diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index abb26b71a..4c9889df3 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -109,6 +109,16 @@ SCHEMA = { "and evade a typical user or system analysis that does not " "incorporate investigation of hidden files." }, + "T1168": { + "title": "Local job scheduling", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1168/", + "description": "Linux supports multiple methods for creating pre-scheduled and " + "periodic background jobs. Job scheduling can be used by adversaries to " + "schedule running malicious code at some specified date and time." + }, "T1504": { "title": "PowerShell profile", "type": "bool", @@ -119,6 +129,16 @@ SCHEMA = { "in certain situations by abusing PowerShell profiles which " "are scripts that run when PowerShell starts." }, + "T1053": { + "title": "Scheduled task", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1053", + "description": "Windows utilities can be used to schedule programs or scripts to " + "be executed at a date and time. An adversary may use task scheduling to " + "execute programs at system startup or on a scheduled basis for persistence." + }, "T1166": { "title": "Setuid and Setgid", "type": "bool",