CyberThreatIntel/Iran/APT/APT33/16-11-19/MITRE-APT33-18-11-19.json
2019-11-18 22:37:10 +01:00

45 lines
3.3 KiB
JSON

[
{
"Id": "T1012",
"Name": "Query Registry",
"Type": "Discovery ",
"Description": "Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.",
"URL": "https://attack.mitre.org/techniques/T1012/"
},
{
"Id": "T1059",
"Name": "Command-Line Interface",
"Type": "Execution ",
"Description": "Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. One example command-line interface on Windows systems is cmd, which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task).",
"URL": "https://attack.mitre.org/techniques/T1059/"
},
{
"Id": "T1064",
"Name": "Scripting",
"Type": "Defense Evasion, Execution ",
"Description": "Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.",
"URL": "https://attack.mitre.org/techniques/T1064/"
},
{
"Id": "T1086",
"Name": "PowerShell",
"Type": "Execution ",
"Description": "PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer.",
"URL": "https://attack.mitre.org/techniques/T1086/"
},
{
"Id": "T1106",
"Name": "Execution through API",
"Type": "Execution ",
"Description": "Adversary tools may directly use the Windows application programming interface (API) to execute binaries. Functions such as the Windows API CreateProcess will allow programs and scripts to start other processes with proper path and argument parameters.",
"URL": "https://attack.mitre.org/techniques/T1106/"
},
{
"Id": "T1112",
"Name": "Modify Registry",
"Type": "Defense Evasion ",
"Description": "Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in Persistence and Execution.",
"URL": "https://attack.mitre.org/techniques/T1112/"
}
]