cti-ATT-CK-v13.1/ics-attack/attack-pattern/attack-pattern--2dc2b567-8821-49f9-9045-8740f3d0b958.json

{
    "type": "bundle",
    "id": "bundle--efe8aaea-4832-4d06-b988-5040f3497c3d",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-09T18:38:51.471Z",
            "name": "Scripting",
            "description": "Adversaries may use scripting languages to execute arbitrary code in the form of a pre-written script or in the form of user-supplied code to an interpreter. Scripting languages are programming languages that differ from compiled languages, in that scripting languages use an interpreter, instead of a compiler. These interpreters read and compile part of the source code just before it is executed, as opposed to compilers, which compile each and every line of code to an executable file. Scripting allows software developers to run their code on any system where the interpreter exists. This way, they can distribute one package, instead of precompiling executables for many different systems. Scripting languages, such as Python, have their interpreters shipped as a default with many Linux distributions. \n\nIn addition to being a useful tool for developers and administrators, scripting language interpreters may be abused by the adversary to execute code in the target environment. Due to the nature of scripting languages, this allows for weaponized code to be deployed to a target easily, and leaves open the possibility of on-the-fly scripting to perform a task.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "execution"
                }
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_deprecated": false,
            "x_mitre_detection": "",
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Engineering Workstation"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_data_sources": [
                "Command: Command Execution",
                "Script: Script Execution",
                "Module: Module Load",
                "Process: Process Creation",
                "Process: Process Metadata"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--2dc2b567-8821-49f9-9045-8740f3d0b958",
            "created": "2020-05-21T17:43:26.506Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T0853",
                    "external_id": "T0853"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ]
        }
    ]
}