T1529 System Shutdown/Reboot Mappings

Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.(Citation: Microsoft Shutdown Oct 2017) Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.

Adversaries may attempt to shutdown/reboot a system after impacting it in other ways, such as Disk Structure Wipe or Inhibit System Recovery, to hasten the intended effects on system availability.(Citation: Talos Nyetya June 2017)(Citation: Talos Olympic Destroyer 2018)



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2018-15397 Cisco Adaptive Security Appliance (ASA) Software primary_impact T1529 System Shutdown/Reboot
CVE-2019-1817 Cisco Web Security Appliance (WSA) primary_impact T1529 System Shutdown/Reboot
CVE-2018-18995 ABB GATE-E1 and GATE-E2 secondary_impact T1529 System Shutdown/Reboot
CVE-2015-7925 n/a uncategorized T1529 System Shutdown/Reboot
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1529 System Shutdown/Reboot
aws_rds AWS RDS technique_scores T1529 System Shutdown/Reboot
amazon_inspector Amazon Inspector technique_scores T1529 System Shutdown/Reboot