Home >
ICS >
Participants >
Armis >
Command and Scripting Interpreter (T1059)
|
|
TRITON |
||||
Step | ATT&CK Pattern |
|
||
6.A.1
![]() |
Tactic Execution (TA0104) |
|
||
9.A.1
![]() |
Tactic Execution (TA0104) |
|
||
9.B.1
![]() |
Tactic Execution (TA0104) |
|
||
9.C.1
![]() |
Tactic Execution (TA0104) |
|
||
9.D.1
![]() |
Tactic Execution (TA0104) |
|
||
9.E.1
![]() |
Tactic Execution (TA0104) |
|
||
11.B.1
![]() |
Tactic Execution (TA0104) |
|
||
16.A.1
![]() |
Tactic Execution (TA0104) |
|
||
16.B.1
![]() |
Tactic Execution (TA0104) |
|
||
16.C.1
![]() |
Tactic Execution (TA0104) |
|
||
16.D.1
![]() |
Tactic Execution (TA0104) |
|
||
20.A.1
![]() |
Tactic Execution (TA0104) |
|
||
20.B.1
![]() |
Tactic Execution (TA0104) |
|
||
20.C.1
![]() |
Tactic Execution (TA0104) |
|
||
20.D.1
![]() |
Tactic Execution (TA0104) |
|
||
21.E.1
![]() |
Tactic Execution (TA0104) |
|
||
21.F.1
![]() |
Tactic Execution (TA0104) |
|
||
22.A.1
![]() |
Tactic Execution (TA0104) |
|
||
22.B.1
![]() |
Tactic Execution (TA0104) |
|
||
24.A.1
![]() |
Tactic Execution (TA0104) |
|
||
24.B.1
![]() |
Tactic Execution (TA0104) |
|
||
24.C.1
![]() |
Tactic Execution (TA0104) |
|
||
25.E.1
![]() |
Tactic Execution (TA0104) |
|
||
25.G.1
![]() |
Tactic Execution (TA0104) |
|
Criteria
Evidence that the "install-csp.ps1" script was executed on the control EWS (10.0.100.20) via PowerShell (using the bypass execution policy).
Criteria
Evidence that the "install-csp.ps1" script was executed on the safety EWS (10.0.100.15) via PowerShell (using the bypass execution policy).