jcwilliamsATmitre
commented
5 months ago Thanks for reaching out! Interesting idea, we currently consider backup software to be within the scope of the parent https://attack.mitre.org/techniques/T1518/ technique, but I see your point about it being specific enough to warrant consideration as a unique sub-technique.
We generally avoid trying to create too many sub-techniques, but given this idea's relevance towards behaviors such as https://attack.mitre.org/techniques/T1490/ it is worth looking into.
Please feel free to reach out to attack@mitre.org if you would like to discuss this further, thanks again!
Hi,
i'm not sure if this belong here... maybe you can bounce it to the right people/repo.
Under Discovery -> Software Discovery there's 'Security Software Discovery' Please also add "Backup Software Discovery" because that's a major factor with ransomware gangs.