update RE&CT analytics

Author: yugoslavskiy

Atomic_Threat_Coverage/Response_Playbooks/RP_0001_phishing_email.md

@@ -3,12 +3,12 @@
 | **ID**            | RP0001            |
 | **Description**   | Response playbook for Phishing Email case   |
 | **Author**        | @atc_project        |
-| **Creation Date** | 31.01.2019 |
+| **Creation Date** | 2019/01/31 |
 | **Severity**      | M      |
 | **TLP**           | AMBER           |
 | **PAP**           | WHITE           |
 | **ATT&amp;CK Tactic**  |<ul><li>[TA0001: Initial Access](https://attack.mitre.org/tactics/TA0001)</li></ul>|
-| **ATT&amp;CK Technique**  |<ul><li>[T1193: Spearphishing Attachment](https://attack.mitre.org/tactics/T1193)</li><li>[T1192: Spearphishing Link](https://attack.mitre.org/tactics/T1192)</li></ul>|
+| **ATT&amp;CK Technique**  |<ul><li>[T1566.001: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001)</li><li>[T1566.002: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002)</li></ul>|
 | **Tags**          | <ul><li>phishing</li></ul> |
 | **Preparation**  |<ul><li>[RA1001: Practice](../Response_Actions/RA_1001_practice.md)</li><li>[RA1002: Take trainings](../Response_Actions/RA_1002_take_trainings.md)</li><li>[RA1004: Make personnel report suspicious activity](../Response_Actions/RA_1004_make_personnel_report_suspicious_activity.md)</li><li>[RA1003: Raise personnel awareness](../Response_Actions/RA_1003_raise_personnel_awareness.md)</li><li>[RA1101: Access external network flow logs](../Response_Actions/RA_1101_access_external_network_flow_logs.md)</li><li>[RA1104: Access external HTTP logs](../Response_Actions/RA_1104_access_external_http_logs.md)</li><li>[RA1106: Access external DNS logs](../Response_Actions/RA_1106_access_external_dns_logs.md)</li><li>[RA1111: Get ability to block external IP address](../Response_Actions/RA_1111_get_ability_to_block_external_ip_address.md)</li><li>[RA1113: Get ability to block external domain](../Response_Actions/RA_1113_get_ability_to_block_external_domain.md)</li><li>[RA1115: Get ability to block external URL](../Response_Actions/RA_1115_get_ability_to_block_external_url.md)</li><li>[RA1201: Get ability to list users opened email message](../Response_Actions/RA_1201_get_ability_to_list_users_opened_email_message.md)</li><li>[RA1202: Get ability to list email message receivers](../Response_Actions/RA_1202_get_ability_to_list_email_message_receivers.md)</li><li>[RA1203: Get ability to block email domain](../Response_Actions/RA_1203_get_ability_to_block_email_domain.md)</li><li>[RA1204: Get ability to block email sender](../Response_Actions/RA_1204_get_ability_to_block_email_sender.md)</li><li>[RA1205: Get ability to delete email message](../Response_Actions/RA_1205_get_ability_to_delete_email_message.md)</li><li>[RA1206: Get ability to quarantine email message](../Response_Actions/RA_1206_get_ability_to_quarantine_email_message.md)</li></ul>|
 | **Identification**  |<ul><li>[RA2003: Put compromised accounts on monitoring](../Response_Actions/RA_2003_put_compromised_accounts_on_monitoring.md)</li><li>[RA2113: List hosts communicated with external domain](../Response_Actions/RA_2113_list_hosts_communicated_with_external_domain.md)</li><li>[RA2114: List hosts communicated with external IP](../Response_Actions/RA_2114_list_hosts_communicated_with_external_ip.md)</li><li>[RA2115: List hosts communicated with external URL](../Response_Actions/RA_2115_list_hosts_communicated_with_external_url.md)</li><li>[RA2201: List users opened email message](../Response_Actions/RA_2201_list_users_opened_email_message.md)</li><li>[RA2202: Collect email message](../Response_Actions/RA_2202_collect_email_message.md)</li><li>[RA2203: List email message receivers](../Response_Actions/RA_2203_list_email_message_receivers.md)</li><li>[RA2204: Make sure email message is phishing](../Response_Actions/RA_2204_make_sure_email_message_is_phishing.md)</li><li>[RA2205: Extract observables from email message](../Response_Actions/RA_2205_extract_observables_from_email_message.md)</li></ul>|