security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-08-08 16:51:39 +00:00
parent 38d6fe84a9
commit 8330cf667d
2 changed files with 4 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+3 -13
View File
@@ -46036,19 +46036,9 @@ execution:
'
- name: Python pty module and spawn function used to spawn sh or bash
auto_generated_guid: 161d694c-b543-4434-85c3-c3a433e33792
description: 'ID T1059.006. Adversaries may abuse Python commands and scripts
for execution. Python is a very popular scripting/programming language, with
capabilities to perform many functions. Python can be executed interactively
from the command-line (via the python.exe interpreter) or via scripts (.py)
that can be written and distributed to different systems. Python code can
also be compiled into binary executables.Python comes with many built-in packages
to interact with the underlying system, such as file operations and device
I/O. Adversaries can use these libraries to download and execute commands
or other scripts as well as perform various malicious behaviors.Zero-Day Exploitation
of Atlassian Confluence [CVE-2022-26134] Unauthenticated RCE vulnerability
- Critical severity. As per Volexity, bash shells were launched by the Confluence
web application process. It had spawned a bash process which spawned a Python
process that in turn spawned a bash shell. Reference: https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence
description: 'Uses the Python spawn function to spawn a sh shell followed by
a bash shell. Per Volexity, this technique was observed in exploitation of
Atlassian Confluence [CVE-2022-26134]. Reference: https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence
'
supported_platforms:
atomics/T1059.006/T1059.006.md
+1 -1
View File
@@ -204,7 +204,7 @@ pip install requests
<br/>
## Atomic Test #4 - Python pty module and spawn function used to spawn sh or bash
ID T1059.006. Adversaries may abuse Python commands and scripts for execution. Python is a very popular scripting/programming language, with capabilities to perform many functions. Python can be executed interactively from the command-line (via the python.exe interpreter) or via scripts (.py) that can be written and distributed to different systems. Python code can also be compiled into binary executables.Python comes with many built-in packages to interact with the underlying system, such as file operations and device I/O. Adversaries can use these libraries to download and execute commands or other scripts as well as perform various malicious behaviors.Zero-Day Exploitation of Atlassian Confluence [CVE-2022-26134] Unauthenticated RCE vulnerability - Critical severity. As per Volexity, bash shells were launched by the Confluence web application process. It had spawned a bash process which spawned a Python process that in turn spawned a bash shell. Reference: https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence
Uses the Python spawn function to spawn a sh shell followed by a bash shell. Per Volexity, this technique was observed in exploitation of Atlassian Confluence [CVE-2022-26134]. Reference: https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence
**Supported Platforms:** Linux