From e7a0f733e5b23f8c070c38890680a3de753d3446 Mon Sep 17 00:00:00 2001 From: ianwalkersmithciticom Date: Tue, 26 Nov 2024 11:12:44 -0300 Subject: [PATCH 1/5] db backup restore threat --- services/database/relational/threats.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index 6e70ed5f..5af15434 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -91,3 +91,11 @@ threats: - CCC.F06 mitre_technique: - T1556 + + - id: CCC.RDMS.TH14 + title: DB backup is uninentionally restored + description: A threat actor restores a database backup thereby destroying data. + features: + - CCC.F11 + mitre_technique: + - T1485 \ No newline at end of file From ab6c05dfaa51b4dda3268e9fe2a85a3f04482051 Mon Sep 17 00:00:00 2001 From: ianwalkersmithciticom Date: Tue, 26 Nov 2024 11:21:40 -0300 Subject: [PATCH 2/5] db backup restore threat2 --- services/database/relational/threats.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index 5af15434..ecdf3d5c 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -98,4 +98,4 @@ threats: features: - CCC.F11 mitre_technique: - - T1485 \ No newline at end of file + - T1485 From e4f7c8293ee2a89a9d857145c0b31db2ddd06728 Mon Sep 17 00:00:00 2001 From: ianwalkersmithciticom Date: Tue, 26 Nov 2024 11:49:11 -0300 Subject: [PATCH 3/5] db user brute force --- services/database/relational/threats.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index ecdf3d5c..186a4c7f 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -99,3 +99,11 @@ threats: - CCC.F11 mitre_technique: - T1485 + + - id: CCC.RDMS.TH15 + title: brute force attack against the database + description: threat actor uses brute force attack to discover database user password, threat actor then has access to the database user + features: + - CCC.RDMS.F07 + mitre_technique: + - T1110 From 42cbd9ac2b5236a4baecdaeb19239cb4a77736ff Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Tue, 26 Nov 2024 07:35:57 -0800 Subject: [PATCH 4/5] Update services/database/relational/threats.yaml --- services/database/relational/threats.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index 186a4c7f..de48743a 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -102,7 +102,9 @@ threats: - id: CCC.RDMS.TH15 title: brute force attack against the database - description: threat actor uses brute force attack to discover database user password, threat actor then has access to the database user + description: threat actor uses brute force attack to discover + database user password, threat actor then has access to the + database user features: - CCC.RDMS.F07 mitre_technique: From 1418b1fa5b3bb77fd208bf0a1ab892cb5d56b25a Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Tue, 26 Nov 2024 07:44:28 -0800 Subject: [PATCH 5/5] Update services/database/relational/threats.yaml --- services/database/relational/threats.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index de48743a..9deacba3 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -102,9 +102,10 @@ threats: - id: CCC.RDMS.TH15 title: brute force attack against the database - description: threat actor uses brute force attack to discover - database user password, threat actor then has access to the - database user + description: | + threat actor uses brute force attack to discover + database user password, threat actor then has access to the + database user features: - CCC.RDMS.F07 mitre_technique: