Poisoned Scripts

Goal: Disrupt attacker operations by injecting deceptive code into scripts downloaded from developer machines.

Approach: Manipulating scripts to deliver misleading information or disrupt execution.

If an attacker compromises a developer’s machine and downloads scripts or code, inject subtle errors, delays, or misleading functions into those files. This can cause the attacker’s tools to malfunction or lead them down false paths.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0014 Software Manipulation, EAC0015 Information Manipulation

Name of Element: Poisoned Scripts

Description of Element:

Goal: Disrupt attacker operations by injecting deceptive code into scripts downloaded from developer machines.

Approach: Manipulating scripts to deliver misleading information or disrupt execution.

If an attacker compromises a developer’s machine and downloads scripts or code, inject subtle errors, delays, or misleading functions into those files. This can cause the attacker’s tools to malfunction or lead them down false paths.

Technical Context:

This element requires the ability to monitor and modify outbound traffic from developer machines. It can be implemented through network security tools, endpoint agents, or even by manipulating code repositories. This aligns with the MITRE ATT&CK technique T1584.003 (Domain Generation Algorithms (DGA): DNS calculation).

Other:

This element can be particularly effective against attackers who rely on stolen code or scripts for their operations.

Leave a Reply