cti/pre-attack/attack-pattern/attack-pattern--4aeafdb3-eb0b-4e8e-b93f-95cd499088b4.json

{
    "objects": [
        {
            "name": "Compromise of externally facing system",
            "created": "2017-12-14T16:46:06.044Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "description": "This technique has been deprecated. Please see ATT&CK's Initial Access and Execution tactics for replacement techniques.\n\nExternally facing systems allow connections from outside the network as a normal course of operations.  Externally facing systems may include, but are not limited to, websites, web portals, email, DNS, FTP, VPN concentrators, and boarder routers and firewalls. These systems could be in a demilitarized zone (DMZ) or may be within other parts of the internal environment. (Citation: CylanceOpCleaver) (Citation: DailyTechAntiSec)\n\nDetectable by Common Defenses: Yes\n\nDetectable by Common Defenses explanation: Most DMZs are monitored but are also designed so that if they are compromised, the damage/risk is limited.\n\nDifficulty for the Adversary: Yes\n\nDifficulty for the Adversary explanation: DMZ environments are specifically designed to be isolated because one assumes they will ultimately be compromised by the adversary.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "compromise"
                }
            ],
            "external_references": [
                {
                    "url": "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1165",
                    "source_name": "mitre-pre-attack",
                    "external_id": "PRE-T1165"
                },
                {
                    "description": "CYLANCE. (n.d.). Operation Cleaver. Retrieved March 6, 2017.",
                    "source_name": "CylanceOpCleaver"
                },
                {
                    "description": "Jason Mick. (2011, July 12). AntiSec Exposes U.S. Soldiers' S/Ns, Passwords, Vows Attack on Monsanto. Retrieved March 9, 2017.",
                    "source_name": "DailyTechAntiSec"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "attack-pattern--4aeafdb3-eb0b-4e8e-b93f-95cd499088b4",
            "modified": "2018-04-18T17:59:24.739Z",
            "x_mitre_detectable_by_common_defenses": "Yes",
            "x_mitre_detectable_by_common_defenses_explanation": "Most DMZs are monitored but are also designed so that if they are compromised, the damage/risk is limited.",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_difficulty_for_adversary_explanation": "DMZ environments are specifically designed to be isolated because one assumes they will ultimately be compromised by the adversary.",
            "x_mitre_deprecated": "true",
            "type": "attack-pattern"
        }
    ],
    "type": "bundle",
    "id": "bundle--e23d06fb-358b-4838-a58d-341f19e59442",
    "spec_version": "2.0"
}