Merge pull request #776 from MBCProject/6/2023-mbc-update

communication/http/reference-http-user-agent-string.yml

@@ -6,6 +6,8 @@ rule:
     authors:
       - "@mr-tz"
     scope: function
+    mbc:
+      - Communication::HTTP Communication [C0002]
     references:
       - https://www.useragents.me/
       - https://www.whatismybrowser.com/guides/the-latest-user-agent/

communication/socket/create-raw-socket.yml

@@ -6,6 +6,8 @@ rule:
     authors:
       - [email protected]
     scope: basic block
+    mbc:
+      - Communication::Socket Communication::Create Socket [C0001.003]
     references:
       - https://learn.microsoft.com/en-us/windows/win32/winsock/tcp-ip-raw-sockets-2
       - https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-socket

data-manipulation/compression/compress-data-via-zlib-inflate-or-deflate.yml

@@ -6,6 +6,8 @@ rule:
     authors:
       - [email protected]
     scope: function
+    mbc:
+      - Data::Compress Data [C0024]
     references:
       - https://github.com/madler/zlib/blob/cacf7f1d4e3d44d871b605da3b647f07d718623f/inflate.c#L622
       - https://github.com/madler/zlib/blob/cacf7f1d4e3d44d871b605da3b647f07d718623f/deflate.c#L763

host-interaction/process/inject/inject-apc.yml

@@ -7,6 +7,8 @@ rule:
     scope: function
     att&ck:
       - Defense Evasion::Process Injection::Asynchronous Procedure Call [T1055.004]
+    mbc:
+      - Defense Evasion::Process Injection::Asynchronous Procedure Call [E1055.004]
     examples:
       - al-khaser_x64.exe_:0x140019348
   features:

impact/wipe-disk/wipe-mbr/overwrite-master-boot-record-mbr.yml

@@ -7,6 +7,8 @@ rule:
     scope: function
     att&ck:
       - Impact::Disk Wipe::Disk Structure Wipe [T1561.002]
+    mbc:
+      - Impact::Disk Wipe [F0014]
     examples:
       - 39C05B15E9834AC93F206BC114D0A00C357C888DB567BA8F5345DA0529CBED41:0x100070A0
   features: