From bd12476e87603340db09ab19e17a1f77b53a79b2 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Mon, 27 Apr 2020 21:34:41 +0200
Subject: [PATCH] Create Mitre-Unknown_2020_04-27.json

---
 .../Json/Mitre-Unknown_2020_04-27.json        | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 Additional Analysis/Unknown/2020-04-27/Json/Mitre-Unknown_2020_04-27.json

diff --git a/Additional Analysis/Unknown/2020-04-27/Json/Mitre-Unknown_2020_04-27.json b/Additional Analysis/Unknown/2020-04-27/Json/Mitre-Unknown_2020_04-27.json
new file mode 100644
index 0000000..36407ca
--- /dev/null
+++ b/Additional Analysis/Unknown/2020-04-27/Json/Mitre-Unknown_2020_04-27.json	
@@ -0,0 +1,37 @@
+[
+    {
+        "Id":  "T1012",
+        "Name":  "Query Registry",
+        "Type":  "Discovery",
+        "Description":  "Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.",
+        "URL":  "https://attack.mitre.org/techniques/T1012"
+    },
+    {
+        "Id":  "T1033",
+        "Name":  "System Owner/User Discovery",
+        "Type":  "Discovery",
+        "Description":  "Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using Credential Dumping. The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs.",
+        "URL":  "https://attack.mitre.org/techniques/T1033"
+    },
+    {
+        "Id":  "T1064",
+        "Name":  "Scripting",
+        "Type":  "Defense Evasion, Execution",
+        "Description":  "Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.",
+        "URL":  "https://attack.mitre.org/techniques/T1064"
+    },
+    {
+        "Id":  "T1086",
+        "Name":  "PowerShell",
+        "Type":  "Execution",
+        "Description":  "PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer.",
+        "URL":  "https://attack.mitre.org/techniques/T1086"
+    },
+    {
+        "Id":  "T1170",
+        "Name":  "Mshta",
+        "Type":  "Defense Evasion, Execution",
+        "Description":  "Mshta.exe is a utility that executes Microsoft HTML Applications (HTA). HTA files have the file extension .hta. HTAs are standalone applications that execute using the same models and technologies of Internet Explorer, but outside of the browser.",
+        "URL":  "https://attack.mitre.org/techniques/T1170"
+    }
+]