test_scratch
/
cti-ATT-CK-v13.1
/capec
/2.0
/attack-pattern
/attack-pattern--06e8782a-87af-4863-b6b1-99e09edda3be.json
{ | |
"id": "bundle--166a8c6c-2412-4410-bede-9eea8069da67", | |
"objects": [ | |
{ | |
"created": "2015-11-09T00:00:00.000Z", | |
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", | |
"description": "This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.", | |
"external_references": [ | |
{ | |
"external_id": "CAPEC-555", | |
"source_name": "capec", | |
"url": "https://capec.mitre.org/data/definitions/555.html" | |
}, | |
{ | |
"external_id": "CWE-522", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/522.html" | |
}, | |
{ | |
"external_id": "CWE-308", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/308.html" | |
}, | |
{ | |
"external_id": "CWE-309", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/309.html" | |
}, | |
{ | |
"external_id": "CWE-294", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/294.html" | |
}, | |
{ | |
"external_id": "CWE-263", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/263.html" | |
}, | |
{ | |
"external_id": "CWE-262", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/262.html" | |
}, | |
{ | |
"external_id": "CWE-521", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/521.html" | |
}, | |
{ | |
"description": "Remote Services", | |
"external_id": "T1021", | |
"source_name": "ATTACK", | |
"url": "https://attack.mitre.org/wiki/Technique/T1021" | |
}, | |
{ | |
"description": "Email Collection:Remote Email Collection", | |
"external_id": "T1114.002", | |
"source_name": "ATTACK", | |
"url": "https://attack.mitre.org/wiki/Technique/T1114/002" | |
}, | |
{ | |
"description": "External Remote Services", | |
"external_id": "T1133", | |
"source_name": "ATTACK", | |
"url": "https://attack.mitre.org/wiki/Technique/T1133" | |
} | |
], | |
"id": "attack-pattern--06e8782a-87af-4863-b6b1-99e09edda3be", | |
"modified": "2022-09-29T00:00:00.000Z", | |
"name": "Remote Services with Stolen Credentials", | |
"object_marking_refs": [ | |
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" | |
], | |
"type": "attack-pattern", | |
"x_capec_abstraction": "Standard", | |
"x_capec_can_precede_refs": [ | |
"attack-pattern--22802ed6-ddc6-4da7-b6be-60b10d26198b" | |
], | |
"x_capec_child_of_refs": [ | |
"attack-pattern--886a7175-e28a-4e6d-bd22-3b1497e31dc7" | |
], | |
"x_capec_domains": [ | |
"Software" | |
], | |
"x_capec_example_instances": [ | |
"Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials.", | |
"Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell." | |
], | |
"x_capec_status": "Stable", | |
"x_capec_typical_severity": "Very High", | |
"x_capec_version": "3.9" | |
} | |
], | |
"spec_version": "2.0", | |
"type": "bundle" | |
} |