{"description": "Enterprise techniques used by VBShower, ATT&CK software S0442 (v1.0)", "name": "VBShower (S0442)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1071", "showSubtechniques": true}, {"techniqueID": "T1071.001", "comment": "[VBShower](https://attack.mitre.org/software/S0442) has attempted to obtain a VBS script from command and control (C2) nodes over HTTP.(Citation: Kaspersky Cloud Atlas August 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1547", "showSubtechniques": true}, {"techniqueID": "T1547.001", "comment": "[VBShower](https://attack.mitre.org/software/S0442) used HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\[a-f0-9A-F]{8} to maintain persistence.(Citation: Kaspersky Cloud Atlas August 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.005", "comment": "[VBShower](https://attack.mitre.org/software/S0442) has the ability to execute VBScript files.(Citation: Kaspersky Cloud Atlas August 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070", "showSubtechniques": true}, {"techniqueID": "T1070.004", "comment": "[VBShower](https://attack.mitre.org/software/S0442) has attempted to complicate forensic analysis by deleting all the files contained in %APPDATA%\\..\\Local\\Temporary Internet Files\\Content.Word and %APPDATA%\\..\\Local Settings\\Temporary Internet Files\\Content.Word\\.(Citation: Kaspersky Cloud Atlas August 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1105", "comment": "[VBShower](https://attack.mitre.org/software/S0442) has the ability to download VBS files to the target computer.(Citation: Kaspersky Cloud Atlas August 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by VBShower", "color": "#66b1ff"}]}