{"description": "Enterprise techniques used by StreamEx, ATT&CK software S0142 (v1.1)", "name": "StreamEx (S0142)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.003", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) has the ability to remotely execute commands.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1543", "showSubtechniques": true}, {"techniqueID": "T1543.003", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1083", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) has the ability to enumerate drive types.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1112", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) has the ability to modify the Registry.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1027", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1057", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) has the ability to enumerate processes.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1518", "showSubtechniques": true}, {"techniqueID": "T1518.001", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) has the ability to scan for security tools such as firewalls and antivirus tools.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1218", "showSubtechniques": true}, {"techniqueID": "T1218.011", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) uses rundll32 to call an exported function.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1082", "comment": "[StreamEx](https://attack.mitre.org/software/S0142) has the ability to enumerate system information.(Citation: Cylance Shell Crew Feb 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by StreamEx", "color": "#66b1ff"}]}