test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/relationship
/relationship--00d3d6a8-c711-4bb5-bf0a-e17c0ecac8c8.json
{ | |
"type": "bundle", | |
"id": "bundle--b1612c4d-6668-47dd-b092-2e8699250fb9", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"id": "relationship--00d3d6a8-c711-4bb5-bf0a-e17c0ecac8c8", | |
"type": "relationship", | |
"created": "2019-01-30T15:19:14.928Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"external_references": [ | |
{ | |
"description": "Yan, T., et al. (2018, November 21). New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit. Retrieved November 29, 2018.", | |
"url": "https://researchcenter.paloaltonetworks.com/2018/11/unit42-new-wine-old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/", | |
"source_name": "Unit42 Azorult Nov 2018" | |
} | |
], | |
"modified": "2020-03-16T16:39:52.451Z", | |
"description": "[Azorult](https://attack.mitre.org/software/S0344) can call WTSQueryUserToken and CreateProcessAsUser to start a new process with local system privileges.(Citation: Unit42 Azorult Nov 2018)", | |
"relationship_type": "uses", | |
"source_ref": "malware--f9b05f33-d45d-4e4d-aafe-c208d38a0080", | |
"target_ref": "attack-pattern--677569f9-a8b0-459e-ab24-7f18091fa7bf", | |
"x_mitre_version": "1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |