adam/cti
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a8cccf3dff07ddb89bcfe2d039eeeac5ecffd0a0
cti/enterprise-attack/attack-pattern/attack-pattern--bbe5b322-e2af-4a5e-9625-a4e62bf84ed3.json
T
Isabel Tuson a8cccf3dff ATT&CK version 8.2
2021-01-27 10:40:10 -05:00

43 lines
3.2 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--6f93d221-08f6-4150-b0d7-5d1352fe0a19",
"spec_version": "2.0",
"objects": [
{
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "T1593.001",
"url": "https://attack.mitre.org/techniques/T1593/001"
},
{
"source_name": "Cyware Social Media",
"url": "https://cyware.com/news/how-hackers-exploit-social-media-to-break-into-your-company-88e8da8e",
"description": "Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020."
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"name": "Social Media",
"description": "Before compromising a victim, adversaries may search social media for information about victims that can be used during targeting. Social media sites may contain various information about a victim organization, such as business announcements as well as information about the roles, locations, and interests of staff.\n\nAdversaries may search in different social media sites depending on what information they seek to gather. Threat actors may passively harvest data from these sites, as well as use information gathered to create fake profiles/groups to elicit victim\u2019s into revealing specific information (i.e. [Spearphishing Service](https://attack.mitre.org/techniques/T1598/001)).(Citation: Cyware Social Media) Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Phishing for Information](https://attack.mitre.org/techniques/T1598) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Establish Accounts](https://attack.mitre.org/techniques/T1585) or [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [Spearphishing via Service](https://attack.mitre.org/techniques/T1566/003)).",
"id": "attack-pattern--bbe5b322-e2af-4a5e-9625-a4e62bf84ed3",
"type": "attack-pattern",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "reconnaissance"
}
],
"modified": "2020-10-24T04:22:46.235Z",
"created": "2020-10-02T16:49:31.262Z",
"x_mitre_detection": "Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders.\n\nDetection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.",
"x_mitre_version": "1.0",
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"PRE"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink