Create Mitre-Kimsuky-2020-03-20.json
This commit is contained in:
parent
e8c1d7bbd6
commit
f2a8facb41
@ -0,0 +1,44 @@
|
||||
[
|
||||
{
|
||||
"Id": "T1012",
|
||||
"Name": "Query Registry",
|
||||
"Type": "Discovery ",
|
||||
"Description": "Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.",
|
||||
"URL": "https://attack.mitre.org/techniques/T1012/"
|
||||
},
|
||||
{
|
||||
"Id": "T1057",
|
||||
"Name": "Process Discovery",
|
||||
"Type": "Discovery ",
|
||||
"Description": "Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network.",
|
||||
"URL": "https://attack.mitre.org/techniques/T1057/"
|
||||
},
|
||||
{
|
||||
"Id": "T1060",
|
||||
"Name": "Registry Run Keys / Startup Folder",
|
||||
"Type": "Persistence ",
|
||||
"Description": "Adding an entry to the \"run keys\" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account\u0027s associated permissions level.",
|
||||
"URL": "https://attack.mitre.org/techniques/T1060/"
|
||||
},
|
||||
{
|
||||
"Id": "T1064",
|
||||
"Name": "Scripting",
|
||||
"Type": "Defense Evasion, Execution ",
|
||||
"Description": "Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.",
|
||||
"URL": "https://attack.mitre.org/techniques/T1064/"
|
||||
},
|
||||
{
|
||||
"Id": "T1082",
|
||||
"Name": "System Information Discovery",
|
||||
"Type": "Discovery ",
|
||||
"Description": "An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.",
|
||||
"URL": "https://attack.mitre.org/techniques/T1082/"
|
||||
},
|
||||
{
|
||||
"Id": "T1086",
|
||||
"Name": "PowerShell",
|
||||
"Type": "Execution ",
|
||||
"Description": "PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer.",
|
||||
"URL": "https://attack.mitre.org/techniques/T1086/"
|
||||
}
|
||||
]
|
Loading…
Reference in New Issue
Block a user