cti/pre-attack/attack-pattern/attack-pattern--e51398e6-53dc-4e9f-a323-e54683d8672b.json

{
    "type": "bundle",
    "id": "bundle--4138089c-d778-4f2a-a83d-5fc78b92c642",
    "spec_version": "2.0",
    "objects": [
        {
            "created": "2017-12-14T16:46:06.044Z",
            "modified": "2020-10-26T13:42:49.342Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "establish-&-maintain-infrastructure"
                }
            ],
            "type": "attack-pattern",
            "x_mitre_old_attack_id": "PRE-T1111",
            "x_mitre_version": "1.0",
            "x_mitre_difficulty_for_adversary_explanation": "Commonly used technique currently (e.g., [https://www.wordpress.com WordPress] sites) as precursor activity to launching attack against intended target (e.g., acquiring botnet or layers of proxies for reducing attribution possibilities).",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_detectable_by_common_defenses_explanation": "Defender will not have visibility on 3rd party sites unless target is successfully enticed to visit one.",
            "x_mitre_detectable_by_common_defenses": "No",
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1334",
                    "external_id": "T1334"
                },
                {
                    "source_name": "WateringHole2014",
                    "description": "Pierluigi Paganini. (2014, February 15). FireEye discovered a new watering hole attack based on 0-day exploit. Retrieved March 1, 2017."
                },
                {
                    "source_name": "FireEye Operation SnowMan",
                    "description": "Darien Kindlund, Xiaobo Chen, Mike Scott, Ned Moran, Dan Caselden. (2014, February 13). Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website. Retrieved March 28, 2017."
                }
            ],
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1334).\n\nInstead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it for some or all of the attack cycle. (Citation: WateringHole2014) (Citation: FireEye Operation SnowMan)",
            "name": "Compromise 3rd party infrastructure to support delivery",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "id": "attack-pattern--e51398e6-53dc-4e9f-a323-e54683d8672b",
            "x_mitre_deprecated": true
        }
    ]
}