File size: 4,833 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
{
"id": "bundle--6efd529a-51c8-4c55-9e27-ced12da4ce37",
"objects": [
{
"created": "2015-11-09T00:00:00.000Z",
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
"description": "This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.",
"external_references": [
{
"external_id": "CAPEC-555",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/555.html"
},
{
"external_id": "CWE-522",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/522.html"
},
{
"external_id": "CWE-308",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/308.html"
},
{
"external_id": "CWE-309",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/309.html"
},
{
"external_id": "CWE-294",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/294.html"
},
{
"external_id": "CWE-263",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/263.html"
},
{
"external_id": "CWE-262",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/262.html"
},
{
"external_id": "CWE-521",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/521.html"
},
{
"description": "Remote Services",
"external_id": "T1021",
"source_name": "ATTACK",
"url": "https://attack.mitre.org/wiki/Technique/T1021"
},
{
"description": "Email Collection:Remote Email Collection",
"external_id": "T1114.002",
"source_name": "ATTACK",
"url": "https://attack.mitre.org/wiki/Technique/T1114/002"
},
{
"description": "External Remote Services",
"external_id": "T1133",
"source_name": "ATTACK",
"url": "https://attack.mitre.org/wiki/Technique/T1133"
}
],
"id": "attack-pattern--06e8782a-87af-4863-b6b1-99e09edda3be",
"modified": "2022-09-29T00:00:00.000Z",
"name": "Remote Services with Stolen Credentials",
"object_marking_refs": [
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
],
"spec_version": "2.1",
"type": "attack-pattern",
"x_capec_abstraction": "Standard",
"x_capec_can_precede_refs": [
"attack-pattern--22802ed6-ddc6-4da7-b6be-60b10d26198b"
],
"x_capec_child_of_refs": [
"attack-pattern--886a7175-e28a-4e6d-bd22-3b1497e31dc7"
],
"x_capec_domains": [
"Software"
],
"x_capec_example_instances": [
"Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials.",
"Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell."
],
"x_capec_status": "Stable",
"x_capec_typical_severity": "Very High",
"x_capec_version": "3.9"
}
],
"type": "bundle"
} |