Create Mitre-Dridex_2020_05_01.json

2020-05-01 18:53:19 +02:00 · 2020-05-01 18:53:19 +02:00 · 6abecbf7fa
commit 6abecbf7fa
parent 8a2ac401e0
1 changed files with 23 additions and 0 deletions
--- a/Analysis/Dridex/2020-05-01/Mitre-Dridex_2020_05_01.json
+++ b/Analysis/Dridex/2020-05-01/Mitre-Dridex_2020_05_01.json
@ -0,0 +1,23 @@
+[
+    {
+        "Id":  "T1012",
+        "Name":  "Query Registry",
+        "Type":  "Discovery",
+        "Description":  "Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.",
+        "URL":  "https://attack.mitre.org/techniques/T1012"
+    },
+    {
+        "Id":  "T1082",
+        "Name":  "System Information Discovery",
+        "Type":  "Discovery",
+        "Description":  "An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.",
+        "URL":  "https://attack.mitre.org/techniques/T1082"
+    },
+    {
+        "Id":  "T1085",
+        "Name":  "Rundll32",
+        "Type":  "Defense Evasion, Execution",
+        "Description":  "The rundll32.exe program can be called to execute an arbitrary binary. Adversaries may take advantage of this functionality to proxy execution of code to avoid triggering security tools that may not monitor execution of the rundll32.exe process because of whitelists or false positives from Windows using rundll32.exe for normal operations.",
+        "URL":  "https://attack.mitre.org/techniques/T1085"
+    }
+]