For example, adversaries regularly supply malicious PowerShell code as command-line arguments via the -Command and -EncodedCommand parameters. It is useful information for defenders as it can reveal contextual clues about the execution of a suspicious process. As a result, we use the term “process command line” in this article to refer to the data source component that MITRE would later categorize as “ command execution.”Ĭommand line refers to the arguments that are passed to an executable process in Windows. EDITOR’S NOTE: We initially published this article before MITRE significantly updated ATT&CK data sources and components.
0 Comments
Leave a Reply. |