chg: [o365-exchange-techniques] Compromise row added (WiP)

2024-11-22 23:07:19 +00:00 · 2019-05-12 12:07:30 +02:00 · 2019-05-12 12:07:30 +02:00 · 3a75c6a3df
commit 3a75c6a3df
parent a2df5c46d8
1 changed files with 80 additions and 0 deletions
--- a/clusters/o365-exchange-techniques.json
+++ b/clusters/o365-exchange-techniques.json
@ -109,6 +109,86 @@
      },
      "uuid": "f227caf6-9399-4ac3-bab4-010f66853abb",
      "value": "On-Prem Exchange - OWA version discovery"
+    },
+    {
+      "description": "AAD - Password Spray: MailSniper",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "933ec08d-a6d4-4ced-b732-4cb0331e7799",
+      "value": "AAD - Password Spray: MailSniper"
+    },
+    {
+      "description": "AAD - Password Spray: CredKing",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "5670ca90-38cd-4825-bd83-1bdb31fd5ea3",
+      "value": "AAD - Password Spray: CredKing"
+    },
+    {
+      "description": "O365 - Bruteforce of Autodiscover: SensePost Ruler",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "d66c1ead-4dd3-4968-b6fe-faf41b7fb88d",
+      "value": "O365 - Bruteforce of Autodiscover: SensePost Ruler"
+    },
+    {
+      "description": "O365 - Phishing for credentials",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "eda57f15-029c-4465-9401-f9dafc6d366c",
+      "value": "O365 - Phishing for credentials"
+    },
+    {
+      "description": "O365 - Phishing using OAuth app",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "61589df6-6848-4866-8613-8a4a7478abef",
+      "value": "O365 - Phishing using OAuth app"
+    },
+    {
+      "description": "O365 - 2FA MITM Phishing: evilginx2",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "fa1087c8-012d-4ef6-9eb3-5b5a6fb94c02",
+      "value": "O365 - 2FA MITM Phishing: evilginx2"
+    },
+    {
+      "description": "On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "8ffe80b9-0213-40c6-aeca-8877bdca8741",
+      "value": "On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS"
+    },
+    {
+      "description": "On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler",
+      "meta": {
+        "kill_chain": [
+          "tactics:Compromise"
+        ]
+      },
+      "uuid": "cf8df948-0332-4ec7-94f3-3f6d54bbcbb9",
+      "value": "On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler"
    }
  ],
  "version": 1