{ "type": "bundle", "id": "bundle--965ec4a7-fedc-43b2-8819-a6b84f3aa5d2", "spec_version": "2.0", "objects": [ { "modified": "2022-12-07T19:50:56.964Z", "name": "Script", "description": "A file or stream containing a list of commands, allowing them to be launched in sequence(Citation: Microsoft PowerShell Logging)(Citation: FireEye PowerShell Logging)(Citation: Microsoft AMSI)", "x_mitre_platforms": [ "Windows" ], "x_mitre_deprecated": false, "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_version": "1.1", "x_mitre_contributors": [ "Center for Threat-Informed Defense (CTID)" ], "x_mitre_collection_layers": [ "Host" ], "type": "x-mitre-data-source", "id": "x-mitre-data-source--12c1e727-7fa4-49b6-af81-366ed2ce231e", "created": "2021-10-20T15:05:19.272Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/datasources/DS0012", "external_id": "DS0012" }, { "source_name": "FireEye PowerShell Logging", "description": "Dunwoody, M. (2016, February 11). Greater Visibility Through PowerShell Logging. Retrieved September 28, 2021.", "url": "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html" }, { "source_name": "Microsoft AMSI", "description": "Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.", "url": "https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal" }, { "source_name": "Microsoft PowerShell Logging", "description": "Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.", "url": "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }