        "T1499",
+        "T1499.001",
+        "T1499.002",
+        "T1499.003",
+        "T1499.004",
+        "T1500",
+        "T1501",
+        "T1502",
+        "T1503",
+        "T1504",
+        "T1505",
+        "T1505.001",
+        "T1505.002",
+        "T1505.003",
+        "T1505.004",
+        "T1505.005",
+        "T1506",
+        "T1507",
+        "T1508",
+        "T1509",
+        "T1510",
+        "T1512",
+        "T1513",
+        "T1514",
+        "T1516",
+        "T1517",
+        "T1518",
+        "T1518.001",
+        "T1519",
+        "T1520",
+        "T1521",
+        "T1521.001",
+        "T1521.002",
+        "T1522",
+        "T1523",
+        "T1525",
+        "T1526",
+        "T1527",
+        "T1528",
+        "T1529",
+        "T1530",
+        "T1531",
+        "T1532",
+        "T1533",
+        "T1534",
+        "T1535",
+        "T1536",
+        "T1537",
+        "T1538",
+        "T1539",
+        "T1540",
+        "T1541",
+        "T1542",
+        "T1542.001",
+        "T1542.002",
+        "T1542.003",
+        "T1542.004",
+        "T1542.005",
+        "T1543",
+        "T1543.001",
+        "T1543.002",
+        "T1543.003",
+        "T1543.004",
+        "T1544",
+        "T1546",
+        "T1546.001",
+        "T1546.002",
+        "T1546.003",
+        "T1546.004",
+        "T1546.005",
+        "T1546.006",
+        "T1546.007",
+        "T1546.008",
+        "T1546.009",
+        "T1546.010",
+        "T1546.011",
+        "T1546.012",
+        "T1546.013",
+        "T1546.014",
+        "T1546.015",
+        "T1546.016",
+        "T1547",
+        "T1547.001",
+        "T1547.002",
+        "T1547.003",
+        "T1547.004",
+        "T1547.005",
+        "T1547.006",
+        "T1547.007",
+        "T1547.008",
+        "T1547.009",
+        "T1547.010",
+        "T1547.011",
+        "T1547.012",
+        "T1547.013",
+        "T1547.014",
+        "T1547.015",
+        "T1548",
+        "T1548.001",
+        "T1548.002",
+        "T1548.003",
+        "T1548.004",
+        "T1550",
+        "T1550.001",
+        "T1550.002",
+        "T1550.003",
+        "T1550.004",
+        "T1552",
+        "T1552.001",
+        "T1552.002",
+        "T1552.003",
+        "T1552.004",
+        "T1552.005",
+        "T1552.006",
+        "T1552.007",
+        "T1552.008",
+        "T1553",
+        "T1553.001",
+        "T1553.002",
+        "T1553.003",
+        "T1553.004",
+        "T1553.005",
+        "T1553.006",
+        "T1554",
+        "T1555",
+        "T1555.001",
+        "T1555.002",
+        "T1555.003",
+        "T1555.004",
+        "T1555.005",
+        "T1556",
+        "T1556.001",
+        "T1556.002",
+        "T1556.003",
+        "T1556.004",
+        "T1556.005",
+        "T1556.006",
+        "T1556.007",
+        "T1556.008",
+        "T1557",
+        "T1557.001",
+        "T1557.002",
+        "T1557.003",
+        "T1558",
+        "T1558.001",
+        "T1558.002",
+        "T1558.003",
+        "T1558.004",
+        "T1559",
+        "T1559.001",
+        "T1559.002",
+        "T1559.003",
+        "T1560",
+        "T1560.001",
+        "T1560.002",
+        "T1560.003",
+        "T1561",
+        "T1561.001",
+        "T1561.002",
+        "T1562",
+        "T1562.001",
+        "T1562.002",
+        "T1562.003",
+        "T1562.004",
+        "T1562.006",
+        "T1562.007",
+        "T1562.008",
+        "T1562.009",
+        "T1562.010",
+        "T1562.011",
+        "T1563",
+        "T1563.001",
+        "T1563.002",
+        "T1564",
+        "T1564.001",
+        "T1564.002",
+        "T1564.003",
+        "T1564.004",
+        "T1564.005",
+        "T1564.006",
+        "T1564.007",
+        "T1564.008",
+        "T1564.009",
+        "T1564.010",
+        "T1565",
+        "T1565.001",
+        "T1565.002",
+        "T1565.003",
+        "T1566",
+        "T1566.001",
+        "T1566.002",
+        "T1566.003",
+        "T1567",
+        "T1567.001",
+        "T1567.002",
+        "T1567.003",
+        "T1568",
+        "T1568.001",
+        "T1568.002",
+        "T1568.003",
+        "T1569",
+        "T1569.001",
+        "T1569.002",
+        "T1570",
+        "T1571",
+        "T1572",
+        "T1573",
+        "T1573.001",
+        "T1573.002",
+        "T1574",
+        "T1574.001",
+        "T1574.002",
+        "T1574.004",
+        "T1574.005",
+        "T1574.006",
+        "T1574.007",
+        "T1574.008",
+        "T1574.009",
+        "T1574.010",
+        "T1574.011",
+        "T1574.012",
+        "T1574.013",
+        "T1575",
+        "T1576",
+        "T1577",
+        "T1578",
+        "T1578.001",
+        "T1578.002",
+        "T1578.003",
+        "T1578.004",
+        "T1579",
+        "T1580",
+        "T1581",
+        "T1582",
+        "T1583",
+        "T1583.001",
+        "T1583.002",
+        "T1583.003",
+        "T1583.004",
+        "T1583.005",
+        "T1583.006",
+        "T1583.007",
+        "T1583.008",
+        "T1584",
+        "T1584.001",
+        "T1584.002",
+        "T1584.003",
+        "T1584.004",
+        "T1584.005",
+        "T1584.006",
+        "T1584.007",
+        "T1585",
+        "T1585.001",
+        "T1585.002",
+        "T1585.003",
+        "T1586",
+        "T1586.001",
+        "T1586.002",
+        "T1586.003",
+        "T1587",
+        "T1587.001",
+        "T1587.002",
+        "T1587.003",
+        "T1587.004",
+        "T1588",
+        "T1588.001",
+        "T1588.002",
+        "T1588.003",
+        "T1588.004",
+        "T1588.005",
+        "T1588.006",
+        "T1589",
+        "T1589.001",
+        "T1589.002",
+        "T1589.003",
+        "T1590",
+        "T1590.001",
+        "T1590.002",
+        "T1590.003",
+        "T1590.004",
+        "T1590.005",
+        "T1590.006",
+        "T1591",
+        "T1591.001",
+        "T1591.002",
+        "T1591.003",
+        "T1591.004",
+        "T1592",
+        "T1592.001",
+        "T1592.002",
+        "T1592.003",
+        "T1592.004",
+        "T1593",
+        "T1593.001",
+        "T1593.002",
+        "T1593.003",
+        "T1594",
+        "T1595",
+        "T1595.001",
+        "T1595.002",
+        "T1595.003",
+        "T1596",
+        "T1596.001",
+        "T1596.002",
+        "T1596.003",
+        "T1596.004",
+        "T1596.005",
+        "T1597",
+        "T1597.001",
+        "T1597.002",
+        "T1598",
+        "T1598.001",
+        "T1598.002",
+        "T1598.003",
+        "T1599",
+        "T1599.001",
+        "T1600",
+        "T1600.001",
+        "T1600.002",
+        "T1601",
+        "T1601.001",
+        "T1601.002",
+        "T1602",
+        "T1602.001",
+        "T1602.002",
+        "T1603",
+        "T1604",
+        "T1605",
+        "T1606",
+        "T1606.001",
+        "T1606.002",
+        "T1608",
+        "T1608.001",
+        "T1608.002",
+        "T1608.003",
+        "T1608.004",
+        "T1608.005",
+        "T1608.006",
+        "T1609",
+        "T1610",
+        "T1611",
+        "T1612",
+        "T1613",
+        "T1614",
+        "T1614.001",
+        "T1615",
+        "T1616",
+        "T1617",
+        "T1618",
+        "T1619",
+        "T1620",
+        "T1621",
+        "T1622",
+        "T1623",
+        "T1623.001",
+        "T1624",
+        "T1624.001",
+        "T1625",
+        "T1625.001",
+        "T1626",
+        "T1626.001",
+        "T1627",
+        "T1627.001",
+        "T1628",
+        "T1628.001",
+        "T1628.002",
+        "T1629",
+        "T1629.001",
+        "T1629.002",
+        "T1629.003",
+        "T1630",
+        "T1630.001",
+        "T1630.002",
+        "T1630.003",
+        "T1631",
+        "T1631.001",
+        "T1632",
+        "T1632.001",
+        "T1633",
+        "T1633.001",
+        "T1634",
+        "T1634.001",
+        "T1635",
+        "T1635.001",
+        "T1636",
+        "T1636.001",
+        "T1636.002",
+        "T1636.003",
+        "T1636.004",
+        "T1637",
+        "T1637.001",
+        "T1638",
+        "T1639",
+        "T1639.001",
+        "T1640",
+        "T1641",
+        "T1641.001",
+        "T1642",
+        "T1643",
+        "T1644",
+        "T1645",
+        "T1646",
+        "T1647",
+        "T1648",
+        "T1649",
+        "T1650",
+        "T1651",
+        "T1652"
     ]
 };
 

From be0afd85c9fd95befcfb95f83750139fd6c28222 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Tue, 22 Aug 2023 16:19:35 -0400
Subject: [PATCH 16/18] update developer documentation

---
 docs/developers.rst | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/developers.rst b/docs/developers.rst
index 1be38f42..73fafd90 100644
--- a/docs/developers.rst
+++ b/docs/developers.rst
@@ -303,6 +303,32 @@ If this starts up successfully, then you can access the application at
 http://localhost:8080/. As you edit source code and save, the server will automatically
 rebuild the application and you can refresh the browser to run it again.
 
+Update Intelligence File
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The *Intelligence File* (`builder.config.intel.ts`) drives the application's autocomplete features.
+This file is generated automatically by a set of scripts which download and organize relevant ATT&CK
+information into a format the application can leverage.
+
+To update the Intelligence File, simply invoke:
+
+.. code:: shell
+
+    $ npm run update-intel
+
+    > attack-flow-builder@2.0.1 update-intel
+    > node ./attack/update_attack_intel.js
+
+    → Downloading ATT\&CK Data...
+    → .../attack-stix-data/master/enterprise-attack/enterprise-attack-13.0.json
+    → ...m/mitre-attack/attack-stix-data/master/ics-attack/ics-attack-13.0.json
+    → ...e-attack/attack-stix-data/master/mobile-attack/mobile-attack-13.0.json
+    → Generating Application Intel File...
+
+    Intelligence updated successfully.
+
+The configured list of sources can be modified at any time from `download_sources.js`.
+
 Preload a Flow
 ~~~~~~~~~~~~~~
 

From bf3c9607d27c07b793946920951da23a34a70175 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 24 Aug 2023 11:20:37 -0400
Subject: [PATCH 17/18] correct `hash` to `hashes` in validator

---
 .../src/assets/builder.config.validator.ts                    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/attack_flow_builder/src/assets/builder.config.validator.ts b/src/attack_flow_builder/src/assets/builder.config.validator.ts
index a41ce3ba..e24d8d80 100644
--- a/src/attack_flow_builder/src/assets/builder.config.validator.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.validator.ts
@@ -167,9 +167,9 @@ class AttackFlowValidator extends DiagramValidator {
                 }
                 break;
             case "file":
-                const hash = node.props.value.get("hashes");
+                const hashes = node.props.value.get("hashes");
                 const name = node.props.value.get("name");
-                if(!hash?.isDefined() && !name?.isDefined()) {
+                if(!hashes?.isDefined() && !name?.isDefined()) {
                     this.addError(id, "File requires one of the following properties: Hashes, Name");
                 }
                 if(hashes?.isDefined()) {

From 328c3e89e05a677a0841e3e89a60e04feaa7f883 Mon Sep 17 00:00:00 2001
From: Michael Carenzo <79934822+mikecarenzo@users.noreply.github.com>
Date: Thu, 24 Aug 2023 13:21:40 -0400
Subject: [PATCH 18/18] add additional ATT&CK info to suggestions

---
 .../attack/update_attack_intel.js             |    4 +-
 .../src/assets/builder.config.intel.ts        | 2116 ++++++++---------
 .../src/assets/builder.config.processor.ts    |    8 +-
 3 files changed, 1066 insertions(+), 1062 deletions(-)

diff --git a/src/attack_flow_builder/attack/update_attack_intel.js b/src/attack_flow_builder/attack/update_attack_intel.js
index d354357e..c61ac684 100644
--- a/src/attack_flow_builder/attack/update_attack_intel.js
+++ b/src/attack_flow_builder/attack/update_attack_intel.js
@@ -38,9 +38,9 @@ async function updateApplicationAttackIntel(path, ...urls) {
     console.log("→ Generating Application Intel File...");
     let intel = {
         tactics        : types.get("tactic"),
-        tactic_recs    : types.get("tactic").map(o => o.id).sort(),
+        tactic_recs    : types.get("tactic").map(o => `${o.id} (${o.matrix.split(/\s+/)[0]} / ${o.name})`).sort(),
         technique      : types.get("technique"),
-        technique_recs : types.get("technique").map(o => o.id).sort()
+        technique_recs : types.get("technique").map(o => `${o.id} (${o.name})`).sort()
     };
     
     // Generate intel file
diff --git a/src/attack_flow_builder/src/assets/builder.config.intel.ts b/src/attack_flow_builder/src/assets/builder.config.intel.ts
index 0f3d4162..47bc184e 100644
--- a/src/attack_flow_builder/src/assets/builder.config.intel.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.intel.ts
@@ -362,46 +362,46 @@ export const intel = {
         }
     ],
     "tactic_recs": [
-        "TA0001",
-        "TA0002",
-        "TA0003",
-        "TA0004",
-        "TA0005",
-        "TA0006",
-        "TA0007",
-        "TA0008",
-        "TA0009",
-        "TA0010",
-        "TA0011",
-        "TA0027",
-        "TA0028",
-        "TA0029",
-        "TA0030",
-        "TA0031",
-        "TA0032",
-        "TA0033",
-        "TA0034",
-        "TA0035",
-        "TA0036",
-        "TA0037",
-        "TA0038",
-        "TA0039",
-        "TA0040",
-        "TA0041",
-        "TA0042",
-        "TA0043",
-        "TA0100",
-        "TA0101",
-        "TA0102",
-        "TA0103",
-        "TA0104",
-        "TA0105",
-        "TA0106",
-        "TA0107",
-        "TA0108",
-        "TA0109",
-        "TA0110",
-        "TA0111"
+        "TA0001 (Enterprise / Initial Access)",
+        "TA0002 (Enterprise / Execution)",
+        "TA0003 (Enterprise / Persistence)",
+        "TA0004 (Enterprise / Privilege Escalation)",
+        "TA0005 (Enterprise / Defense Evasion)",
+        "TA0006 (Enterprise / Credential Access)",
+        "TA0007 (Enterprise / Discovery)",
+        "TA0008 (Enterprise / Lateral Movement)",
+        "TA0009 (Enterprise / Collection)",
+        "TA0010 (Enterprise / Exfiltration)",
+        "TA0011 (Enterprise / Command and Control)",
+        "TA0027 (Mobile / Initial Access)",
+        "TA0028 (Mobile / Persistence)",
+        "TA0029 (Mobile / Privilege Escalation)",
+        "TA0030 (Mobile / Defense Evasion)",
+        "TA0031 (Mobile / Credential Access)",
+        "TA0032 (Mobile / Discovery)",
+        "TA0033 (Mobile / Lateral Movement)",
+        "TA0034 (Mobile / Impact)",
+        "TA0035 (Mobile / Collection)",
+        "TA0036 (Mobile / Exfiltration)",
+        "TA0037 (Mobile / Command and Control)",
+        "TA0038 (Mobile / Network Effects)",
+        "TA0039 (Mobile / Remote Service Effects)",
+        "TA0040 (Enterprise / Impact)",
+        "TA0041 (Mobile / Execution)",
+        "TA0042 (Enterprise / Resource Development)",
+        "TA0043 (Enterprise / Reconnaissance)",
+        "TA0100 (ICS / Collection)",
+        "TA0101 (ICS / Command and Control)",
+        "TA0102 (ICS / Discovery)",
+        "TA0103 (ICS / Evasion)",
+        "TA0104 (ICS / Execution)",
+        "TA0105 (ICS / Impact)",
+        "TA0106 (ICS / Impair Process Control)",
+        "TA0107 (ICS / Inhibit Response Function)",
+        "TA0108 (ICS / Initial Access)",
+        "TA0109 (ICS / Lateral Movement)",
+        "TA0110 (ICS / Persistence)",
+        "TA0111 (ICS / Privilege Escalation)"
     ],
     "technique": [
         {
@@ -9568,1024 +9568,1024 @@ export const intel = {
         }
     ],
     "technique_recs": [
-        "T0800",
-        "T0801",
-        "T0802",
-        "T0803",
-        "T0804",
-        "T0805",
-        "T0806",
-        "T0807",
-        "T0808",
-        "T0809",
-        "T0810",
-        "T0811",
-        "T0812",
-        "T0813",
-        "T0814",
-        "T0815",
-        "T0816",
-        "T0817",
-        "T0818",
-        "T0819",
-        "T0820",
-        "T0821",
-        "T0822",
-        "T0823",
-        "T0824",
-        "T0825",
-        "T0826",
-        "T0827",
-        "T0828",
-        "T0829",
-        "T0830",
-        "T0831",
-        "T0832",
-        "T0833",
-        "T0834",
-        "T0835",
-        "T0836",
-        "T0837",
-        "T0838",
-        "T0839",
-        "T0840",
-        "T0841",
-        "T0842",
-        "T0843",
-        "T0844",
-        "T0845",
-        "T0846",
-        "T0847",
-        "T0848",
-        "T0849",
-        "T0850",
-        "T0851",
-        "T0852",
-        "T0853",
-        "T0854",
-        "T0855",
-        "T0856",
-        "T0857",
-        "T0858",
-        "T0859",
-        "T0860",
-        "T0861",
-        "T0862",
-        "T0863",
-        "T0864",
-        "T0865",
-        "T0866",
-        "T0867",
-        "T0868",
-        "T0869",
-        "T0870",
-        "T0871",
-        "T0872",
-        "T0873",
-        "T0874",
-        "T0875",
-        "T0877",
-        "T0878",
-        "T0879",
-        "T0880",
-        "T0881",
-        "T0882",
-        "T0883",
-        "T0884",
-        "T0885",
-        "T0886",
-        "T0887",
-        "T0888",
-        "T0889",
-        "T0890",
-        "T0891",
-        "T0892",
-        "T0893",
-        "T1001",
-        "T1001.001",
-        "T1001.002",
-        "T1001.003",
-        "T1002",
-        "T1003",
-        "T1003.001",
-        "T1003.002",
-        "T1003.003",
-        "T1003.004",
-        "T1003.005",
-        "T1003.006",
-        "T1003.007",
-        "T1003.008",
-        "T1004",
-        "T1005",
-        "T1006",
-        "T1007",
-        "T1008",
-        "T1009",
-        "T1010",
-        "T1011",
-        "T1011.001",
-        "T1012",
-        "T1013",
-        "T1014",
-        "T1015",
-        "T1016",
-        "T1016.001",
-        "T1017",
-        "T1018",
-        "T1019",
-        "T1020",
-        "T1020.001",
-        "T1021",
-        "T1021.001",
-        "T1021.002",
-        "T1021.003",
-        "T1021.004",
-        "T1021.005",
-        "T1021.006",
-        "T1021.007",
-        "T1022",
-        "T1023",
-        "T1024",
-        "T1025",
-        "T1026",
-        "T1027",
-        "T1027.001",
-        "T1027.002",
-        "T1027.003",
-        "T1027.004",
-        "T1027.005",
-        "T1027.006",
-        "T1027.007",
-        "T1027.008",
-        "T1027.009",
-        "T1027.010",
-        "T1027.011",
-        "T1028",
-        "T1029",
-        "T1030",
-        "T1031",
-        "T1032",
-        "T1033",
-        "T1034",
-        "T1035",
-        "T1036",
-        "T1036.001",
-        "T1036.002",
-        "T1036.003",
-        "T1036.004",
-        "T1036.005",
-        "T1036.006",
-        "T1036.007",
-        "T1036.008",
-        "T1037",
-        "T1037.001",
-        "T1037.002",
-        "T1037.003",
-        "T1037.004",
-        "T1037.005",
-        "T1038",
-        "T1039",
-        "T1040",
-        "T1041",
-        "T1042",
-        "T1043",
-        "T1044",
-        "T1045",
-        "T1046",
-        "T1047",
-        "T1048",
-        "T1048.001",
-        "T1048.002",
-        "T1048.003",
-        "T1049",
-        "T1050",
-        "T1051",
-        "T1052",
-        "T1052.001",
-        "T1053",
-        "T1053.001",
-        "T1053.002",
-        "T1053.003",
-        "T1053.004",
-        "T1053.005",
-        "T1053.006",
-        "T1053.007",
-        "T1054",
-        "T1055",
-        "T1055.001",
-        "T1055.002",
-        "T1055.003",
-        "T1055.004",
-        "T1055.005",
-        "T1055.008",
-        "T1055.009",
-        "T1055.011",
-        "T1055.012",
-        "T1055.013",
-        "T1055.014",
-        "T1055.015",
-        "T1056",
-        "T1056.001",
-        "T1056.002",
-        "T1056.003",
-        "T1056.004",
-        "T1057",
-        "T1058",
-        "T1059",
-        "T1059.001",
-        "T1059.002",
-        "T1059.003",
-        "T1059.004",
-        "T1059.005",
-        "T1059.006",
-        "T1059.007",
-        "T1059.008",
-        "T1059.009",
-        "T1060",
-        "T1061",
-        "T1062",
-        "T1063",
-        "T1064",
-        "T1065",
-        "T1066",
-        "T1067",
-        "T1068",
-        "T1069",
-        "T1069.001",
-        "T1069.002",
-        "T1069.003",
-        "T1070",
-        "T1070.001",
-        "T1070.002",
-        "T1070.003",
-        "T1070.004",
-        "T1070.005",
-        "T1070.006",
-        "T1070.007",
-        "T1070.008",
-        "T1070.009",
-        "T1071",
-        "T1071.001",
-        "T1071.002",
-        "T1071.003",
-        "T1071.004",
-        "T1072",
-        "T1073",
-        "T1074",
-        "T1074.001",
-        "T1074.002",
-        "T1075",
-        "T1076",
-        "T1077",
-        "T1078",
-        "T1078.001",
-        "T1078.002",
-        "T1078.003",
-        "T1078.004",
-        "T1079",
-        "T1080",
-        "T1081",
-        "T1082",
-        "T1083",
-        "T1084",
-        "T1085",
-        "T1086",
-        "T1087",
-        "T1087.001",
-        "T1087.002",
-        "T1087.003",
-        "T1087.004",
-        "T1088",
-        "T1089",
-        "T1090",
-        "T1090.001",
-        "T1090.002",
-        "T1090.003",
-        "T1090.004",
-        "T1091",
-        "T1092",
-        "T1093",
-        "T1094",
-        "T1095",
-        "T1096",
-        "T1097",
-        "T1098",
-        "T1098.001",
-        "T1098.002",
-        "T1098.003",
-        "T1098.004",
-        "T1098.005",
-        "T1099",
-        "T1100",
-        "T1101",
-        "T1102",
-        "T1102.001",
-        "T1102.002",
-        "T1102.003",
-        "T1103",
-        "T1104",
-        "T1105",
-        "T1106",
-        "T1107",
-        "T1108",
-        "T1109",
-        "T1110",
-        "T1110.001",
-        "T1110.002",
-        "T1110.003",
-        "T1110.004",
-        "T1111",
-        "T1112",
-        "T1113",
-        "T1114",
-        "T1114.001",
-        "T1114.002",
-        "T1114.003",
-        "T1115",
-        "T1116",
-        "T1117",
-        "T1118",
-        "T1119",
-        "T1120",
-        "T1121",
-        "T1122",
-        "T1123",
-        "T1124",
-        "T1125",
-        "T1126",
-        "T1127",
-        "T1127.001",
-        "T1128",
-        "T1129",
-        "T1130",
-        "T1131",
-        "T1132",
-        "T1132.001",
-        "T1132.002",
-        "T1133",
-        "T1134",
-        "T1134.001",
-        "T1134.002",
-        "T1134.003",
-        "T1134.004",
-        "T1134.005",
-        "T1135",
-        "T1136",
-        "T1136.001",
-        "T1136.002",
-        "T1136.003",
-        "T1137",
-        "T1137.001",
-        "T1137.002",
-        "T1137.003",
-        "T1137.004",
-        "T1137.005",
-        "T1137.006",
-        "T1138",
-        "T1139",
-        "T1140",
-        "T1141",
-        "T1142",
-        "T1143",
-        "T1144",
-        "T1145",
-        "T1146",
-        "T1147",
-        "T1148",
-        "T1149",
-        "T1150",
-        "T1151",
-        "T1152",
-        "T1153",
-        "T1154",
-        "T1155",
-        "T1156",
-        "T1157",
-        "T1158",
-        "T1159",
-        "T1160",
-        "T1161",
-        "T1162",
-        "T1163",
-        "T1164",
-        "T1165",
-        "T1166",
-        "T1167",
-        "T1168",
-        "T1169",
-        "T1170",
-        "T1171",
-        "T1172",
-        "T1173",
-        "T1174",
-        "T1175",
-        "T1176",
-        "T1177",
-        "T1178",
-        "T1179",
-        "T1180",
-        "T1181",
-        "T1182",
-        "T1183",
-        "T1184",
-        "T1185",
-        "T1186",
-        "T1187",
-        "T1188",
-        "T1189",
-        "T1190",
-        "T1191",
-        "T1192",
-        "T1193",
-        "T1194",
-        "T1195",
-        "T1195.001",
-        "T1195.002",
-        "T1195.003",
-        "T1196",
-        "T1197",
-        "T1198",
-        "T1199",
-        "T1200",
-        "T1201",
-        "T1202",
-        "T1203",
-        "T1204",
-        "T1204.001",
-        "T1204.002",
-        "T1204.003",
-        "T1205",
-        "T1205.001",
-        "T1205.002",
-        "T1206",
-        "T1207",
-        "T1208",
-        "T1209",
-        "T1210",
-        "T1211",
-        "T1212",
-        "T1213",
-        "T1213.001",
-        "T1213.002",
-        "T1213.003",
-        "T1214",
-        "T1215",
-        "T1216",
-        "T1216.001",
-        "T1217",
-        "T1218",
-        "T1218.001",
-        "T1218.002",
-        "T1218.003",
-        "T1218.004",
-        "T1218.005",
-        "T1218.007",
-        "T1218.008",
-        "T1218.009",
-        "T1218.010",
-        "T1218.011",
-        "T1218.012",
-        "T1218.013",
-        "T1218.014",
-        "T1219",
-        "T1220",
-        "T1221",
-        "T1222",
-        "T1222.001",
-        "T1222.002",
-        "T1223",
-        "T1398",
-        "T1399",
-        "T1400",
-        "T1401",
-        "T1402",
-        "T1403",
-        "T1404",
-        "T1405",
-        "T1406",
-        "T1406.001",
-        "T1406.002",
-        "T1407",
-        "T1408",
-        "T1409",
-        "T1410",
-        "T1411",
-        "T1412",
-        "T1413",
-        "T1414",
-        "T1415",
-        "T1416",
-        "T1417",
-        "T1417.001",
-        "T1417.002",
-        "T1418",
-        "T1418.001",
-        "T1419",
-        "T1420",
-        "T1421",
-        "T1422",
-        "T1423",
-        "T1424",
-        "T1425",
-        "T1426",
-        "T1427",
-        "T1428",
-        "T1429",
-        "T1430",
-        "T1430.001",
-        "T1430.002",
-        "T1431",
-        "T1432",
-        "T1433",
-        "T1434",
-        "T1435",
-        "T1436",
-        "T1437",
-        "T1437.001",
-        "T1438",
-        "T1439",
-        "T1440",
-        "T1441",
-        "T1442",
-        "T1443",
-        "T1444",
-        "T1445",
-        "T1446",
-        "T1447",
-        "T1448",
-        "T1449",
-        "T1450",
-        "T1451",
-        "T1452",
-        "T1453",
-        "T1454",
-        "T1455",
-        "T1456",
-        "T1457",
-        "T1458",
-        "T1459",
-        "T1460",
-        "T1461",
-        "T1462",
-        "T1463",
-        "T1464",
-        "T1465",
-        "T1466",
-        "T1467",
-        "T1468",
-        "T1469",
-        "T1470",
-        "T1471",
-        "T1472",
-        "T1473",
-        "T1474",
-        "T1474.001",
-        "T1474.002",
-        "T1474.003",
-        "T1475",
-        "T1476",
-        "T1477",
-        "T1478",
-        "T1480",
-        "T1480.001",
-        "T1481",
-        "T1481.001",
-        "T1481.002",
-        "T1481.003",
-        "T1482",
-        "T1483",
-        "T1484",
-        "T1484.001",
-        "T1484.002",
-        "T1485",
-        "T1486",
-        "T1487",
-        "T1488",
-        "T1489",
-        "T1490",
-        "T1491",
-        "T1491.001",
-        "T1491.002",
-        "T1492",
-        "T1493",
-        "T1494",
-        "T1495",
-        "T1496",
-        "T1497",
-        "T1497.001",
-        "T1497.002",
-        "T1497.003",
-        "T1498",
-        "T1498.001",
-        "T1498.002",
-        "T1499",
-        "T1499.001",
-        "T1499.002",
-        "T1499.003",
-        "T1499.004",
-        "T1500",
-        "T1501",
-        "T1502",
-        "T1503",
-        "T1504",
-        "T1505",
-        "T1505.001",
-        "T1505.002",
-        "T1505.003",
-        "T1505.004",
-        "T1505.005",
-        "T1506",
-        "T1507",
-        "T1508",
-        "T1509",
-        "T1510",
-        "T1512",
-        "T1513",
-        "T1514",
-        "T1516",
-        "T1517",
-        "T1518",
-        "T1518.001",
-        "T1519",
-        "T1520",
-        "T1521",
-        "T1521.001",
-        "T1521.002",
-        "T1522",
-        "T1523",
-        "T1525",
-        "T1526",
-        "T1527",
-        "T1528",
-        "T1529",
-        "T1530",
-        "T1531",
-        "T1532",
-        "T1533",
-        "T1534",
-        "T1535",
-        "T1536",
-        "T1537",
-        "T1538",
-        "T1539",
-        "T1540",
-        "T1541",
-        "T1542",
-        "T1542.001",
-        "T1542.002",
-        "T1542.003",
-        "T1542.004",
-        "T1542.005",
-        "T1543",
-        "T1543.001",
-        "T1543.002",
-        "T1543.003",
-        "T1543.004",
-        "T1544",
-        "T1546",
-        "T1546.001",
-        "T1546.002",
-        "T1546.003",
-        "T1546.004",
-        "T1546.005",
-        "T1546.006",
-        "T1546.007",
-        "T1546.008",
-        "T1546.009",
-        "T1546.010",
-        "T1546.011",
-        "T1546.012",
-        "T1546.013",
-        "T1546.014",
-        "T1546.015",
-        "T1546.016",
-        "T1547",
-        "T1547.001",
-        "T1547.002",
-        "T1547.003",
-        "T1547.004",
-        "T1547.005",
-        "T1547.006",
-        "T1547.007",
-        "T1547.008",
-        "T1547.009",
-        "T1547.010",
-        "T1547.011",
-        "T1547.012",
-        "T1547.013",
-        "T1547.014",
-        "T1547.015",
-        "T1548",
-        "T1548.001",
-        "T1548.002",
-        "T1548.003",
-        "T1548.004",
-        "T1550",
-        "T1550.001",
-        "T1550.002",
-        "T1550.003",
-        "T1550.004",
-        "T1552",
-        "T1552.001",
-        "T1552.002",
-        "T1552.003",
-        "T1552.004",
-        "T1552.005",
-        "T1552.006",
-        "T1552.007",
-        "T1552.008",
-        "T1553",
-        "T1553.001",
-        "T1553.002",
-        "T1553.003",
-        "T1553.004",
-        "T1553.005",
-        "T1553.006",
-        "T1554",
-        "T1555",
-        "T1555.001",
-        "T1555.002",
-        "T1555.003",
-        "T1555.004",
-        "T1555.005",
-        "T1556",
-        "T1556.001",
-        "T1556.002",
-        "T1556.003",
-        "T1556.004",
-        "T1556.005",
-        "T1556.006",
-        "T1556.007",
-        "T1556.008",
-        "T1557",
-        "T1557.001",
-        "T1557.002",
-        "T1557.003",
-        "T1558",
-        "T1558.001",
-        "T1558.002",
-        "T1558.003",
-        "T1558.004",
-        "T1559",
-        "T1559.001",
-        "T1559.002",
-        "T1559.003",
-        "T1560",
-        "T1560.001",
-        "T1560.002",
-        "T1560.003",
-        "T1561",
-        "T1561.001",
-        "T1561.002",
-        "T1562",
-        "T1562.001",
-        "T1562.002",
-        "T1562.003",
-        "T1562.004",
-        "T1562.006",
-        "T1562.007",
-        "T1562.008",
-        "T1562.009",
-        "T1562.010",
-        "T1562.011",
-        "T1563",
-        "T1563.001",
-        "T1563.002",
-        "T1564",
-        "T1564.001",
-        "T1564.002",
-        "T1564.003",
-        "T1564.004",
-        "T1564.005",
-        "T1564.006",
-        "T1564.007",
-        "T1564.008",
-        "T1564.009",
-        "T1564.010",
-        "T1565",
-        "T1565.001",
-        "T1565.002",
-        "T1565.003",
-        "T1566",
-        "T1566.001",
-        "T1566.002",
-        "T1566.003",
-        "T1567",
-        "T1567.001",
-        "T1567.002",
-        "T1567.003",
-        "T1568",
-        "T1568.001",
-        "T1568.002",
-        "T1568.003",
-        "T1569",
-        "T1569.001",
-        "T1569.002",
-        "T1570",
-        "T1571",
-        "T1572",
-        "T1573",
-        "T1573.001",
-        "T1573.002",
-        "T1574",
-        "T1574.001",
-        "T1574.002",
-        "T1574.004",
-        "T1574.005",
-        "T1574.006",
-        "T1574.007",
-        "T1574.008",
-        "T1574.009",
-        "T1574.010",
-        "T1574.011",
-        "T1574.012",
-        "T1574.013",
-        "T1575",
-        "T1576",
-        "T1577",
-        "T1578",
-        "T1578.001",
-        "T1578.002",
-        "T1578.003",
-        "T1578.004",
-        "T1579",
-        "T1580",
-        "T1581",
-        "T1582",
-        "T1583",
-        "T1583.001",
-        "T1583.002",
-        "T1583.003",
-        "T1583.004",
-        "T1583.005",
-        "T1583.006",
-        "T1583.007",
-        "T1583.008",
-        "T1584",
-        "T1584.001",
-        "T1584.002",
-        "T1584.003",
-        "T1584.004",
-        "T1584.005",
-        "T1584.006",
-        "T1584.007",
-        "T1585",
-        "T1585.001",
-        "T1585.002",
-        "T1585.003",
-        "T1586",
-        "T1586.001",
-        "T1586.002",
-        "T1586.003",
-        "T1587",
-        "T1587.001",
-        "T1587.002",
-        "T1587.003",
-        "T1587.004",
-        "T1588",
-        "T1588.001",
-        "T1588.002",
-        "T1588.003",
-        "T1588.004",
-        "T1588.005",
-        "T1588.006",
-        "T1589",
-        "T1589.001",
-        "T1589.002",
-        "T1589.003",
-        "T1590",
-        "T1590.001",
-        "T1590.002",
-        "T1590.003",
-        "T1590.004",
-        "T1590.005",
-        "T1590.006",
-        "T1591",
-        "T1591.001",
-        "T1591.002",
-        "T1591.003",
-        "T1591.004",
-        "T1592",
-        "T1592.001",
-        "T1592.002",
-        "T1592.003",
-        "T1592.004",
-        "T1593",
-        "T1593.001",
-        "T1593.002",
-        "T1593.003",
-        "T1594",
-        "T1595",
-        "T1595.001",
-        "T1595.002",
-        "T1595.003",
-        "T1596",
-        "T1596.001",
-        "T1596.002",
-        "T1596.003",
-        "T1596.004",
-        "T1596.005",
-        "T1597",
-        "T1597.001",
-        "T1597.002",
-        "T1598",
-        "T1598.001",
-        "T1598.002",
-        "T1598.003",
-        "T1599",
-        "T1599.001",
-        "T1600",
-        "T1600.001",
-        "T1600.002",
-        "T1601",
-        "T1601.001",
-        "T1601.002",
-        "T1602",
-        "T1602.001",
-        "T1602.002",
-        "T1603",
-        "T1604",
-        "T1605",
-        "T1606",
-        "T1606.001",
-        "T1606.002",
-        "T1608",
-        "T1608.001",
-        "T1608.002",
-        "T1608.003",
-        "T1608.004",
-        "T1608.005",
-        "T1608.006",
-        "T1609",
-        "T1610",
-        "T1611",
-        "T1612",
-        "T1613",
-        "T1614",
-        "T1614.001",
-        "T1615",
-        "T1616",
-        "T1617",
-        "T1618",
-        "T1619",
-        "T1620",
-        "T1621",
-        "T1622",
-        "T1623",
-        "T1623.001",
-        "T1624",
-        "T1624.001",
-        "T1625",
-        "T1625.001",
-        "T1626",
-        "T1626.001",
-        "T1627",
-        "T1627.001",
-        "T1628",
-        "T1628.001",
-        "T1628.002",
-        "T1629",
-        "T1629.001",
-        "T1629.002",
-        "T1629.003",
-        "T1630",
-        "T1630.001",
-        "T1630.002",
-        "T1630.003",
-        "T1631",
-        "T1631.001",
-        "T1632",
-        "T1632.001",
-        "T1633",
-        "T1633.001",
-        "T1634",
-        "T1634.001",
-        "T1635",
-        "T1635.001",
-        "T1636",
-        "T1636.001",
-        "T1636.002",
-        "T1636.003",
-        "T1636.004",
-        "T1637",
-        "T1637.001",
-        "T1638",
-        "T1639",
-        "T1639.001",
-        "T1640",
-        "T1641",
-        "T1641.001",
-        "T1642",
-        "T1643",
-        "T1644",
-        "T1645",
-        "T1646",
-        "T1647",
-        "T1648",
-        "T1649",
-        "T1650",
-        "T1651",
-        "T1652"
+        "T0800 (Activate Firmware Update Mode)",
+        "T0801 (Monitor Process State)",
+        "T0802 (Automated Collection)",
+        "T0803 (Block Command Message)",
+        "T0804 (Block Reporting Message)",
+        "T0805 (Block Serial COM)",
+        "T0806 (Brute Force I/O)",
+        "T0807 (Command-Line Interface)",
+        "T0808 (Control Device Identification)",
+        "T0809 (Data Destruction)",
+        "T0810 (Data Historian Compromise)",
+        "T0811 (Data from Information Repositories)",
+        "T0812 (Default Credentials)",
+        "T0813 (Denial of Control)",
+        "T0814 (Denial of Service)",
+        "T0815 (Denial of View)",
+        "T0816 (Device Restart/Shutdown)",
+        "T0817 (Drive-by Compromise)",
+        "T0818 (Engineering Workstation Compromise)",
+        "T0819 (Exploit Public-Facing Application)",
+        "T0820 (Exploitation for Evasion)",
+        "T0821 (Modify Controller Tasking)",
+        "T0822 (External Remote Services)",
+        "T0823 (Graphical User Interface)",
+        "T0824 (I/O Module Discovery)",
+        "T0825 (Location Identification)",
+        "T0826 (Loss of Availability)",
+        "T0827 (Loss of Control)",
+        "T0828 (Loss of Productivity and Revenue)",
+        "T0829 (Loss of View)",
+        "T0830 (Adversary-in-the-Middle)",
+        "T0831 (Manipulation of Control)",
+        "T0832 (Manipulation of View)",
+        "T0833 (Modify Control Logic)",
+        "T0834 (Native API)",
+        "T0835 (Manipulate I/O Image)",
+        "T0836 (Modify Parameter)",
+        "T0837 (Loss of Protection)",
+        "T0838 (Modify Alarm Settings)",
+        "T0839 (Module Firmware)",
+        "T0840 (Network Connection Enumeration)",
+        "T0841 (Network Service Scanning)",
+        "T0842 (Network Sniffing)",
+        "T0843 (Program Download)",
+        "T0844 (Program Organization Units)",
+        "T0845 (Program Upload)",
+        "T0846 (Remote System Discovery)",
+        "T0847 (Replication Through Removable Media)",
+        "T0848 (Rogue Master)",
+        "T0849 (Masquerading)",
+        "T0850 (Role Identification)",
+        "T0851 (Rootkit)",
+        "T0852 (Screen Capture)",
+        "T0853 (Scripting)",
+        "T0854 (Serial Connection Enumeration)",
+        "T0855 (Unauthorized Command Message)",
+        "T0856 (Spoof Reporting Message)",
+        "T0857 (System Firmware)",
+        "T0858 (Change Operating Mode)",
+        "T0859 (Valid Accounts)",
+        "T0860 (Wireless Compromise)",
+        "T0861 (Point & Tag Identification)",
+        "T0862 (Supply Chain Compromise)",
+        "T0863 (User Execution)",
+        "T0864 (Transient Cyber Asset)",
+        "T0865 (Spearphishing Attachment)",
+        "T0866 (Exploitation of Remote Services)",
+        "T0867 (Lateral Tool Transfer)",
+        "T0868 (Detect Operating Mode)",
+        "T0869 (Standard Application Layer Protocol)",
+        "T0870 (Detect Program State)",
+        "T0871 (Execution through API)",
+        "T0872 (Indicator Removal on Host)",
+        "T0873 (Project File Infection)",
+        "T0874 (Hooking)",
+        "T0875 (Change Program State)",
+        "T0877 (I/O Image)",
+        "T0878 (Alarm Suppression)",
+        "T0879 (Damage to Property)",
+        "T0880 (Loss of Safety)",
+        "T0881 (Service Stop)",
+        "T0882 (Theft of Operational Information)",
+        "T0883 (Internet Accessible Device)",
+        "T0884 (Connection Proxy)",
+        "T0885 (Commonly Used Port)",
+        "T0886 (Remote Services)",
+        "T0887 (Wireless Sniffing)",
+        "T0888 (Remote System Information Discovery)",
+        "T0889 (Modify Program)",
+        "T0890 (Exploitation for Privilege Escalation)",
+        "T0891 (Hardcoded Credentials)",
+        "T0892 (Change Credential)",
+        "T0893 (Data from Local System)",
+        "T1001 (Data Obfuscation)",
+        "T1001.001 (Junk Data)",
+        "T1001.002 (Steganography)",
+        "T1001.003 (Protocol Impersonation)",
+        "T1002 (Data Compressed)",
+        "T1003 (OS Credential Dumping)",
+        "T1003.001 (LSASS Memory)",
+        "T1003.002 (Security Account Manager)",
+        "T1003.003 (NTDS)",
+        "T1003.004 (LSA Secrets)",
+        "T1003.005 (Cached Domain Credentials)",
+        "T1003.006 (DCSync)",
+        "T1003.007 (Proc Filesystem)",
+        "T1003.008 (/etc/passwd and /etc/shadow)",
+        "T1004 (Winlogon Helper DLL)",
+        "T1005 (Data from Local System)",
+        "T1006 (Direct Volume Access)",
+        "T1007 (System Service Discovery)",
+        "T1008 (Fallback Channels)",
+        "T1009 (Binary Padding)",
+        "T1010 (Application Window Discovery)",
+        "T1011 (Exfiltration Over Other Network Medium)",
+        "T1011.001 (Exfiltration Over Bluetooth)",
+        "T1012 (Query Registry)",
+        "T1013 (Port Monitors)",
+        "T1014 (Rootkit)",
+        "T1015 (Accessibility Features)",
+        "T1016 (System Network Configuration Discovery)",
+        "T1016.001 (Internet Connection Discovery)",
+        "T1017 (Application Deployment Software)",
+        "T1018 (Remote System Discovery)",
+        "T1019 (System Firmware)",
+        "T1020 (Automated Exfiltration)",
+        "T1020.001 (Traffic Duplication)",
+        "T1021 (Remote Services)",
+        "T1021.001 (Remote Desktop Protocol)",
+        "T1021.002 (SMB/Windows Admin Shares)",
+        "T1021.003 (Distributed Component Object Model)",
+        "T1021.004 (SSH)",
+        "T1021.005 (VNC)",
+        "T1021.006 (Windows Remote Management)",
+        "T1021.007 (Cloud Services)",
+        "T1022 (Data Encrypted)",
+        "T1023 (Shortcut Modification)",
+        "T1024 (Custom Cryptographic Protocol)",
+        "T1025 (Data from Removable Media)",
+        "T1026 (Multiband Communication)",
+        "T1027 (Obfuscated Files or Information)",
+        "T1027.001 (Binary Padding)",
+        "T1027.002 (Software Packing)",
+        "T1027.003 (Steganography)",
+        "T1027.004 (Compile After Delivery)",
+        "T1027.005 (Indicator Removal from Tools)",
+        "T1027.006 (HTML Smuggling)",
+        "T1027.007 (Dynamic API Resolution)",
+        "T1027.008 (Stripped Payloads)",
+        "T1027.009 (Embedded Payloads)",
+        "T1027.010 (Command Obfuscation)",
+        "T1027.011 (Fileless Storage)",
+        "T1028 (Windows Remote Management)",
+        "T1029 (Scheduled Transfer)",
+        "T1030 (Data Transfer Size Limits)",
+        "T1031 (Modify Existing Service)",
+        "T1032 (Standard Cryptographic Protocol)",
+        "T1033 (System Owner/User Discovery)",
+        "T1034 (Path Interception)",
+        "T1035 (Service Execution)",
+        "T1036 (Masquerading)",
+        "T1036.001 (Invalid Code Signature)",
+        "T1036.002 (Right-to-Left Override)",
+        "T1036.003 (Rename System Utilities)",
+        "T1036.004 (Masquerade Task or Service)",
+        "T1036.005 (Match Legitimate Name or Location)",
+        "T1036.006 (Space after Filename)",
+        "T1036.007 (Double File Extension)",
+        "T1036.008 (Masquerade File Type)",
+        "T1037 (Boot or Logon Initialization Scripts)",
+        "T1037.001 (Logon Script (Windows))",
+        "T1037.002 (Login Hook)",
+        "T1037.003 (Network Logon Script)",
+        "T1037.004 (RC Scripts)",
+        "T1037.005 (Startup Items)",
+        "T1038 (DLL Search Order Hijacking)",
+        "T1039 (Data from Network Shared Drive)",
+        "T1040 (Network Sniffing)",
+        "T1041 (Exfiltration Over C2 Channel)",
+        "T1042 (Change Default File Association)",
+        "T1043 (Commonly Used Port)",
+        "T1044 (File System Permissions Weakness)",
+        "T1045 (Software Packing)",
+        "T1046 (Network Service Discovery)",
+        "T1047 (Windows Management Instrumentation)",
+        "T1048 (Exfiltration Over Alternative Protocol)",
+        "T1048.001 (Exfiltration Over Symmetric Encrypted Non-C2 Protocol)",
+        "T1048.002 (Exfiltration Over Asymmetric Encrypted Non-C2 Protocol)",
+        "T1048.003 (Exfiltration Over Unencrypted Non-C2 Protocol)",
+        "T1049 (System Network Connections Discovery)",
+        "T1050 (New Service)",
+        "T1051 (Shared Webroot)",
+        "T1052 (Exfiltration Over Physical Medium)",
+        "T1052.001 (Exfiltration over USB)",
+        "T1053 (Scheduled Task/Job)",
+        "T1053.001 (At (Linux))",
+        "T1053.002 (At)",
+        "T1053.003 (Cron)",
+        "T1053.004 (Launchd)",
+        "T1053.005 (Scheduled Task)",
+        "T1053.006 (Systemd Timers)",
+        "T1053.007 (Container Orchestration Job)",
+        "T1054 (Indicator Blocking)",
+        "T1055 (Process Injection)",
+        "T1055.001 (Dynamic-link Library Injection)",
+        "T1055.002 (Portable Executable Injection)",
+        "T1055.003 (Thread Execution Hijacking)",
+        "T1055.004 (Asynchronous Procedure Call)",
+        "T1055.005 (Thread Local Storage)",
+        "T1055.008 (Ptrace System Calls)",
+        "T1055.009 (Proc Memory)",
+        "T1055.011 (Extra Window Memory Injection)",
+        "T1055.012 (Process Hollowing)",
+        "T1055.013 (Process Doppelgänging)",
+        "T1055.014 (VDSO Hijacking)",
+        "T1055.015 (ListPlanting)",
+        "T1056 (Input Capture)",
+        "T1056.001 (Keylogging)",
+        "T1056.002 (GUI Input Capture)",
+        "T1056.003 (Web Portal Capture)",
+        "T1056.004 (Credential API Hooking)",
+        "T1057 (Process Discovery)",
+        "T1058 (Service Registry Permissions Weakness)",
+        "T1059 (Command and Scripting Interpreter)",
+        "T1059.001 (PowerShell)",
+        "T1059.002 (AppleScript)",
+        "T1059.003 (Windows Command Shell)",
+        "T1059.004 (Unix Shell)",
+        "T1059.005 (Visual Basic)",
+        "T1059.006 (Python)",
+        "T1059.007 (JavaScript)",
+        "T1059.008 (Network Device CLI)",
+        "T1059.009 (Cloud API)",
+        "T1060 (Registry Run Keys / Startup Folder)",
+        "T1061 (Graphical User Interface)",
+        "T1062 (Hypervisor)",
+        "T1063 (Security Software Discovery)",
+        "T1064 (Scripting)",
+        "T1065 (Uncommonly Used Port)",
+        "T1066 (Indicator Removal from Tools)",
+        "T1067 (Bootkit)",
+        "T1068 (Exploitation for Privilege Escalation)",
+        "T1069 (Permission Groups Discovery)",
+        "T1069.001 (Local Groups)",
+        "T1069.002 (Domain Groups)",
+        "T1069.003 (Cloud Groups)",
+        "T1070 (Indicator Removal)",
+        "T1070.001 (Clear Windows Event Logs)",
+        "T1070.002 (Clear Linux or Mac System Logs)",
+        "T1070.003 (Clear Command History)",
+        "T1070.004 (File Deletion)",
+        "T1070.005 (Network Share Connection Removal)",
+        "T1070.006 (Timestomp)",
+        "T1070.007 (Clear Network Connection History and Configurations)",
+        "T1070.008 (Clear Mailbox Data)",
+        "T1070.009 (Clear Persistence)",
+        "T1071 (Application Layer Protocol)",
+        "T1071.001 (Web Protocols)",
+        "T1071.002 (File Transfer Protocols)",
+        "T1071.003 (Mail Protocols)",
+        "T1071.004 (DNS)",
+        "T1072 (Software Deployment Tools)",
+        "T1073 (DLL Side-Loading)",
+        "T1074 (Data Staged)",
+        "T1074.001 (Local Data Staging)",
+        "T1074.002 (Remote Data Staging)",
+        "T1075 (Pass the Hash)",
+        "T1076 (Remote Desktop Protocol)",
+        "T1077 (Windows Admin Shares)",
+        "T1078 (Valid Accounts)",
+        "T1078.001 (Default Accounts)",
+        "T1078.002 (Domain Accounts)",
+        "T1078.003 (Local Accounts)",
+        "T1078.004 (Cloud Accounts)",
+        "T1079 (Multilayer Encryption)",
+        "T1080 (Taint Shared Content)",
+        "T1081 (Credentials in Files)",
+        "T1082 (System Information Discovery)",
+        "T1083 (File and Directory Discovery)",
+        "T1084 (Windows Management Instrumentation Event Subscription)",
+        "T1085 (Rundll32)",
+        "T1086 (PowerShell)",
+        "T1087 (Account Discovery)",
+        "T1087.001 (Local Account)",
+        "T1087.002 (Domain Account)",
+        "T1087.003 (Email Account)",
+        "T1087.004 (Cloud Account)",
+        "T1088 (Bypass User Account Control)",
+        "T1089 (Disabling Security Tools)",
+        "T1090 (Proxy)",
+        "T1090.001 (Internal Proxy)",
+        "T1090.002 (External Proxy)",
+        "T1090.003 (Multi-hop Proxy)",
+        "T1090.004 (Domain Fronting)",
+        "T1091 (Replication Through Removable Media)",
+        "T1092 (Communication Through Removable Media)",
+        "T1093 (Process Hollowing)",
+        "T1094 (Custom Command and Control Protocol)",
+        "T1095 (Non-Application Layer Protocol)",
+        "T1096 (NTFS File Attributes)",
+        "T1097 (Pass the Ticket)",
+        "T1098 (Account Manipulation)",
+        "T1098.001 (Additional Cloud Credentials)",
+        "T1098.002 (Additional Email Delegate Permissions)",
+        "T1098.003 (Additional Cloud Roles)",
+        "T1098.004 (SSH Authorized Keys)",
+        "T1098.005 (Device Registration)",
+        "T1099 (Timestomp)",
+        "T1100 (Web Shell)",
+        "T1101 (Security Support Provider)",
+        "T1102 (Web Service)",
+        "T1102.001 (Dead Drop Resolver)",
+        "T1102.002 (Bidirectional Communication)",
+        "T1102.003 (One-Way Communication)",
+        "T1103 (AppInit DLLs)",
+        "T1104 (Multi-Stage Channels)",
+        "T1105 (Ingress Tool Transfer)",
+        "T1106 (Native API)",
+        "T1107 (File Deletion)",
+        "T1108 (Redundant Access)",
+        "T1109 (Component Firmware)",
+        "T1110 (Brute Force)",
+        "T1110.001 (Password Guessing)",
+        "T1110.002 (Password Cracking)",
+        "T1110.003 (Password Spraying)",
+        "T1110.004 (Credential Stuffing)",
+        "T1111 (Multi-Factor Authentication Interception)",
+        "T1112 (Modify Registry)",
+        "T1113 (Screen Capture)",
+        "T1114 (Email Collection)",
+        "T1114.001 (Local Email Collection)",
+        "T1114.002 (Remote Email Collection)",
+        "T1114.003 (Email Forwarding Rule)",
+        "T1115 (Clipboard Data)",
+        "T1116 (Code Signing)",
+        "T1117 (Regsvr32)",
+        "T1118 (InstallUtil)",
+        "T1119 (Automated Collection)",
+        "T1120 (Peripheral Device Discovery)",
+        "T1121 (Regsvcs/Regasm)",
+        "T1122 (Component Object Model Hijacking)",
+        "T1123 (Audio Capture)",
+        "T1124 (System Time Discovery)",
+        "T1125 (Video Capture)",
+        "T1126 (Network Share Connection Removal)",
+        "T1127 (Trusted Developer Utilities Proxy Execution)",
+        "T1127.001 (MSBuild)",
+        "T1128 (Netsh Helper DLL)",
+        "T1129 (Shared Modules)",
+        "T1130 (Install Root Certificate)",
+        "T1131 (Authentication Package)",
+        "T1132 (Data Encoding)",
+        "T1132.001 (Standard Encoding)",
+        "T1132.002 (Non-Standard Encoding)",
+        "T1133 (External Remote Services)",
+        "T1134 (Access Token Manipulation)",
+        "T1134.001 (Token Impersonation/Theft)",
+        "T1134.002 (Create Process with Token)",
+        "T1134.003 (Make and Impersonate Token)",
+        "T1134.004 (Parent PID Spoofing)",
+        "T1134.005 (SID-History Injection)",
+        "T1135 (Network Share Discovery)",
+        "T1136 (Create Account)",
+        "T1136.001 (Local Account)",
+        "T1136.002 (Domain Account)",
+        "T1136.003 (Cloud Account)",
+        "T1137 (Office Application Startup)",
+        "T1137.001 (Office Template Macros)",
+        "T1137.002 (Office Test)",
+        "T1137.003 (Outlook Forms)",
+        "T1137.004 (Outlook Home Page)",
+        "T1137.005 (Outlook Rules)",
+        "T1137.006 (Add-ins)",
+        "T1138 (Application Shimming)",
+        "T1139 (Bash History)",
+        "T1140 (Deobfuscate/Decode Files or Information)",
+        "T1141 (Input Prompt)",
+        "T1142 (Keychain)",
+        "T1143 (Hidden Window)",
+        "T1144 (Gatekeeper Bypass)",
+        "T1145 (Private Keys)",
+        "T1146 (Clear Command History)",
+        "T1147 (Hidden Users)",
+        "T1148 (HISTCONTROL)",
+        "T1149 (LC_MAIN Hijacking)",
+        "T1150 (Plist Modification)",
+        "T1151 (Space after Filename)",
+        "T1152 (Launchctl)",
+        "T1153 (Source)",
+        "T1154 (Trap)",
+        "T1155 (AppleScript)",
+        "T1156 (Malicious Shell Modification)",
+        "T1157 (Dylib Hijacking)",
+        "T1158 (Hidden Files and Directories)",
+        "T1159 (Launch Agent)",
+        "T1160 (Launch Daemon)",
+        "T1161 (LC_LOAD_DYLIB Addition)",
+        "T1162 (Login Item)",
+        "T1163 (Rc.common)",
+        "T1164 (Re-opened Applications)",
+        "T1165 (Startup Items)",
+        "T1166 (Setuid and Setgid)",
+        "T1167 (Securityd Memory)",
+        "T1168 (Local Job Scheduling)",
+        "T1169 (Sudo)",
+        "T1170 (Mshta)",
+        "T1171 (LLMNR/NBT-NS Poisoning and Relay)",
+        "T1172 (Domain Fronting)",
+        "T1173 (Dynamic Data Exchange)",
+        "T1174 (Password Filter DLL)",
+        "T1175 (Component Object Model and Distributed COM)",
+        "T1176 (Browser Extensions)",
+        "T1177 (LSASS Driver)",
+        "T1178 (SID-History Injection)",
+        "T1179 (Hooking)",
+        "T1180 (Screensaver)",
+        "T1181 (Extra Window Memory Injection)",
+        "T1182 (AppCert DLLs)",
+        "T1183 (Image File Execution Options Injection)",
+        "T1184 (SSH Hijacking)",
+        "T1185 (Browser Session Hijacking)",
+        "T1186 (Process Doppelgänging)",
+        "T1187 (Forced Authentication)",
+        "T1188 (Multi-hop Proxy)",
+        "T1189 (Drive-by Compromise)",
+        "T1190 (Exploit Public-Facing Application)",
+        "T1191 (CMSTP)",
+        "T1192 (Spearphishing Link)",
+        "T1193 (Spearphishing Attachment)",
+        "T1194 (Spearphishing via Service)",
+        "T1195 (Supply Chain Compromise)",
+        "T1195.001 (Compromise Software Dependencies and Development Tools)",
+        "T1195.002 (Compromise Software Supply Chain)",
+        "T1195.003 (Compromise Hardware Supply Chain)",
+        "T1196 (Control Panel Items)",
+        "T1197 (BITS Jobs)",
+        "T1198 (SIP and Trust Provider Hijacking)",
+        "T1199 (Trusted Relationship)",
+        "T1200 (Hardware Additions)",
+        "T1201 (Password Policy Discovery)",
+        "T1202 (Indirect Command Execution)",
+        "T1203 (Exploitation for Client Execution)",
+        "T1204 (User Execution)",
+        "T1204.001 (Malicious Link)",
+        "T1204.002 (Malicious File)",
+        "T1204.003 (Malicious Image)",
+        "T1205 (Traffic Signaling)",
+        "T1205.001 (Port Knocking)",
+        "T1205.002 (Socket Filters)",
+        "T1206 (Sudo Caching)",
+        "T1207 (Rogue Domain Controller)",
+        "T1208 (Kerberoasting)",
+        "T1209 (Time Providers)",
+        "T1210 (Exploitation of Remote Services)",
+        "T1211 (Exploitation for Defense Evasion)",
+        "T1212 (Exploitation for Credential Access)",
+        "T1213 (Data from Information Repositories)",
+        "T1213.001 (Confluence)",
+        "T1213.002 (Sharepoint)",
+        "T1213.003 (Code Repositories)",
+        "T1214 (Credentials in Registry)",
+        "T1215 (Kernel Modules and Extensions)",
+        "T1216 (System Script Proxy Execution)",
+        "T1216.001 (PubPrn)",
+        "T1217 (Browser Information Discovery)",
+        "T1218 (System Binary Proxy Execution)",
+        "T1218.001 (Compiled HTML File)",
+        "T1218.002 (Control Panel)",
+        "T1218.003 (CMSTP)",
+        "T1218.004 (InstallUtil)",
+        "T1218.005 (Mshta)",
+        "T1218.007 (Msiexec)",
+        "T1218.008 (Odbcconf)",
+        "T1218.009 (Regsvcs/Regasm)",
+        "T1218.010 (Regsvr32)",
+        "T1218.011 (Rundll32)",
+        "T1218.012 (Verclsid)",
+        "T1218.013 (Mavinject)",
+        "T1218.014 (MMC)",
+        "T1219 (Remote Access Software)",
+        "T1220 (XSL Script Processing)",
+        "T1221 (Template Injection)",
+        "T1222 (File and Directory Permissions Modification)",
+        "T1222.001 (Windows File and Directory Permissions Modification)",
+        "T1222.002 (Linux and Mac File and Directory Permissions Modification)",
+        "T1223 (Compiled HTML File)",
+        "T1398 (Boot or Logon Initialization Scripts)",
+        "T1399 (Modify Trusted Execution Environment)",
+        "T1400 (Modify System Partition)",
+        "T1401 (Device Administrator Permissions)",
+        "T1402 (Broadcast Receivers)",
+        "T1403 (Modify Cached Executable Code)",
+        "T1404 (Exploitation for Privilege Escalation)",
+        "T1405 (Exploit TEE Vulnerability)",
+        "T1406 (Obfuscated Files or Information)",
+        "T1406.001 (Steganography)",
+        "T1406.002 (Software Packing)",
+        "T1407 (Download New Code at Runtime)",
+        "T1408 (Disguise Root/Jailbreak Indicators)",
+        "T1409 (Stored Application Data)",
+        "T1410 (Network Traffic Capture or Redirection)",
+        "T1411 (Input Prompt)",
+        "T1412 (Capture SMS Messages)",
+        "T1413 (Access Sensitive Data in Device Logs)",
+        "T1414 (Clipboard Data)",
+        "T1415 (URL Scheme Hijacking)",
+        "T1416 (URI Hijacking)",
+        "T1417 (Input Capture)",
+        "T1417.001 (Keylogging)",
+        "T1417.002 (GUI Input Capture)",
+        "T1418 (Software Discovery)",
+        "T1418.001 (Security Software Discovery)",
+        "T1419 (Device Type Discovery)",
+        "T1420 (File and Directory Discovery)",
+        "T1421 (System Network Connections Discovery)",
+        "T1422 (System Network Configuration Discovery)",
+        "T1423 (Network Service Scanning)",
+        "T1424 (Process Discovery)",
+        "T1425 (Insecure Third-Party Libraries)",
+        "T1426 (System Information Discovery)",
+        "T1427 (Attack PC via USB Connection)",
+        "T1428 (Exploitation of Remote Services)",
+        "T1429 (Audio Capture)",
+        "T1430 (Location Tracking)",
+        "T1430.001 (Remote Device Management Services)",
+        "T1430.002 (Impersonate SS7 Nodes)",
+        "T1431 (App Delivered via Web Download)",
+        "T1432 (Access Contact List)",
+        "T1433 (Access Call Log)",
+        "T1434 (App Delivered via Email Attachment)",
+        "T1435 (Access Calendar Entries)",
+        "T1436 (Commonly Used Port)",
+        "T1437 (Application Layer Protocol)",
+        "T1437.001 (Web Protocols)",
+        "T1438 (Exfiltration Over Other Network Medium)",
+        "T1439 (Eavesdrop on Insecure Network Communication)",
+        "T1440 (Detect App Analysis Environment)",
+        "T1441 (Stolen Developer Credentials or Signing Keys)",
+        "T1442 (Fake Developer Accounts)",
+        "T1443 (Remotely Install Application)",
+        "T1444 (Masquerade as Legitimate Application)",
+        "T1445 (Abuse of iOS Enterprise App Signing Key)",
+        "T1446 (Device Lockout)",
+        "T1447 (Delete Device Data)",
+        "T1448 (Carrier Billing Fraud)",
+        "T1449 (Exploit SS7 to Redirect Phone Calls/SMS)",
+        "T1450 (Exploit SS7 to Track Device Location)",
+        "T1451 (SIM Card Swap)",
+        "T1452 (Manipulate App Store Rankings or Ratings)",
+        "T1453 (Abuse Accessibility Features)",
+        "T1454 (Malicious SMS Message)",
+        "T1455 (Exploit Baseband Vulnerability)",
+        "T1456 (Drive-By Compromise)",
+        "T1457 (Malicious Media Content)",
+        "T1458 (Replication Through Removable Media)",
+        "T1459 (Device Unlock Code Guessing or Brute Force)",
+        "T1460 (Biometric Spoofing)",
+        "T1461 (Lockscreen Bypass)",
+        "T1462 (Malicious Software Development Tools)",
+        "T1463 (Manipulate Device Communication)",
+        "T1464 (Network Denial of Service)",
+        "T1465 (Rogue Wi-Fi Access Points)",
+        "T1466 (Downgrade to Insecure Protocols)",
+        "T1467 (Rogue Cellular Base Station)",
+        "T1468 (Remotely Track Device Without Authorization)",
+        "T1469 (Remotely Wipe Data Without Authorization)",
+        "T1470 (Obtain Device Cloud Backups)",
+        "T1471 (Data Encrypted for Impact)",
+        "T1472 (Generate Fraudulent Advertising Revenue)",
+        "T1473 (Malicious or Vulnerable Built-in Device Functionality)",
+        "T1474 (Supply Chain Compromise)",
+        "T1474.001 (Compromise Software Dependencies and Development Tools)",
+        "T1474.002 (Compromise Hardware Supply Chain)",
+        "T1474.003 (Compromise Software Supply Chain)",
+        "T1475 (Deliver Malicious App via Authorized App Store)",
+        "T1476 (Deliver Malicious App via Other Means)",
+        "T1477 (Exploit via Radio Interfaces)",
+        "T1478 (Install Insecure or Malicious Configuration)",
+        "T1480 (Execution Guardrails)",
+        "T1480.001 (Environmental Keying)",
+        "T1481 (Web Service)",
+        "T1481.001 (Dead Drop Resolver)",
+        "T1481.002 (Bidirectional Communication)",
+        "T1481.003 (One-Way Communication)",
+        "T1482 (Domain Trust Discovery)",
+        "T1483 (Domain Generation Algorithms)",
+        "T1484 (Domain Policy Modification)",
+        "T1484.001 (Group Policy Modification)",
+        "T1484.002 (Domain Trust Modification)",
+        "T1485 (Data Destruction)",
+        "T1486 (Data Encrypted for Impact)",
+        "T1487 (Disk Structure Wipe)",
+        "T1488 (Disk Content Wipe)",
+        "T1489 (Service Stop)",
+        "T1490 (Inhibit System Recovery)",
+        "T1491 (Defacement)",
+        "T1491.001 (Internal Defacement)",
+        "T1491.002 (External Defacement)",
+        "T1492 (Stored Data Manipulation)",
+        "T1493 (Transmitted Data Manipulation)",
+        "T1494 (Runtime Data Manipulation)",
+        "T1495 (Firmware Corruption)",
+        "T1496 (Resource Hijacking)",
+        "T1497 (Virtualization/Sandbox Evasion)",
+        "T1497.001 (System Checks)",
+        "T1497.002 (User Activity Based Checks)",
+        "T1497.003 (Time Based Evasion)",
+        "T1498 (Network Denial of Service)",
+        "T1498.001 (Direct Network Flood)",
+        "T1498.002 (Reflection Amplification)",
+        "T1499 (Endpoint Denial of Service)",
+        "T1499.001 (OS Exhaustion Flood)",
+        "T1499.002 (Service Exhaustion Flood)",
+        "T1499.003 (Application Exhaustion Flood)",
+        "T1499.004 (Application or System Exploitation)",
+        "T1500 (Compile After Delivery)",
+        "T1501 (Systemd Service)",
+        "T1502 (Parent PID Spoofing)",
+        "T1503 (Credentials from Web Browsers)",
+        "T1504 (PowerShell Profile)",
+        "T1505 (Server Software Component)",
+        "T1505.001 (SQL Stored Procedures)",
+        "T1505.002 (Transport Agent)",
+        "T1505.003 (Web Shell)",
+        "T1505.004 (IIS Components)",
+        "T1505.005 (Terminal Services DLL)",
+        "T1506 (Web Session Cookie)",
+        "T1507 (Network Information Discovery)",
+        "T1508 (Suppress Application Icon)",
+        "T1509 (Non-Standard Port)",
+        "T1510 (Clipboard Modification)",
+        "T1512 (Video Capture)",
+        "T1513 (Screen Capture)",
+        "T1514 (Elevated Execution with Prompt)",
+        "T1516 (Input Injection)",
+        "T1517 (Access Notifications)",
+        "T1518 (Software Discovery)",
+        "T1518.001 (Security Software Discovery)",
+        "T1519 (Emond)",
+        "T1520 (Domain Generation Algorithms)",
+        "T1521 (Encrypted Channel)",
+        "T1521.001 (Symmetric Cryptography)",
+        "T1521.002 (Asymmetric Cryptography)",
+        "T1522 (Cloud Instance Metadata API)",
+        "T1523 (Evade Analysis Environment)",
+        "T1525 (Implant Internal Image)",
+        "T1526 (Cloud Service Discovery)",
+        "T1527 (Application Access Token)",
+        "T1528 (Steal Application Access Token)",
+        "T1529 (System Shutdown/Reboot)",
+        "T1530 (Data from Cloud Storage)",
+        "T1531 (Account Access Removal)",
+        "T1532 (Archive Collected Data)",
+        "T1533 (Data from Local System)",
+        "T1534 (Internal Spearphishing)",
+        "T1535 (Unused/Unsupported Cloud Regions)",
+        "T1536 (Revert Cloud Instance)",
+        "T1537 (Transfer Data to Cloud Account)",
+        "T1538 (Cloud Service Dashboard)",
+        "T1539 (Steal Web Session Cookie)",
+        "T1540 (Code Injection)",
+        "T1541 (Foreground Persistence)",
+        "T1542 (Pre-OS Boot)",
+        "T1542.001 (System Firmware)",
+        "T1542.002 (Component Firmware)",
+        "T1542.003 (Bootkit)",
+        "T1542.004 (ROMMONkit)",
+        "T1542.005 (TFTP Boot)",
+        "T1543 (Create or Modify System Process)",
+        "T1543.001 (Launch Agent)",
+        "T1543.002 (Systemd Service)",
+        "T1543.003 (Windows Service)",
+        "T1543.004 (Launch Daemon)",
+        "T1544 (Ingress Tool Transfer)",
+        "T1546 (Event Triggered Execution)",
+        "T1546.001 (Change Default File Association)",
+        "T1546.002 (Screensaver)",
+        "T1546.003 (Windows Management Instrumentation Event Subscription)",
+        "T1546.004 (Unix Shell Configuration Modification)",
+        "T1546.005 (Trap)",
+        "T1546.006 (LC_LOAD_DYLIB Addition)",
+        "T1546.007 (Netsh Helper DLL)",
+        "T1546.008 (Accessibility Features)",
+        "T1546.009 (AppCert DLLs)",
+        "T1546.010 (AppInit DLLs)",
+        "T1546.011 (Application Shimming)",
+        "T1546.012 (Image File Execution Options Injection)",
+        "T1546.013 (PowerShell Profile)",
+        "T1546.014 (Emond)",
+        "T1546.015 (Component Object Model Hijacking)",
+        "T1546.016 (Installer Packages)",
+        "T1547 (Boot or Logon Autostart Execution)",
+        "T1547.001 (Registry Run Keys / Startup Folder)",
+        "T1547.002 (Authentication Package)",
+        "T1547.003 (Time Providers)",
+        "T1547.004 (Winlogon Helper DLL)",
+        "T1547.005 (Security Support Provider)",
+        "T1547.006 (Kernel Modules and Extensions)",
+        "T1547.007 (Re-opened Applications)",
+        "T1547.008 (LSASS Driver)",
+        "T1547.009 (Shortcut Modification)",
+        "T1547.010 (Port Monitors)",
+        "T1547.011 (Plist Modification)",
+        "T1547.012 (Print Processors)",
+        "T1547.013 (XDG Autostart Entries)",
+        "T1547.014 (Active Setup)",
+        "T1547.015 (Login Items)",
+        "T1548 (Abuse Elevation Control Mechanism)",
+        "T1548.001 (Setuid and Setgid)",
+        "T1548.002 (Bypass User Account Control)",
+        "T1548.003 (Sudo and Sudo Caching)",
+        "T1548.004 (Elevated Execution with Prompt)",
+        "T1550 (Use Alternate Authentication Material)",
+        "T1550.001 (Application Access Token)",
+        "T1550.002 (Pass the Hash)",
+        "T1550.003 (Pass the Ticket)",
+        "T1550.004 (Web Session Cookie)",
+        "T1552 (Unsecured Credentials)",
+        "T1552.001 (Credentials In Files)",
+        "T1552.002 (Credentials in Registry)",
+        "T1552.003 (Bash History)",
+        "T1552.004 (Private Keys)",
+        "T1552.005 (Cloud Instance Metadata API)",
+        "T1552.006 (Group Policy Preferences)",
+        "T1552.007 (Container API)",
+        "T1552.008 (Chat Messages)",
+        "T1553 (Subvert Trust Controls)",
+        "T1553.001 (Gatekeeper Bypass)",
+        "T1553.002 (Code Signing)",
+        "T1553.003 (SIP and Trust Provider Hijacking)",
+        "T1553.004 (Install Root Certificate)",
+        "T1553.005 (Mark-of-the-Web Bypass)",
+        "T1553.006 (Code Signing Policy Modification)",
+        "T1554 (Compromise Client Software Binary)",
+        "T1555 (Credentials from Password Stores)",
+        "T1555.001 (Keychain)",
+        "T1555.002 (Securityd Memory)",
+        "T1555.003 (Credentials from Web Browsers)",
+        "T1555.004 (Windows Credential Manager)",
+        "T1555.005 (Password Managers)",
+        "T1556 (Modify Authentication Process)",
+        "T1556.001 (Domain Controller Authentication)",
+        "T1556.002 (Password Filter DLL)",
+        "T1556.003 (Pluggable Authentication Modules)",
+        "T1556.004 (Network Device Authentication)",
+        "T1556.005 (Reversible Encryption)",
+        "T1556.006 (Multi-Factor Authentication)",
+        "T1556.007 (Hybrid Identity)",
+        "T1556.008 (Network Provider DLL)",
+        "T1557 (Adversary-in-the-Middle)",
+        "T1557.001 (LLMNR/NBT-NS Poisoning and SMB Relay)",
+        "T1557.002 (ARP Cache Poisoning)",
+        "T1557.003 (DHCP Spoofing)",
+        "T1558 (Steal or Forge Kerberos Tickets)",
+        "T1558.001 (Golden Ticket)",
+        "T1558.002 (Silver Ticket)",
+        "T1558.003 (Kerberoasting)",
+        "T1558.004 (AS-REP Roasting)",
+        "T1559 (Inter-Process Communication)",
+        "T1559.001 (Component Object Model)",
+        "T1559.002 (Dynamic Data Exchange)",
+        "T1559.003 (XPC Services)",
+        "T1560 (Archive Collected Data)",
+        "T1560.001 (Archive via Utility)",
+        "T1560.002 (Archive via Library)",
+        "T1560.003 (Archive via Custom Method)",
+        "T1561 (Disk Wipe)",
+        "T1561.001 (Disk Content Wipe)",
+        "T1561.002 (Disk Structure Wipe)",
+        "T1562 (Impair Defenses)",
+        "T1562.001 (Disable or Modify Tools)",
+        "T1562.002 (Disable Windows Event Logging)",
+        "T1562.003 (Impair Command History Logging)",
+        "T1562.004 (Disable or Modify System Firewall)",
+        "T1562.006 (Indicator Blocking)",
+        "T1562.007 (Disable or Modify Cloud Firewall)",
+        "T1562.008 (Disable Cloud Logs)",
+        "T1562.009 (Safe Mode Boot)",
+        "T1562.010 (Downgrade Attack)",
+        "T1562.011 (Spoof Security Alerting)",
+        "T1563 (Remote Service Session Hijacking)",
+        "T1563.001 (SSH Hijacking)",
+        "T1563.002 (RDP Hijacking)",
+        "T1564 (Hide Artifacts)",
+        "T1564.001 (Hidden Files and Directories)",
+        "T1564.002 (Hidden Users)",
+        "T1564.003 (Hidden Window)",
+        "T1564.004 (NTFS File Attributes)",
+        "T1564.005 (Hidden File System)",
+        "T1564.006 (Run Virtual Instance)",
+        "T1564.007 (VBA Stomping)",
+        "T1564.008 (Email Hiding Rules)",
+        "T1564.009 (Resource Forking)",
+        "T1564.010 (Process Argument Spoofing)",
+        "T1565 (Data Manipulation)",
+        "T1565.001 (Stored Data Manipulation)",
+        "T1565.002 (Transmitted Data Manipulation)",
+        "T1565.003 (Runtime Data Manipulation)",
+        "T1566 (Phishing)",
+        "T1566.001 (Spearphishing Attachment)",
+        "T1566.002 (Spearphishing Link)",
+        "T1566.003 (Spearphishing via Service)",
+        "T1567 (Exfiltration Over Web Service)",
+        "T1567.001 (Exfiltration to Code Repository)",
+        "T1567.002 (Exfiltration to Cloud Storage)",
+        "T1567.003 (Exfiltration to Text Storage Sites)",
+        "T1568 (Dynamic Resolution)",
+        "T1568.001 (Fast Flux DNS)",
+        "T1568.002 (Domain Generation Algorithms)",
+        "T1568.003 (DNS Calculation)",
+        "T1569 (System Services)",
+        "T1569.001 (Launchctl)",
+        "T1569.002 (Service Execution)",
+        "T1570 (Lateral Tool Transfer)",
+        "T1571 (Non-Standard Port)",
+        "T1572 (Protocol Tunneling)",
+        "T1573 (Encrypted Channel)",
+        "T1573.001 (Symmetric Cryptography)",
+        "T1573.002 (Asymmetric Cryptography)",
+        "T1574 (Hijack Execution Flow)",
+        "T1574.001 (DLL Search Order Hijacking)",
+        "T1574.002 (DLL Side-Loading)",
+        "T1574.004 (Dylib Hijacking)",
+        "T1574.005 (Executable Installer File Permissions Weakness)",
+        "T1574.006 (Dynamic Linker Hijacking)",
+        "T1574.007 (Path Interception by PATH Environment Variable)",
+        "T1574.008 (Path Interception by Search Order Hijacking)",
+        "T1574.009 (Path Interception by Unquoted Path)",
+        "T1574.010 (Services File Permissions Weakness)",
+        "T1574.011 (Services Registry Permissions Weakness)",
+        "T1574.012 (COR_PROFILER)",
+        "T1574.013 (KernelCallbackTable)",
+        "T1575 (Native API)",
+        "T1576 (Uninstall Malicious Application)",
+        "T1577 (Compromise Application Executable)",
+        "T1578 (Modify Cloud Compute Infrastructure)",
+        "T1578.001 (Create Snapshot)",
+        "T1578.002 (Create Cloud Instance)",
+        "T1578.003 (Delete Cloud Instance)",
+        "T1578.004 (Revert Cloud Instance)",
+        "T1579 (Keychain)",
+        "T1580 (Cloud Infrastructure Discovery)",
+        "T1581 (Geofencing)",
+        "T1582 (SMS Control)",
+        "T1583 (Acquire Infrastructure)",
+        "T1583.001 (Domains)",
+        "T1583.002 (DNS Server)",
+        "T1583.003 (Virtual Private Server)",
+        "T1583.004 (Server)",
+        "T1583.005 (Botnet)",
+        "T1583.006 (Web Services)",
+        "T1583.007 (Serverless)",
+        "T1583.008 (Malvertising)",
+        "T1584 (Compromise Infrastructure)",
+        "T1584.001 (Domains)",
+        "T1584.002 (DNS Server)",
+        "T1584.003 (Virtual Private Server)",
+        "T1584.004 (Server)",
+        "T1584.005 (Botnet)",
+        "T1584.006 (Web Services)",
+        "T1584.007 (Serverless)",
+        "T1585 (Establish Accounts)",
+        "T1585.001 (Social Media Accounts)",
+        "T1585.002 (Email Accounts)",
+        "T1585.003 (Cloud Accounts)",
+        "T1586 (Compromise Accounts)",
+        "T1586.001 (Social Media Accounts)",
+        "T1586.002 (Email Accounts)",
+        "T1586.003 (Cloud Accounts)",
+        "T1587 (Develop Capabilities)",
+        "T1587.001 (Malware)",
+        "T1587.002 (Code Signing Certificates)",
+        "T1587.003 (Digital Certificates)",
+        "T1587.004 (Exploits)",
+        "T1588 (Obtain Capabilities)",
+        "T1588.001 (Malware)",
+        "T1588.002 (Tool)",
+        "T1588.003 (Code Signing Certificates)",
+        "T1588.004 (Digital Certificates)",
+        "T1588.005 (Exploits)",
+        "T1588.006 (Vulnerabilities)",
+        "T1589 (Gather Victim Identity Information)",
+        "T1589.001 (Credentials)",
+        "T1589.002 (Email Addresses)",
+        "T1589.003 (Employee Names)",
+        "T1590 (Gather Victim Network Information)",
+        "T1590.001 (Domain Properties)",
+        "T1590.002 (DNS)",
+        "T1590.003 (Network Trust Dependencies)",
+        "T1590.004 (Network Topology)",
+        "T1590.005 (IP Addresses)",
+        "T1590.006 (Network Security Appliances)",
+        "T1591 (Gather Victim Org Information)",
+        "T1591.001 (Determine Physical Locations)",
+        "T1591.002 (Business Relationships)",
+        "T1591.003 (Identify Business Tempo)",
+        "T1591.004 (Identify Roles)",
+        "T1592 (Gather Victim Host Information)",
+        "T1592.001 (Hardware)",
+        "T1592.002 (Software)",
+        "T1592.003 (Firmware)",
+        "T1592.004 (Client Configurations)",
+        "T1593 (Search Open Websites/Domains)",
+        "T1593.001 (Social Media)",
+        "T1593.002 (Search Engines)",
+        "T1593.003 (Code Repositories)",
+        "T1594 (Search Victim-Owned Websites)",
+        "T1595 (Active Scanning)",
+        "T1595.001 (Scanning IP Blocks)",
+        "T1595.002 (Vulnerability Scanning)",
+        "T1595.003 (Wordlist Scanning)",
+        "T1596 (Search Open Technical Databases)",
+        "T1596.001 (DNS/Passive DNS)",
+        "T1596.002 (WHOIS)",
+        "T1596.003 (Digital Certificates)",
+        "T1596.004 (CDNs)",
+        "T1596.005 (Scan Databases)",
+        "T1597 (Search Closed Sources)",
+        "T1597.001 (Threat Intel Vendors)",
+        "T1597.002 (Purchase Technical Data)",
+        "T1598 (Phishing for Information)",
+        "T1598.001 (Spearphishing Service)",
+        "T1598.002 (Spearphishing Attachment)",
+        "T1598.003 (Spearphishing Link)",
+        "T1599 (Network Boundary Bridging)",
+        "T1599.001 (Network Address Translation Traversal)",
+        "T1600 (Weaken Encryption)",
+        "T1600.001 (Reduce Key Space)",
+        "T1600.002 (Disable Crypto Hardware)",
+        "T1601 (Modify System Image)",
+        "T1601.001 (Patch System Image)",
+        "T1601.002 (Downgrade System Image)",
+        "T1602 (Data from Configuration Repository)",
+        "T1602.001 (SNMP (MIB Dump))",
+        "T1602.002 (Network Device Configuration Dump)",
+        "T1603 (Scheduled Task/Job)",
+        "T1604 (Proxy Through Victim)",
+        "T1605 (Command-Line Interface)",
+        "T1606 (Forge Web Credentials)",
+        "T1606.001 (Web Cookies)",
+        "T1606.002 (SAML Tokens)",
+        "T1608 (Stage Capabilities)",
+        "T1608.001 (Upload Malware)",
+        "T1608.002 (Upload Tool)",
+        "T1608.003 (Install Digital Certificate)",
+        "T1608.004 (Drive-by Target)",
+        "T1608.005 (Link Target)",
+        "T1608.006 (SEO Poisoning)",
+        "T1609 (Container Administration Command)",
+        "T1610 (Deploy Container)",
+        "T1611 (Escape to Host)",
+        "T1612 (Build Image on Host)",
+        "T1613 (Container and Resource Discovery)",
+        "T1614 (System Location Discovery)",
+        "T1614.001 (System Language Discovery)",
+        "T1615 (Group Policy Discovery)",
+        "T1616 (Call Control)",
+        "T1617 (Hooking)",
+        "T1618 (User Evasion)",
+        "T1619 (Cloud Storage Object Discovery)",
+        "T1620 (Reflective Code Loading)",
+        "T1621 (Multi-Factor Authentication Request Generation)",
+        "T1622 (Debugger Evasion)",
+        "T1623 (Command and Scripting Interpreter)",
+        "T1623.001 (Unix Shell)",
+        "T1624 (Event Triggered Execution)",
+        "T1624.001 (Broadcast Receivers)",
+        "T1625 (Hijack Execution Flow)",
+        "T1625.001 (System Runtime API Hijacking)",
+        "T1626 (Abuse Elevation Control Mechanism)",
+        "T1626.001 (Device Administrator Permissions)",
+        "T1627 (Execution Guardrails)",
+        "T1627.001 (Geofencing)",
+        "T1628 (Hide Artifacts)",
+        "T1628.001 (Suppress Application Icon)",
+        "T1628.002 (User Evasion)",
+        "T1629 (Impair Defenses)",
+        "T1629.001 (Prevent Application Removal)",
+        "T1629.002 (Device Lockout)",
+        "T1629.003 (Disable or Modify Tools)",
+        "T1630 (Indicator Removal on Host)",
+        "T1630.001 (Uninstall Malicious Application)",
+        "T1630.002 (File Deletion)",
+        "T1630.003 (Disguise Root/Jailbreak Indicators)",
+        "T1631 (Process Injection)",
+        "T1631.001 (Ptrace System Calls)",
+        "T1632 (Subvert Trust Controls)",
+        "T1632.001 (Code Signing Policy Modification)",
+        "T1633 (Virtualization/Sandbox Evasion)",
+        "T1633.001 (System Checks)",
+        "T1634 (Credentials from Password Store)",
+        "T1634.001 (Keychain)",
+        "T1635 (Steal Application Access Token)",
+        "T1635.001 (URI Hijacking)",
+        "T1636 (Protected User Data)",
+        "T1636.001 (Calendar Entries)",
+        "T1636.002 (Call Log)",
+        "T1636.003 (Contact List)",
+        "T1636.004 (SMS Messages)",
+        "T1637 (Dynamic Resolution)",
+        "T1637.001 (Domain Generation Algorithms)",
+        "T1638 (Adversary-in-the-Middle)",
+        "T1639 (Exfiltration Over Alternative Protocol)",
+        "T1639.001 (Exfiltration Over Unencrypted Non-C2 Protocol)",
+        "T1640 (Account Access Removal)",
+        "T1641 (Data Manipulation)",
+        "T1641.001 (Transmitted Data Manipulation)",
+        "T1642 (Endpoint Denial of Service)",
+        "T1643 (Generate Traffic from Victim)",
+        "T1644 (Out of Band Data)",
+        "T1645 (Compromise Client Software Binary)",
+        "T1646 (Exfiltration Over C2 Channel)",
+        "T1647 (Plist File Modification)",
+        "T1648 (Serverless Execution)",
+        "T1649 (Steal or Forge Authentication Certificates)",
+        "T1650 (Acquire Access)",
+        "T1651 (Cloud Administration Command)",
+        "T1652 (Device Driver Discovery)"
     ]
 };
 
diff --git a/src/attack_flow_builder/src/assets/builder.config.processor.ts b/src/attack_flow_builder/src/assets/builder.config.processor.ts
index d060234f..8c2071aa 100644
--- a/src/attack_flow_builder/src/assets/builder.config.processor.ts
+++ b/src/attack_flow_builder/src/assets/builder.config.processor.ts
@@ -96,7 +96,6 @@ class AttackFlowProcessor extends DiagramProcessor {
         if(value !== null && AttackFlowProcessor.TacticRecs.has(value)) {
 
             let cmd = new GroupCommand();
-            cmd.add(command);
 
             // Resolve tactic ID
             let tacticId = /TA[0-9]{4}/i.exec(value);
@@ -104,6 +103,9 @@ class AttackFlowProcessor extends DiagramProcessor {
                 throw new Error("Tactic ID could not be resolved from text.");
             }
 
+            // Update tactic field to tactic ID.
+            cmd.add(new SetStringProperty(property, tacticId[0]));
+
             // Resolve tactic
             let tactic = intel.tactics.find(o => o.id === tacticId![0])!;
             if(!tactic) {
@@ -146,7 +148,6 @@ class AttackFlowProcessor extends DiagramProcessor {
         if(value !== null && AttackFlowProcessor.TechniqueRecs.has(value)) {
 
             let cmd = new GroupCommand();
-            cmd.add(command);
 
             // Resolve technique ID
             let techniqueId = /T[0-9]{4}(?:\.[0-9]{3})?/i.exec(value);
@@ -154,6 +155,9 @@ class AttackFlowProcessor extends DiagramProcessor {
                 throw new Error("Technique ID could not be resolved from text.");
             }
 
+            // Update technique field to tactic ID.
+            cmd.add(new SetStringProperty(property, techniqueId[0]));
+
             // Resolve technique
             let technique = intel.technique.find(o => o.id === techniqueId![0])!;
             if(!technique) {