{ "type": "bundle", "id": "bundle--a24543db-962c-4997-be6a-6679c680b570", "spec_version": "2.0", "objects": [ { "modified": "2023-03-08T22:19:16.160Z", "name": "Execution", "description": "The adversary is trying to run code or manipulate system functions, parameters, and data in an unauthorized way.\n\nExecution consists of techniques that result in adversary-controlled code running on a local or remote system, device, or other asset. This execution may also rely on unknowing end users or the manipulation of device operating modes to run. Adversaries may infect remote targets with programmed executables or malicious project files that operate according to specified behavior and may alter expected device behavior in subtle ways. Commands for execution may also be issued from command-line interfaces, APIs, GUIs, or other available interfaces. Techniques that run malicious code may also be paired with techniques from other tactics, particularly to aid network [Discovery](https://attack.mitre.org/tactics/TA0102) and [Collection](https://attack.mitre.org/tactics/TA0100), impact operations, and inhibit response functions.", "x_mitre_deprecated": false, "x_mitre_domains": [ "ics-attack" ], "x_mitre_version": "1.0", "x_mitre_shortname": "execution", "type": "x-mitre-tactic", "id": "x-mitre-tactic--93bf9a8e-b14c-4587-b6d5-9efc7c12eb45", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/tactics/TA0104", "external_id": "TA0104" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }