{"description": "Enterprise techniques used by Disco, ATT&CK software S1088 (v1.0)", "name": "Disco (S1088)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1071", "showSubtechniques": true}, {"techniqueID": "T1071.002", "comment": "[Disco](https://attack.mitre.org/software/S1088) can use SMB to transfer files.(Citation: MoustachedBouncer ESET August 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1659", "comment": "[Disco](https://attack.mitre.org/software/S1088) has achieved initial access and execution through content injection into DNS,  HTTP, and SMB replies to targeted hosts that redirect them to download malicious files.(Citation: MoustachedBouncer ESET August 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1105", "comment": "[Disco](https://attack.mitre.org/software/S1088) can download files to targeted systems via SMB.(Citation: MoustachedBouncer ESET August 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1053", "showSubtechniques": true}, {"techniqueID": "T1053.005", "comment": "[Disco](https://attack.mitre.org/software/S1088) can create a scheduled task to run every minute for persistence.(Citation: MoustachedBouncer ESET August 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1204", "showSubtechniques": true}, {"techniqueID": "T1204.002", "comment": "[Disco](https://attack.mitre.org/software/S1088) has been executed through inducing user interaction with malicious .zip and .msi files.(Citation: MoustachedBouncer ESET August 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Disco", "color": "#66b1ff"}]}