From c0ed6c4e1d2e37b09da15200f69235b6e2ee40c5 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Sat, 28 Dec 2019 18:02:39 +0100
Subject: [PATCH] Update MITRE_ref.json

---
 Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json b/Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json
index deb8d77..09c89cc 100644
--- a/Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json
+++ b/Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json
@@ -13,6 +13,13 @@
         "Description":  "Adding an entry to the \"run keys\" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account\u0027s associated permissions level.",
         "URL":  "https://attack.mitre.org/techniques/T1060/"
     },
+    {
+        "Id":  "T1081",
+        "Name":  "Credentials in Files",
+        "Type":  "Credential Access ",
+        "Description":  "Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.",
+        "URL":  "https://attack.mitre.org/techniques/T1081/"
+    },
     {
         "Id":  "T1129",
         "Name":  "Execution through Module Load",