{
    "type": "bundle",
    "id": "bundle--97b4c298-1758-44c6-a90f-46cea050824f",
    "objects": [
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--0a889b39-59db-4d70-b811-c1bff9689909",
            "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
            "created": "2024-11-22T16:43:58.233656Z",
            "modified": "2024-11-22T16:43:58.233656Z",
            "name": "Lookalike Domain",
            "description": "A Lookalike Domain is a Domain which is visually similar to another Domain, with the potential for web users to mistake one domain for the other.<br><br>Threat actors who want to impersonate organisations\u2019 websites have been observed using a variety of domain impersonation methods. For example, actors wanting to create a domain impersonating netflix.com may use methods such as typosquatting (e.g. n3tflix.com), combosquatting (e.g. netflix-billing.com), or TLD swapping (e.g. netflix.top).",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-attack",
                    "phase_name": "establish-assets"
                }
            ],
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0149.003.md",
                    "external_id": "T0149.003"
                }
            ],
            "object_marking_refs": [
                "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
            ],
            "x_mitre_is_subtechnique": true,
            "x_mitre_platforms": [
                "Windows",
                "Linux",
                "Mac"
            ],
            "x_mitre_version": "2.1"
        }
    ]
}