<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1529

          術語表: /attack/glossary

          系統關機/重啟

          攻擊者可以關閉/重啟系統,以中斷對這些系統的訪問或幫助破壞這些系統。操作系統可能包含用于啟動計算機關閉/重新引導的命令。在某些情況下,這些命令還可用于啟動遠程計算機的關閉/重新啟動。關閉或重新啟動系統可能會干擾合法用戶對計算機資源的訪問。

          攻擊者可能會以其他方式(例如磁盤結構擦除或禁止系統恢復)影響系統后,嘗試關閉/重新引導系統,以加快對系統可用性的預期影響。

          System Shutdown/Reboot

          Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.

          Adversaries may attempt to shutdown/reboot a system after impacting it in other ways, such as Disk Structure Wipe or Inhibit System Recovery, to hasten the intended effects on system availability

          標簽

          ID編號: T1529

          策略: 影響

          平臺: Linux,macOS,Windows

          所需權限: user,administrator,root,SYSTEM

          數據源: Windows事件日志,進程命令行參數,進程監視

          影響類型: 可用性

          程序示例

          名稱 描述
          APT37 (G0067) APT37使用了惡意軟件,該惡意軟件會shutdown /r/t 1在擦除MBR后發出命令以重新引導系統。
          APT38 (G0082) APT38使用了一個名為BOOTWRECK的自定義MBR抽頭,它將在擦除受害者的MBR之后啟動系統重啟。
          Lazarus Group (G0032) Lazarus Group在銷毀文件并清除了受感染系統上的MBR之后已重新啟動系統。
          LockerGoga (S0372) 已經發現LockerGoga關閉了受感染的系統。
          NotPetya (S0368) 感染一小時后,NotPetya將重新啟動系統。
          Olympic Destroyer (S0365) 在完成系統配置設置的修改后,Olympic Destroyer將關閉受感染的系統。
          Name Description
          APT37 (G0067) APT37 has used malware that will issue the command shutdown /r /t 1 to reboot a system after wiping its MBR.
          APT38 (G0082) APT38 has used a custom MBR wiper named BOOTWRECK, which will initiate a system reboot after wiping the victim's MBR.
          Lazarus Group (G0032) Lazarus Group has rebooted systems after destroying files and wiping the MBR on infected systems.
          LockerGoga (S0372) LockerGoga has been observed shutting down infected systems.
          NotPetya (S0368) NotPetya (S0368)will reboot the system one hour after infection.
          Olympic Destroyer (S0365)Olympic Destroyer will shut down the compromised system after it is done modifying system configuration settings.

          緩解措施

          這種攻擊技術無法通過預防性控制輕松緩解,因為它基于濫用系統功能。

          This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

          檢測

          使用進程監視來監視與關閉或重新引導系統有關的二進制文件的執行和命令行參數。Windows事件日志也可以指定與關機/重新啟動相關的活動。事件ID 1074和6006。

          Use process monitoring to monitor the execution and command line parameters of binaries involved in shutting down or rebooting systems. Windows event logs may also designate activity associated with a shutdown/reboot, ex. Event ID 1074 and 6006.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看