tccontre
52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
attack_technique: T1124
|
|
display_name: System Time Discovery
|
|
atomic_tests:
|
|
- name: System Time Discovery
|
|
auto_generated_guid: 20aba24b-e61f-4b26-b4ce-4784f763ca20
|
|
description: |
|
|
Identify the system time. Upon execution, the local computer system time and timezone will be displayed.
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
computer_name:
|
|
description: computer name to query
|
|
type: String
|
|
default: localhost
|
|
executor:
|
|
command: |
|
|
net time \\#{computer_name}
|
|
w32tm /tz
|
|
name: command_prompt
|
|
- name: System Time Discovery - PowerShell
|
|
auto_generated_guid: 1d5711d6-655c-4a47-ae9c-6503c74fa877
|
|
description: |
|
|
Identify the system time via PowerShell. Upon execution, the system time will be displayed.
|
|
supported_platforms:
|
|
- windows
|
|
executor:
|
|
command: |
|
|
Get-Date
|
|
name: powershell
|
|
- name: System Time Discovery in macOS
|
|
auto_generated_guid: f449c933-0891-407f-821e-7916a21a1a6f
|
|
description: |
|
|
Identify system time. Upon execution, the local computer system time and timezone will be displayed.
|
|
supported_platforms:
|
|
- macos
|
|
executor:
|
|
command: |
|
|
date
|
|
name: sh
|
|
- name: System Time Discovery W32tm as a Delay
|
|
auto_generated_guid: d5d5a6b0-0f92-42d8-985d-47aafa2dd4db
|
|
description: |
|
|
identifies DCRat delay time tactics using w32tm.
|
|
https://research.splunk.com/endpoint/b2cc69e7-11ba-42dc-a269-59c069a48870/
|
|
https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains
|
|
supported_platforms:
|
|
- windows
|
|
executor:
|
|
command: |
|
|
W32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
|
|
name: command_prompt
|