APT29 Evaluation: Technique Scope
For the APT29 evaluation, we tested 58 of 60 in scope Enterprise ATT&CK techniques across 10 ATT&CK tactics. Uncommonly Used Port was added to scope at the time of evaluation. DLL Search Order Hijacking was not evaluated. Process Injection was part of Step 19, which was excluded from results. The Initial Access tactic was considered out of scope for the evaluation. The in-scope techniques for the APT29 evaluation are displayed below and are also highlighted in each vendor’s results page.
You can view the in scope Techniques for the APT29 evaluation in the ATT&CK Navigator by checking out the layer file we made available here. A preview is shown below! The Techniques in-scope for Round 2 are highlighted in green. (Updated April 21, 2020)