LSASS realign to T1003.001

yml/OSBinaries/Scriptrunner.yml

@@ -6,14 +6,14 @@ Created: 2018-05-25
 Commands:
   - Command: Scriptrunner.exe -appvscript calc.exe
     Description: Executes calc.exe
-    Usecase: Execute binary through proxy binary to evade defensive counter measurments
+    Usecase: Execute binary through proxy binary to evade defensive counter measures
     Category: Execute
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
   - Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
     Description: Executes calc.cmd from remote server
-    Usecase: Execute binary through proxy binary from external server to evade defensive counter measurments
+    Usecase: Execute binary through proxy binary from external server to evade defensive counter measures
     Category: Execute
     Privileges: User
     MitreID: T1218

yml/OSLibraries/comsvcs.yml

@@ -9,7 +9,7 @@ Commands:
     Usecase: Dump Lsass.exe process memory to retrieve credentials.
     Category: Dump
     Privileges: SYSTEM
-    MitreID: T1003
+    MitreID: T1003.001
     OperatingSystem: Windows
 Full_Path:
   - Path: c:\windows\system32\comsvcs.dll

yml/OtherMSBinaries/Adplus.yml

@@ -9,7 +9,7 @@ Commands:
     Usecase: Create memory dump and parse it offline
     Category: Dump
     Privileges: SYSTEM
-    MitreID: T1003
+    MitreID: T1003.001
     OperatingSystem: All Windows
 Full_Path:
   - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\adplus.exe

yml/OtherMSBinaries/Sqldumper.yml

@@ -16,7 +16,7 @@ Commands:
     Usecase: Dump LSASS.exe to Mimikatz compatible dump using PID.
     Category: Dump
     Privileges: Administrator
-    MitreID: T1003
+    MitreID: T1003.001
     OperatingSystem: Windows
 Full_Path:
   - Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe