adpare
74 lines
4.7 KiB
JSON
74 lines
4.7 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--e9b2d879-3df5-4c78-a290-d06135d7f08d",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--31225cd3-cd46-4575-b287-c2c14011c074",
|
|
"created": "2020-10-01T00:49:05.467Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1583/005",
|
|
"external_id": "T1583.005"
|
|
},
|
|
{
|
|
"source_name": "Krebs-Booter",
|
|
"description": "Brian Krebs. (2016, October 27). Are the Days of \u201cBooter\u201d Services Numbered?. Retrieved May 15, 2017.",
|
|
"url": "https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/"
|
|
},
|
|
{
|
|
"source_name": "Krebs-Bazaar",
|
|
"description": "Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.",
|
|
"url": "https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/"
|
|
},
|
|
{
|
|
"source_name": "Krebs-Anna",
|
|
"description": "Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.",
|
|
"url": "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/"
|
|
},
|
|
{
|
|
"source_name": "Imperva DDoS for Hire",
|
|
"description": "Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.",
|
|
"url": "https://www.imperva.com/learn/ddos/booters-stressers-ddosers/"
|
|
},
|
|
{
|
|
"source_name": "Norton Botnet",
|
|
"description": "Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020.",
|
|
"url": "https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html"
|
|
},
|
|
{
|
|
"source_name": "ORB Mandiant",
|
|
"description": "Raggi, Michael. (2024, May 22). IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders. Retrieved July 8, 2024.",
|
|
"url": "https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2025-10-24T17:48:36.255Z",
|
|
"name": "Botnet",
|
|
"description": "Adversaries may buy, lease, or rent a network of compromised systems\u00a0that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.(Citation: Norton Botnet) Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. \n\nInternet-facing edge devices and related network appliances that are end-of-life (EOL) and unsupported by their manufacturers are commonly acquired for botnet activities. Adversaries may lease operational relay box (ORB) networks \u2013 consisting of virtual private servers (VPS), small office/home office (SOHO) routers, or Internet of Things (IoT) devices \u2013 to serve as a botnet.(Citation: ORB Mandiant) \n\nWith a botnet at their disposal, adversaries may perform follow-on activity such as large-scale [Phishing](https://attack.mitre.org/techniques/T1566) or Distributed Denial of Service (DDoS).(Citation: Imperva DDoS for Hire)(Citation: Krebs-Anna)(Citation: Krebs-Bazaar)(Citation: Krebs-Booter) Acquired botnets may also be used to support Command and Control activity, such as [Hide Infrastructure](https://attack.mitre.org/techniques/T1665) through an established [Proxy](https://attack.mitre.org/techniques/T1090) network.\n\n",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-attack",
|
|
"phase_name": "resource-development"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.2.0",
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_domains": [
|
|
"enterprise-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": true,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_platforms": [
|
|
"PRE"
|
|
],
|
|
"x_mitre_version": "1.2"
|
|
}
|
|
]
|
|
} |