Closed jonibim closed 6 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
826971f
) 99.64% compared to head (6c9f1c3
) 99.64%.:exclamation: Current head 6c9f1c3 differs from pull request most recent head c0d7dea. Consider uploading reports for the commit c0d7dea to get more accurate results
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Thank you for submitting this new flow. This is an excellent application of the Attack Flow concepts combined with good writing and clear organization. I'm excited to get this merged into our corpus.
I have a few suggestions that I will leave here, but these are not mandatory. If you have the time and interest to make these adjustments, that's great, otherwise just let me know that you are done and I will merge this into our corpus.
There is a URL object in STIX that you could use here. The infrastructure object is fine, but if you use URL objects it will be easier to extract the URL IOCs.
The direction of the arrow between action and asset indicates if the asset's state is changed or consumed. this example has the asset pointing to the action, which means the action depends on the state of the asset. I think you intended to communicate that the action changes the asset's state (i.e. the new state is "compromised"), so the arrow should point from action to asset.
This condition action appear to be reversed. If the condition "user opens excel attachment" is true, then that would lead to the "User Execution: Malicious File" action.
@mehaase Thank you for your feedback. I implemented your feedback and I as well did some (small) improvements on the attack flow :)
The full details of the changes I did are in the description of my last commit
Kudos, SonarCloud Quality Gate passed!
Thank you @jonibim and my apologies for not seeing this earlier. I have just merged it in.
My first attempt on making an attack flow describing the Maastricht University ransomware attack that happened in 2019. The article are used for building the attack flow (in Dutch): https://www.maastrichtuniversity.nl/nl/file/foxitrapportreactieuniversiteitmaastrichtnl10-02pdf
Please let me know if I missed anything or did something wrong.