Update analysis.md
This commit is contained in:
parent
8327cf6893
commit
8326d5c9be
@ -901,6 +901,7 @@ function PulsetoC2($rid)
|
|||||||
<h2> References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a></h2>
|
<h2> References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a></h2>
|
||||||
<h6> List of all the references with MITRE ATT&CK Matrix</h6>
|
<h6> List of all the references with MITRE ATT&CK Matrix</h6>
|
||||||
<h3>CES 2020</h3>
|
<h3>CES 2020</h3>
|
||||||
|
|
||||||
|Enterprise tactics|Technics used|Ref URL|
|
|Enterprise tactics|Technics used|Ref URL|
|
||||||
| :---------------: |:-------------| :------------- |
|
| :---------------: |:-------------| :------------- |
|
||||||
|Persistence|T1179 - Hooking|https://attack.mitre.org/wiki/Technique/T1179|
|
|Persistence|T1179 - Hooking|https://attack.mitre.org/wiki/Technique/T1179|
|
||||||
@ -909,14 +910,18 @@ function PulsetoC2($rid)
|
|||||||
|Credential Access|T1179 - Hooking|https://attack.mitre.org/wiki/Technique/T1179|
|
|Credential Access|T1179 - Hooking|https://attack.mitre.org/wiki/Technique/T1179|
|
||||||
|Discovery|T1010 - Application Window Discovery<br/>T1082 - System Information Discovery<br/>T1124 - System Time Discovery|https://attack.mitre.org/wiki/Technique/T1010<br/>https://attack.mitre.org/wiki/Technique/T1082<br/>https://attack.mitre.org/wiki/Technique/T1124|
|
|Discovery|T1010 - Application Window Discovery<br/>T1082 - System Information Discovery<br/>T1124 - System Time Discovery|https://attack.mitre.org/wiki/Technique/T1010<br/>https://attack.mitre.org/wiki/Technique/T1082<br/>https://attack.mitre.org/wiki/Technique/T1124|
|
||||||
|Collection|T1115 - Clipboard Data|https://attack.mitre.org/wiki/Technique/T1115|
|
|Collection|T1115 - Clipboard Data|https://attack.mitre.org/wiki/Technique/T1115|
|
||||||
|
|
||||||
<h3> HAL </h3>
|
<h3> HAL </h3>
|
||||||
|
|
||||||
|Enterprise tactics|Technics used|Ref URL|
|
|Enterprise tactics|Technics used|Ref URL|
|
||||||
| :---------------: |:-------------| :------------- |
|
| :---------------: |:-------------| :------------- |
|
||||||
|Execution|Rundll32|https://attack.mitre.org/techniques/T1085/|
|
|Execution|Rundll32|https://attack.mitre.org/techniques/T1085|
|
||||||
|Persistence|Registry Run Keys / Startup Folder|https://attack.mitre.org/techniques/T1060/|
|
|Persistence|Registry Run Keys / Startup Folder|https://attack.mitre.org/techniques/T1060|
|
||||||
|Defense Evasion|Rundll32|https://attack.mitre.org/techniques/T1085/|
|
|Defense Evasion|Rundll32|https://attack.mitre.org/techniques/T1085|
|
||||||
|Discovery|Query Registry|https://attack.mitre.org/techniques/T1012/|
|
|Discovery|Query Registry|https://attack.mitre.org/techniques/T1012|
|
||||||
|
|
||||||
<h3> Powershell backdoor </h3>
|
<h3> Powershell backdoor </h3>
|
||||||
|
|
||||||
|Enterprise tactics|Technics used|Ref URL|
|
|Enterprise tactics|Technics used|Ref URL|
|
||||||
| :---------------: |:-------------| :------------- |
|
| :---------------: |:-------------| :------------- |
|
||||||
|Execution|Scripting<br>PowerShell|https://attack.mitre.org/techniques/T1064/<br>https://attack.mitre.org/techniques/T1086/|
|
|Execution|Scripting<br>PowerShell|https://attack.mitre.org/techniques/T1064/<br>https://attack.mitre.org/techniques/T1086/|
|
||||||
@ -927,6 +932,7 @@ function PulsetoC2($rid)
|
|||||||
|Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/|
|
|Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/|
|
||||||
|
|
||||||
<h3> MacOS backdoor </h3>
|
<h3> MacOS backdoor </h3>
|
||||||
|
|
||||||
|Enterprise tactics|Technics used|Ref URL|
|
|Enterprise tactics|Technics used|Ref URL|
|
||||||
| :---------------: |:-------------| :------------- |
|
| :---------------: |:-------------| :------------- |
|
||||||
|Execution|Scripting|https://attack.mitre.org/techniques/T1064/|
|
|Execution|Scripting|https://attack.mitre.org/techniques/T1064/|
|
||||||
@ -937,6 +943,7 @@ function PulsetoC2($rid)
|
|||||||
|Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/|
|
|Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/|
|
||||||
|
|
||||||
<h3>DTrack</h3>
|
<h3>DTrack</h3>
|
||||||
|
|
||||||
|Enterprise tactics|Technics used|Ref URL|
|
|Enterprise tactics|Technics used|Ref URL|
|
||||||
| :---------------: |:-------------| :------------- |
|
| :---------------: |:-------------| :------------- |
|
||||||
|Execution|Command-Line Interface|https://attack.mitre.org/techniques/T1059/|
|
|Execution|Command-Line Interface|https://attack.mitre.org/techniques/T1059/|
|
||||||
|
Loading…
Reference in New Issue
Block a user