adpare
69 lines
4.2 KiB
JSON
69 lines
4.2 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--ff1754e6-3926-4294-bdb9-a606fc295270",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--a2fdce72-04b2-409a-ac10-cc1695f4fce0",
|
|
"created": "2020-10-01T02:08:33.977Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1588/002",
|
|
"external_id": "T1588.002"
|
|
},
|
|
{
|
|
"source_name": "Sentinel Labs Top Tier Target 2025",
|
|
"description": " Tom Hegel, Aleksandar Milenkoski & Jim Walter. (2025, April 28). Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today\u2019s Adversaries. Retrieved May 22, 2025.",
|
|
"url": "https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/"
|
|
},
|
|
{
|
|
"source_name": "Analyzing CS Dec 2020",
|
|
"description": "Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.",
|
|
"url": "https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/"
|
|
},
|
|
{
|
|
"source_name": "Recorded Future Beacon 2019",
|
|
"description": "Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved September 16, 2024.",
|
|
"url": "https://www.recordedfuture.com/blog/identifying-cobalt-strike-servers"
|
|
},
|
|
{
|
|
"source_name": "Forescout Conti Leaks 2022",
|
|
"description": "Vedere Labs. (2022, March 11). Analysis of Conti Leaks. Retrieved May 22, 2025.",
|
|
"url": "https://www.forescout.com/resources/analysis-of-conti-leaks/"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2025-10-24T17:49:10.900Z",
|
|
"name": "Tool",
|
|
"description": "Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can be open or closed source, free or commercial. A tool can be used for malicious purposes by an adversary, but (unlike malware) were not intended to be used for those purposes (ex: [PsExec](https://attack.mitre.org/software/S0029)). \n\nAdversaries may obtain tools to support their operations, including to support execution of post-compromise behaviors. Tools may also be leveraged for testing \u2013 for example, evaluating malware against commercial antivirus or endpoint detection and response (EDR) applications.(Citation: Forescout Conti Leaks 2022)(Citation: Sentinel Labs Top Tier Target 2025)\n\nTool acquisition may involve the procurement of commercial software licenses, including for red teaming tools such as Cobalt Strike. In addition to freely downloading or purchasing software, adversaries may steal software and/or software licenses from third-party entities (including other adversaries). Threat actors may also crack trial versions of software.(Citation: Recorded Future Beacon 2019)",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-attack",
|
|
"phase_name": "resource-development"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.3.0",
|
|
"x_mitre_contributors": [
|
|
"SOCCRATES",
|
|
"Mnemonic AS",
|
|
"Menachem Goldstein"
|
|
],
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_domains": [
|
|
"enterprise-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": true,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_platforms": [
|
|
"PRE"
|
|
],
|
|
"x_mitre_version": "1.2"
|
|
}
|
|
]
|
|
} |