-
Notifications
You must be signed in to change notification settings - Fork 6
/
attack-pattern--16cdd21f-da65-4e4f-bc04-dd7d198c7b26.json
36 lines (36 loc) · 2.74 KB
/
attack-pattern--16cdd21f-da65-4e4f-bc04-dd7d198c7b26.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "T1594",
"url": "https://attack.mitre.org/techniques/T1594"
},
{
"source_name": "Comparitech Leak",
"url": "https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/",
"description": "Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020."
}
],
"created_by_ref": "The MITRE Corporation",
"name": "Search Victim-Owned Websites",
"description": "Before compromising a victim, adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: [Email Addresses](https://attack.mitre.org/techniques/T1589/002)). These sites may also have details highlighting business operations and relationships.(Citation: Comparitech Leak)\n\nAdversaries may search victim-owned websites to gather actionable information. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Phishing for Information](https://attack.mitre.org/techniques/T1598) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Establish Accounts](https://attack.mitre.org/techniques/T1585) or [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [Trusted Relationship](https://attack.mitre.org/techniques/T1199) or [Phishing](https://attack.mitre.org/techniques/T1566)).",
"id": "attack-pattern--16cdd21f-da65-4e4f-bc04-dd7d198c7b26",
"type": "attack-pattern",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "reconnaissance"
}
],
"modified": "2020-10-24T04:23:37.282Z",
"created": "2020-10-02T16:51:50.306Z",
"x_mitre_data_sources": [
"Web logs"
],
"x_mitre_detection": "Monitor for suspicious network traffic that could be indicative of adversary reconnaissance, such as rapid successions of requests indicative of web crawling and/or large quantities of requests originating from a single source (especially if the source is known to be associated with an adversary). Analyzing web metadata may also reveal artifacts that can be attributed to potentially malicious activity, such as referer or user-agent string HTTP/S fields.",
"x_mitre_version": "1.0",
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"PRE"
]
}