Wizard Spider and Sandworm Evaluation: Technique Scope
For the Wizard Spider and Sandworm evaluation, the highlighted ATT&CK techniques are in scope for this evaluation. Linux techniques are included in the scope of this evaluation, though will only represent a small portion of the evaluation. The Linux portion of the evaluation is optional for participants. This will also mark the first time the impact tactic is in scope for the evaluation. Due to the public call for intelligence contributions, the scope is subject to change. A final scope will be published in July 2021.
You can view the in-scope Techniques for the Wizard Spider and Sandworm evaluation in the ATT&CK Navigator by checking out the layer file we made available here. A preview is shown below! The Techniques in scope attributed specifically to Wizard Spider are highlighted in purple, attributed specifically to Sandworm in blue, and both Wizard Spider and Sandworm in grey.