removed tactic from titles

2026-06-08 17:07:13 +00:00 · 2020-12-06 00:34:46 -06:00
parent 4d6ac236bc
commit bc3557a4ea
5 changed files with 7 additions and 7 deletions
@@ -1,4 +1,4 @@
-title: T1548.002 Bypass User Access Control
+title: Bypass User Access Control
 description: Detection of UAC bypass through tampering with Shell Open for .ms-settings
  or .msc file types. Also includes detection for CMSTPLUA COM interface abuse by GUID.
 author: keyboardcrunch
@@ -7,7 +7,7 @@ modified: 05/12/2020
 mitre:
   tactic: Defense Evasion, Privilege Escalation
   technique: T1548
-   subtechnique: 008
+   subtechnique: 002
 operating_system: windows
 query: (SrcProcCmdLine ContainsCIS "ms-settings\shell\open\command" OR SrcProcCmdLine
  ContainsCIS "mscfile\shell\open\command") OR (TgtProcDisplayName = "COM Surrogate"
@@ -1,4 +1,4 @@
-title: T1562.001 Disable Microsoft Office Security Features
+title: Disable Microsoft Office Security Features
 description: Detects disabling of Microsoft Office Security features.
 author: keyboardcrunch
 date: 10/10/2020
@@ -1,4 +1,4 @@
-title: T1552.001 Findstr Password Extraction
+title: Findstr Password Extraction
 description: Detection of content exfiltration of passwords within files using findstr.exe
  or PowerShell's findstr.
 author: keyboardcrunch
@@ -7,7 +7,7 @@ modified: null
 mitre:
   tactic: Credential Access
   technique: T1552
-   subtechnique: 006
+   subtechnique: 001
 operating_system: windows
 query: TgtProcCmdLine ContainsCIS "/si pass" OR TgtProcCmdLine ContainsCIS "-pattern
  password"
@@ -1,4 +1,4 @@
-title: T1003.004 LSA Secrets
+title: LSA Secrets Extraction
 description: Detect direct LSA extraction with reg.exe.
 author: keyboardcrunch
 date: 10/10/2020
@@ -1,4 +1,4 @@
-title: T1055 Process Injection
+title: Process Injection
 description: Detects Process Injection through execution of MavInject, filtering out
  noisy/expected activity. SrcProcParentName filter narrows Cross Process items to
  refine results.