Generated docs from job=generate-docs branch=master [ci skip]

redcanaryco · Nov 17, 2023 · 4ef1397 · 4ef1397
1 parent 13252e3
commit 4ef1397
Show file tree

Hide file tree

Showing 22 changed files with 230 additions and 52 deletions.
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
@@ -528,6 +528,7 @@ defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,2
 defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,3,Invoke-WMIExec Pass the Hash,f8757545-b00a-4e4e-8cfb-8cfb961ee713,powershell
 defense-evasion,T1574.002,Hijack Execution Flow: DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 defense-evasion,T1574.002,Hijack Execution Flow: DLL Side-Loading,2,DLL Side-Loading using the dotnet startup hook environment variable,d322cdd7-7d60-46e3-9111-648848da7c02,command_prompt
+defense-evasion,T1055.015,Process Injection: ListPlanting,1,Process injection ListPlanting,4f3c7502-b111-4dfe-8a6e-529307891a59,powershell
 defense-evasion,T1220,XSL Script Processing,1,MSXSL Bypass using local files,ca23bfb2-023f-49c5-8802-e66997de462d,command_prompt
 defense-evasion,T1220,XSL Script Processing,2,MSXSL Bypass using remote files,a7c3ab07-52fb-49c8-ab6d-e9c6d4a0a985,command_prompt
 defense-evasion,T1220,XSL Script Processing,3,WMIC bypass using local XSL file,1b237334-3e21-4a0c-8178-b8c996124988,command_prompt
@@ -794,6 +795,7 @@ privilege-escalation,T1574.002,Hijack Execution Flow: DLL Side-Loading,1,DLL Sid
 privilege-escalation,T1574.002,Hijack Execution Flow: DLL Side-Loading,2,DLL Side-Loading using the dotnet startup hook environment variable,d322cdd7-7d60-46e3-9111-648848da7c02,command_prompt
 privilege-escalation,T1098.002,Account Manipulation: Additional Email Delegate Permissions,1,EXO - Full access mailbox permission granted to a user,17d046be-fdd0-4cbb-b5c7-55c85d9d0714,powershell
 privilege-escalation,T1037.001,Boot or Logon Initialization Scripts: Logon Script (Windows),1,Logon Scripts,d6042746-07d4-4c92-9ad8-e644c114a231,command_prompt
+privilege-escalation,T1055.015,Process Injection: ListPlanting,1,Process injection ListPlanting,4f3c7502-b111-4dfe-8a6e-529307891a59,powershell
 privilege-escalation,T1547.008,Boot or Logon Autostart Execution: LSASS Driver,1,Modify Registry to load Arbitrary DLL into LSASS - LsaDbExtPt,8ecef16d-d289-46b4-917b-0dba6dc81cf1,powershell
 privilege-escalation,T1078.004,Valid Accounts: Cloud Accounts,1,Creating GCP Service Account and Service Account Key,9fdd83fd-bd53-46e5-a716-9dec89c8ae8e,sh
 privilege-escalation,T1078.004,Valid Accounts: Cloud Accounts,2,Azure Persistence Automation Runbook Created or Modified,348f4d14-4bd3-4f6b-bd8a-61237f78b3ac,powershell

diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -344,6 +344,7 @@ defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,2
 defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,3,Invoke-WMIExec Pass the Hash,f8757545-b00a-4e4e-8cfb-8cfb961ee713,powershell
 defense-evasion,T1574.002,Hijack Execution Flow: DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 defense-evasion,T1574.002,Hijack Execution Flow: DLL Side-Loading,2,DLL Side-Loading using the dotnet startup hook environment variable,d322cdd7-7d60-46e3-9111-648848da7c02,command_prompt
+defense-evasion,T1055.015,Process Injection: ListPlanting,1,Process injection ListPlanting,4f3c7502-b111-4dfe-8a6e-529307891a59,powershell
 defense-evasion,T1220,XSL Script Processing,1,MSXSL Bypass using local files,ca23bfb2-023f-49c5-8802-e66997de462d,command_prompt
 defense-evasion,T1220,XSL Script Processing,2,MSXSL Bypass using remote files,a7c3ab07-52fb-49c8-ab6d-e9c6d4a0a985,command_prompt
 defense-evasion,T1220,XSL Script Processing,3,WMIC bypass using local XSL file,1b237334-3e21-4a0c-8178-b8c996124988,command_prompt
@@ -514,6 +515,7 @@ privilege-escalation,T1546.002,Event Triggered Execution: Screensaver,1,Set Arbi
 privilege-escalation,T1574.002,Hijack Execution Flow: DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 privilege-escalation,T1574.002,Hijack Execution Flow: DLL Side-Loading,2,DLL Side-Loading using the dotnet startup hook environment variable,d322cdd7-7d60-46e3-9111-648848da7c02,command_prompt
 privilege-escalation,T1037.001,Boot or Logon Initialization Scripts: Logon Script (Windows),1,Logon Scripts,d6042746-07d4-4c92-9ad8-e644c114a231,command_prompt
+privilege-escalation,T1055.015,Process Injection: ListPlanting,1,Process injection ListPlanting,4f3c7502-b111-4dfe-8a6e-529307891a59,powershell
 privilege-escalation,T1547.008,Boot or Logon Autostart Execution: LSASS Driver,1,Modify Registry to load Arbitrary DLL into LSASS - LsaDbExtPt,8ecef16d-d289-46b4-917b-0dba6dc81cf1,powershell
 privilege-escalation,T1053.002,Scheduled Task/Job: At,1,At.exe Scheduled task,4a6c0dc4-0f2a-4203-9298-a5a9bdc21ed8,command_prompt
 privilege-escalation,T1055.001,Process Injection: Dynamic-link Library Injection,1,Process Injection via mavinject.exe,74496461-11a1-4982-b439-4d87a550d254,powershell

diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
@@ -743,7 +743,8 @@
 - T1126 Network Share Connection Removal [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1055.008 Ptrace System Calls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.007 Dynamic API Resolution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
-- T1055.015 ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
+- [T1055.015 Process Injection: ListPlanting](../../T1055.015/T1055.015.md)
+  - Atomic Test #1: Process injection ListPlanting [windows]
 - T1484 Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1220 XSL Script Processing](../../T1220/T1220.md)
   - Atomic Test #1: MSXSL Bypass using local files [windows]
@@ -1158,7 +1159,8 @@
 - T1055.008 Ptrace System Calls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1037.001 Boot or Logon Initialization Scripts: Logon Script (Windows)](../../T1037.001/T1037.001.md)
   - Atomic Test #1: Logon Scripts [windows]
-- T1055.015 ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
+- [T1055.015 Process Injection: ListPlanting](../../T1055.015/T1055.015.md)
+  - Atomic Test #1: Process injection ListPlanting [windows]
 - T1484 Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1547.008 Boot or Logon Autostart Execution: LSASS Driver](../../T1547.008/T1547.008.md)
   - Atomic Test #1: Modify Registry to load Arbitrary DLL into LSASS - LsaDbExtPt [windows]

diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -511,7 +511,8 @@
   - Atomic Test #2: DLL Side-Loading using the dotnet startup hook environment variable [windows]
 - T1126 Network Share Connection Removal [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.007 Dynamic API Resolution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
-- T1055.015 ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
+- [T1055.015 Process Injection: ListPlanting](../../T1055.015/T1055.015.md)
+  - Atomic Test #1: Process injection ListPlanting [windows]
 - T1484 Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1220 XSL Script Processing](../../T1220/T1220.md)
   - Atomic Test #1: MSXSL Bypass using local files [windows]
@@ -783,7 +784,8 @@
 - T1098.002 Account Manipulation: Additional Email Delegate Permissions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1037.001 Boot or Logon Initialization Scripts: Logon Script (Windows)](../../T1037.001/T1037.001.md)
   - Atomic Test #1: Logon Scripts [windows]
-- T1055.015 ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
+- [T1055.015 Process Injection: ListPlanting](../../T1055.015/T1055.015.md)
+  - Atomic Test #1: Process injection ListPlanting [windows]
 - T1484 Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1547.008 Boot or Logon Autostart Execution: LSASS Driver](../../T1547.008/T1547.008.md)
   - Atomic Test #1: Modify Registry to load Arbitrary DLL into LSASS - LsaDbExtPt [windows]

diff --git a/atomics/Indexes/Matrices/matrix.md b/atomics/Indexes/Matrices/matrix.md
@@ -125,7 +125,7 @@
 |  |  | [Event Triggered Execution](../../T1546/T1546.md) | Launch Daemon [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Pre-OS Boot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | [Event Triggered Execution: .bash_profile .bashrc and .shrc](../../T1546.004/T1546.004.md) | Ptrace System Calls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scripting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | [Authentication Package](../../T1547.002/T1547.002.md) | [Boot or Logon Initialization Scripts: Logon Script (Windows)](../../T1037.001/T1037.001.md) | [Build Image on Host](../../T1612/T1612.md) |  |  |  |  |  |  |  |
-|  |  | Netsh Helper DLL [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Process Injection: Portable Executable Injection](../../T1055.002/T1055.002.md) |  |  |  |  |  |  |  |
+|  |  | Netsh Helper DLL [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Process Injection: ListPlanting](../../T1055.015/T1055.015.md) | [Process Injection: Portable Executable Injection](../../T1055.002/T1055.002.md) |  |  |  |  |  |  |  |
 |  |  | [Event Triggered Execution: Component Object Model Hijacking](../../T1546.015/T1546.015.md) | Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Verclsid [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | [Office Application Startup: Outlook Home Page](../../T1137.004/T1137.004.md) | [Boot or Logon Autostart Execution: LSASS Driver](../../T1547.008/T1547.008.md) | Downgrade Attack [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | [Hijack Execution Flow: Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | [Valid Accounts: Cloud Accounts](../../T1078.004/T1078.004.md) | Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
@@ -215,7 +215,7 @@
 |  |  |  |  | Network Share Connection Removal [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  |  |  | Ptrace System Calls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  |  |  | Dynamic API Resolution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
-|  |  |  |  | ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
+|  |  |  |  | [Process Injection: ListPlanting](../../T1055.015/T1055.015.md) |  |  |  |  |  |  |  |
 |  |  |  |  | Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  |  |  | [XSL Script Processing](../../T1220/T1220.md) |  |  |  |  |  |  |  |
 |  |  |  |  | [Hide Artifacts: Hidden Files and Directories](../../T1564.001/T1564.001.md) |  |  |  |  |  |  |  |

diff --git a/atomics/Indexes/Matrices/windows-matrix.md b/atomics/Indexes/Matrices/windows-matrix.md
@@ -84,7 +84,7 @@
 |  |  | KernelCallbackTable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Hijack Execution Flow: DLL Side-Loading](../../T1574.002/T1574.002.md) | Software Packing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | Outlook Forms [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Account Manipulation: Additional Email Delegate Permissions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Process Doppelgänging [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Boot or Logon Initialization Scripts: Logon Script (Windows)](../../T1037.001/T1037.001.md) | Executable Installer File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
-|  |  | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | SIP and Trust Provider Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
+|  |  | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Process Injection: ListPlanting](../../T1055.015/T1055.015.md) | SIP and Trust Provider Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | Multi-Factor Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Impair Defenses: Indicator Blocking](../../T1562.006/T1562.006.md) |  |  |  |  |  |  |  |
 |  |  | [IIS Components](../../T1505.004/T1505.004.md) | [Boot or Logon Autostart Execution: LSASS Driver](../../T1547.008/T1547.008.md) | Right-to-Left Override [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | [Event Triggered Execution](../../T1546/T1546.md) | [Scheduled Task/Job: At](../../T1053.002/T1053.002.md) | Component Firmware [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
@@ -167,7 +167,7 @@
 |  |  |  |  | [Hijack Execution Flow: DLL Side-Loading](../../T1574.002/T1574.002.md) |  |  |  |  |  |  |  |
 |  |  |  |  | Network Share Connection Removal [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  |  |  | Dynamic API Resolution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
-|  |  |  |  | ListPlanting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
+|  |  |  |  | [Process Injection: ListPlanting](../../T1055.015/T1055.015.md) |  |  |  |  |  |  |  |
 |  |  |  |  | Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  |  |  | [XSL Script Processing](../../T1220/T1220.md) |  |  |  |  |  |  |  |
 |  |  |  |  | [Hide Artifacts: Hidden Files and Directories](../../T1564.001/T1564.001.md) |  |  |  |  |  |  |  |

diff --git a/atomics/Indexes/azure-ad-index.yaml b/atomics/Indexes/azure-ad-index.yaml
@@ -15403,7 +15403,7 @@ defense-evasion:
         description: 'Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE
           HIDDEN PART OF THE STORY. Retrieved July 16, 2020.'
       modified: '2022-03-08T20:59:20.762Z'
-      name: ListPlanting
+      name: 'Process Injection: ListPlanting'
       description: "Adversaries may abuse list-view controls to inject malicious code
         into hijacked processes in order to evade process-based defenses as well as
         possibly elevate privileges. ListPlanting is a method of executing arbitrary
@@ -15458,6 +15458,7 @@ defense-evasion:
       - 'Process: OS API Execution'
       x_mitre_permissions_required:
       - User
+      identifier: T1055.015
     atomic_tests: []
   T1484:
     technique:
@@ -27653,7 +27654,7 @@ privilege-escalation:
         description: 'Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE
           HIDDEN PART OF THE STORY. Retrieved July 16, 2020.'
       modified: '2022-03-08T20:59:20.762Z'
-      name: ListPlanting
+      name: 'Process Injection: ListPlanting'
       description: "Adversaries may abuse list-view controls to inject malicious code
         into hijacked processes in order to evade process-based defenses as well as
         possibly elevate privileges. ListPlanting is a method of executing arbitrary
@@ -27708,6 +27709,7 @@ privilege-escalation:
       - 'Process: OS API Execution'
       x_mitre_permissions_required:
       - User
+      identifier: T1055.015
     atomic_tests: []
   T1484:
     technique:

diff --git a/atomics/Indexes/containers-index.yaml b/atomics/Indexes/containers-index.yaml
@@ -15378,7 +15378,7 @@ defense-evasion:
         description: 'Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE
           HIDDEN PART OF THE STORY. Retrieved July 16, 2020.'
       modified: '2022-03-08T20:59:20.762Z'
-      name: ListPlanting
+      name: 'Process Injection: ListPlanting'
       description: "Adversaries may abuse list-view controls to inject malicious code
         into hijacked processes in order to evade process-based defenses as well as
         possibly elevate privileges. ListPlanting is a method of executing arbitrary
@@ -15433,6 +15433,7 @@ defense-evasion:
       - 'Process: OS API Execution'
       x_mitre_permissions_required:
       - User
+      identifier: T1055.015
     atomic_tests: []
   T1484:
     technique:
@@ -27266,7 +27267,7 @@ privilege-escalation:
         description: 'Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE
           HIDDEN PART OF THE STORY. Retrieved July 16, 2020.'
       modified: '2022-03-08T20:59:20.762Z'
-      name: ListPlanting
+      name: 'Process Injection: ListPlanting'
       description: "Adversaries may abuse list-view controls to inject malicious code
         into hijacked processes in order to evade process-based defenses as well as
         possibly elevate privileges. ListPlanting is a method of executing arbitrary
@@ -27321,6 +27322,7 @@ privilege-escalation:
       - 'Process: OS API Execution'
       x_mitre_permissions_required:
       - User
+      identifier: T1055.015
     atomic_tests: []
   T1484:
     technique:

diff --git a/atomics/Indexes/google-workspace-index.yaml b/atomics/Indexes/google-workspace-index.yaml
@@ -15307,7 +15307,7 @@ defense-evasion:
         description: 'Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE
           HIDDEN PART OF THE STORY. Retrieved July 16, 2020.'
       modified: '2022-03-08T20:59:20.762Z'
-      name: ListPlanting
+      name: 'Process Injection: ListPlanting'
       description: "Adversaries may abuse list-view controls to inject malicious code
         into hijacked processes in order to evade process-based defenses as well as
         possibly elevate privileges. ListPlanting is a method of executing arbitrary
@@ -15362,6 +15362,7 @@ defense-evasion:
       - 'Process: OS API Execution'
       x_mitre_permissions_required:
       - User
+      identifier: T1055.015
     atomic_tests: []
   T1484:
     technique:
@@ -27020,7 +27021,7 @@ privilege-escalation:
         description: 'Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE
           HIDDEN PART OF THE STORY. Retrieved July 16, 2020.'
       modified: '2022-03-08T20:59:20.762Z'
-      name: ListPlanting
+      name: 'Process Injection: ListPlanting'
       description: "Adversaries may abuse list-view controls to inject malicious code
         into hijacked processes in order to evade process-based defenses as well as
         possibly elevate privileges. ListPlanting is a method of executing arbitrary
@@ -27075,6 +27076,7 @@ privilege-escalation:
       - 'Process: OS API Execution'
       x_mitre_permissions_required:
       - User
+      identifier: T1055.015
     atomic_tests: []
   T1484:
     technique: