test_scratch
/
cti-ATT-CK-v13.1
/capec
/2.1
/attack-pattern
/attack-pattern--06e8782a-87af-4863-b6b1-99e09edda3be.json
| { | |
| "id": "bundle--6efd529a-51c8-4c55-9e27-ced12da4ce37", | |
| "objects": [ | |
| { | |
| "created": "2015-11-09T00:00:00.000Z", | |
| "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", | |
| "description": "This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.", | |
| "external_references": [ | |
| { | |
| "external_id": "CAPEC-555", | |
| "source_name": "capec", | |
| "url": "https://capec.mitre.org/data/definitions/555.html" | |
| }, | |
| { | |
| "external_id": "CWE-522", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/522.html" | |
| }, | |
| { | |
| "external_id": "CWE-308", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/308.html" | |
| }, | |
| { | |
| "external_id": "CWE-309", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/309.html" | |
| }, | |
| { | |
| "external_id": "CWE-294", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/294.html" | |
| }, | |
| { | |
| "external_id": "CWE-263", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/263.html" | |
| }, | |
| { | |
| "external_id": "CWE-262", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/262.html" | |
| }, | |
| { | |
| "external_id": "CWE-521", | |
| "source_name": "cwe", | |
| "url": "http://cwe.mitre.org/data/definitions/521.html" | |
| }, | |
| { | |
| "description": "Remote Services", | |
| "external_id": "T1021", | |
| "source_name": "ATTACK", | |
| "url": "https://attack.mitre.org/wiki/Technique/T1021" | |
| }, | |
| { | |
| "description": "Email Collection:Remote Email Collection", | |
| "external_id": "T1114.002", | |
| "source_name": "ATTACK", | |
| "url": "https://attack.mitre.org/wiki/Technique/T1114/002" | |
| }, | |
| { | |
| "description": "External Remote Services", | |
| "external_id": "T1133", | |
| "source_name": "ATTACK", | |
| "url": "https://attack.mitre.org/wiki/Technique/T1133" | |
| } | |
| ], | |
| "id": "attack-pattern--06e8782a-87af-4863-b6b1-99e09edda3be", | |
| "modified": "2022-09-29T00:00:00.000Z", | |
| "name": "Remote Services with Stolen Credentials", | |
| "object_marking_refs": [ | |
| "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" | |
| ], | |
| "spec_version": "2.1", | |
| "type": "attack-pattern", | |
| "x_capec_abstraction": "Standard", | |
| "x_capec_can_precede_refs": [ | |
| "attack-pattern--22802ed6-ddc6-4da7-b6be-60b10d26198b" | |
| ], | |
| "x_capec_child_of_refs": [ | |
| "attack-pattern--886a7175-e28a-4e6d-bd22-3b1497e31dc7" | |
| ], | |
| "x_capec_domains": [ | |
| "Software" | |
| ], | |
| "x_capec_example_instances": [ | |
| "Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials.", | |
| "Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell." | |
| ], | |
| "x_capec_status": "Stable", | |
| "x_capec_typical_severity": "Very High", | |
| "x_capec_version": "3.9" | |
| } | |
| ], | |
| "type": "bundle" | |
| } |