update scenario code and allow scenario == true

muyenzo · Feb 5, 2018 · 5665692 · 5665692
1 parent f63c6d0
commit 5665692
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/MITRE/Adversarial_Simulation/scenario_example.yml b/MITRE/Adversarial_Simulation/scenario_example.yml
@@ -10,8 +10,8 @@ meta:
   mitre_attack_technique: null
   scenario: True
   scenario_actions:
-    1: MITRE/Discovery/discovery_account.yaml
+    1: MITRE/Discovery/discovery_win_account.yml
     2: MITRE/Credential_Access/credaccess_win_creddump.yml
-    3: MITRE/Execution/execution_regsvr32.yaml
+    3: MITRE/Execution/execution_win_regsvr32.yml
 name: Scenario examples
 uuid: 7da758ce-7c80-4169-a6ed-27abf3e5978f
diff --git a/MITRE/Discovery/discovery_win_account.yml b/MITRE/Discovery/discovery_win_account.yml
@@ -11,7 +11,7 @@ meta:
   mitre_attack_technique: Account Discovery
   purple_actions:
     1: cmd.exe /c net group \"Domain Admins\" /domain
-    2: cmd.exe /c net user /add
+    2: cmd.exe /c net user
     3: cmd.exe /c net user /domain
     4: cmd.exe /c net localgroup administrators
     5: cmd.exe /c net share

diff --git a/run_simulation_yaml.py b/run_simulation_yaml.py
@@ -191,7 +191,7 @@ def parse_yaml(ioc_filename):
             if not scenario:
                 run_uuid(ioc_filename)
             #if the scenario field is found and if it's true run the run_scenario function
-            if scenario == True:
+            if scenario == True or scenario == true:
                 run_scenario(ioc_filename)
         close_log()