From 37b4717eb16c3acdd91651680af624500da992f8 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 25 Jun 2020 01:33:24 +0530 Subject: [PATCH] Add techniques' info to attack_schema --- .../cc/services/attack/attack_schema.py | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index abb26b71a..4c9889df3 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -109,6 +109,16 @@ SCHEMA = { "and evade a typical user or system analysis that does not " "incorporate investigation of hidden files." }, + "T1168": { + "title": "Local job scheduling", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1168/", + "description": "Linux supports multiple methods for creating pre-scheduled and " + "periodic background jobs. Job scheduling can be used by adversaries to " + "schedule running malicious code at some specified date and time." + }, "T1504": { "title": "PowerShell profile", "type": "bool", @@ -119,6 +129,16 @@ SCHEMA = { "in certain situations by abusing PowerShell profiles which " "are scripts that run when PowerShell starts." }, + "T1053": { + "title": "Scheduled task", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1053", + "description": "Windows utilities can be used to schedule programs or scripts to " + "be executed at a date and time. An adversary may use task scheduling to " + "execute programs at system startup or on a scheduled basis for persistence." + }, "T1166": { "title": "Setuid and Setgid", "type": "bool",