Public/Get-AttckMalware.ps1
<# .SYNOPSIS Get-AttckMalware gives the user access to all Malware defined within the Mitre ATT&CK framework .DESCRIPTION Get-AttckMalware can access all Malware defined within the Mitre ATT&CK framework. You can also select a single Malware object by providing a Name value .PARAMETER Name A argument completer parameter to retrieve data about a specific Malware by Name .EXAMPLE Access All Malware Information C:/> Get-AttckMalware .EXAMPLE Retrieve a specific Malware by Name C:/> Get-AttckMalware -Name 'Agent Tesla' .EXAMPLE Retrieve which actors use all or specific piece of Malware C:/> (Get-AttckMalware -Name 'Agent Tesla').Actors() .EXAMPLE Retrieve which techniques apply to a specific piece of Malware C:/> (Get-AttckMalware -Name 'Agent Tesla').Techniques() .EXAMPLE Retrieve a Malware by Id C:/> Get-AttckMitigation -Id 'S0071' .OUTPUTS PSAttck.Enterprise.Malware .NOTES Created By: Josh Rickard (MSAdministrator) Date: 21JAN2020 #> function Get-AttckMalware { [CmdletBinding(DefaultParameterSetName='malware', PositionalBinding=$false, HelpUri = 'http://www.microsoft.com/')] Param ( # Get a Malware object by name [Parameter(Mandatory=$false, Position=0, ValueFromPipeline=$true, ParameterSetName='malware')] [string] $Name, # Get a Malware object by id [Parameter(Mandatory=$false, Position=1, ValueFromPipeline=$true, ParameterSetName='malware')] [string] $Id ) begin { Write-Verbose -Message 'Getting AttckMalware Object' } process { $PSAttckJson.objects.ForEach({ if($_.type -eq 'malware'){ if ($PSBoundParameters.ContainsKey('Name')){ if ($_.name -eq $Name){ [EnterpriseMalware]::new($_) | Add-ObjectDetail -TypeName PSAttck.Enterprise.Malware } } elseif ($PSBoundParameters.ContainsKey('Id')){ foreach ($ref in $_.external_references){ if ($ref.source_name -eq 'mitre-attack' -and $ref.external_id -eq $Id){ [EnterpriseMalware]::new($_) | Add-ObjectDetail -TypeName PSAttck.Enterprise.Malware } } } else{ [EnterpriseMalware]::new($_) | Add-ObjectDetail -TypeName PSAttck.Enterprise.Malware } } }) } end { } } |