Professional Documents
Culture Documents
Generated on 2023-04-25T13:16:32Z
This document covers the overall campaign analytics made up of the selected set of operations. The
below sections contain general metadata about the selected operations as well as graphical views of
the operations, the techniques and tactics used, and the facts discovered by the operations. The
following sections include a more in depth review of each specific operation ran.
STATISTICS
An operation's planner makes up the decision making process. It contains logic for how a running
operation should make decisions about which abilities to use and in what order. An objective is a
collection of fact targets, called goals, which can be tied to adversaries. During the course of an
operation, every time the planner is evaluated, the current objective status is evaluated in light of the
current knowledge of the operation, with the operation completing should all goals be met.
AGENTS
The table below displays information about the agents used. An agent's paw is the unique identifier, or
paw print, of an agent. Also included are the username of the user who executed the agent, the
privilege level of the agent process, and the name of the agent executable.
Page 1
OPERATIONS DEBRIEF
server
upa$root linux
WIN-1RE7BLRQC2T$WIN-1RE7BLRQC2T\Administrador windows
ubuntu-16$root
C2 Server
upa$upa
WIN-1RE7BLRQC2T$WIN-1RE7BLRQC2T\Administrador
upa$root
upa$root
STEPS GRAPH
This is a graphical display of the agents connected to the command and control (C2), the operations
run, and the steps of each operation as they relate to the agents.
windows - discovery
Legend
ubuntu-16$root
WIN-1RE7BLRQC2T$WIN-1RE7BLRQC2T\Administrador server
C2 Server linux
windows
upa$root
operation
windows - discovery (25/4/2023, 10:14:07)
discovery
upa$root defense-evasion
WIN-1RE7BLRQC2T$WIN-1RE7BLRQC2T\Administrador
credential-access
upa$upa
upa$root
execution
windows - discovery (25/4/2023, 10:13:12) asdasdasd (25/4/2023, 10:08:32)
Page 2
OPERATIONS DEBRIEF
TACTIC GRAPH
This graph displays the order of tactics executed by the operation. A tactic explains the general
purpose or the "why" of a step.
windows - discovery (25/4/2023, 10:14:07)
Legend
operation
defense-evasion
discovery
credential-access
credential-access
execution
windows - discovery
discovery
defense-evasion defense-evasion
windows - discovery (25/4/2023, 10:13:12)
execution
credential-access
TECHNIQUE GRAPH
This graph displays the order of techniques executed by the operation. A technique explains the
technical method or the "how" of a step.
Modify Registry
operation
technique_name
Account Discovery: Local Account
windows - discovery
Unsecured Credentials: Private Keys
Account Discovery: Domain Account
asdasdasd (25/4/2023, 10:08:32)
Virtualization/Sandbox Evasion: Time Based Evasion
Page 3
OPERATIONS DEBRIEF
FACT GRAPH
This graph displays the facts discovered by the operations run. Facts are attached to the operation
where they were discovered. Facts are also attached to the facts that led to their discovery. For
readability, only the first 15 facts discovered in an operation are included in the graph.
host.user.name
file.sensitive.extension
Legend
operation
host.user.name
server.malicious.url host.user.name
fact
host.user.name
12 file.sensitive.extension
4 server.malicious.url
51 host.user.name
1 domain.user.name
file.sensitive.extension
server.malicious.url asdasdasd (25/4/2023, 10:08:32)
host.user.name
file.sensitive.extension host.user.name
file.sensitive.extension
windows - discovery (25/4/2023, 10:14:07)
file.sensitive.extension domain.user.name
host.user.name
file.sensitive.extension server.malicious.url
file.sensitive.extension
host.user.name
file.sensitive.extension
host.user.name
file.sensitive.extension
file.sensitive.extension
windows - discovery
server.malicious.url
file.sensitive.extension
Page 4
OPERATIONS DEBRIEF
Page 5
OPERATIONS DEBRIEF
2023-04-25 success uldkmv Find local cut -d: -f1 /etc/passwd | grep -v '_' | grep -v '#' Yes
T13:09:44Z users
2023-04-25 success ecamvk Find local cut -d: -f1 /etc/passwd | grep -v '_' | grep -v '#' Yes
T13:09:40Z users
Page 6
OPERATIONS DEBRIEF
Page 7
OPERATIONS DEBRIEF
Page 8
OPERATIONS DEBRIEF
Page 9
OPERATIONS DEBRIEF
Page 10
OPERATIONS DEBRIEF
Page 11