-
Notifications
You must be signed in to change notification settings - Fork 6
/
attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2.json
33 lines (33 loc) · 2.3 KB
/
attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "T1583",
"url": "https://attack.mitre.org/techniques/T1583"
},
{
"source_name": "TrendmicroHideoutsLease",
"description": "Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.",
"url": "https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf"
}
],
"created_by_ref": "The MITRE Corporation",
"name": "Acquire Infrastructure",
"description": "Before compromising a victim, adversaries may buy, lease, or rent infrastructure that can be used during targeting. A wide variety of infrastructure exists for hosting and orchestrating adversary operations. Infrastructure solutions include physical or cloud servers, domains, and third-party web services.(Citation: TrendmicroHideoutsLease) Additionally, botnets are available for rent or purchase.\n\nUse of these infrastructure solutions allows an adversary to stage, launch, and execute an operation. Solutions may help adversary operations blend in with traffic that is seen as normal, such as contact to third-party web services. Depending on the implementation, adversaries may use infrastructure that makes it difficult to physically tie back to them as well as utilize infrastructure that can be rapidly provisioned, modified, and shut down.",
"id": "attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2",
"type": "attack-pattern",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"modified": "2020-10-22T17:59:17.606Z",
"created": "2020-09-30T16:37:40.271Z",
"x_mitre_version": "1.0",
"x_mitre_is_subtechnique": false,
"x_mitre_detection": "Consider use of services that may aid in tracking of newly acquired infrastructure, such as WHOIS databases for domain registration information. Much of this activity may take place outside the visibility of the target organization, making detection of this behavior difficult.\n\nDetection efforts may be focused on related stages of the adversary lifecycle, such as during Command and Control.",
"x_mitre_platforms": [
"PRE"
]
}