ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create Mitre-DangerousPassword_2020_04-02.json

Browse Source
This commit is contained in:
StrangerealIntel 2020-04-02 21:53:46 +02:00 committed by GitHub
parent 1be6b46797
commit 705ca65cb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
offshore APT organization/DangerousPassword/2020-04-02/JSON/Mitre-DangerousPassword_2020_04-02.json Normal file
View File

@ -0,0 +1,37 @@
[
{
"Id": "T1012",
"Name": "Query Registry",
"Type": "Discovery ",
"Description": "Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.",
"URL": "https://attack.mitre.org/techniques/T1012/"
},
{
"Id": "T1059",
"Name": "Command-Line Interface",
"Type": "Execution ",
"Description": "Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. One example command-line interface on Windows systems is cmd, which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task).",
"URL": "https://attack.mitre.org/techniques/T1059/"
},
{
"Id": "T1064",
"Name": "Scripting",
"Type": "Defense Evasion, Execution ",
"Description": "Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.",
"URL": "https://attack.mitre.org/techniques/T1064/"
},
{
"Id": "T1130",
"Name": "Install Root Certificate",
"Type": "Defense Evasion ",
"Description": "Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root\u0027s chain of trust that have been signed by the root certificate. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.",
"URL": "https://attack.mitre.org/techniques/T1130/"
},
{
"Id": "T1170",
"Name": "Mshta",
"Type": "Defense Evasion, Execution ",
"Description": "Mshta.exe is a utility that executes Microsoft HTML Applications (HTA). HTA files have the file extension .hta. HTAs are standalone applications that execute using the same models and technologies of Internet Explorer, but outside of the browser.",
"URL": "https://attack.mitre.org/techniques/T1170/"
}
]