{
"type": "bundle",
"id": "bundle--12c704f2-e7ca-46bb-9ffb-2ddf73386151",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.430653Z",
"modified": "2024-08-02T17:12:32.430653Z",
"name": "Acquire Compromised Account",
"description": "Threat Actors can take over existing users\u2019 accounts to distribute campaign content.
The actor may maintain the asset\u2019s previous identity to capitalise on the perceived legitimacy its previous owner had cultivated.
The actor may completely rebrand the account to exploit its existing reach, or relying on the account\u2019s history to avoid more stringent automated content moderation rules applied to new accounts.
See also [Mitre ATT&CK\u2019s T1586 Compromise Accounts](https://attack.mitre.org/techniques/T1586/) for more technical information on how threat actors may achieve this objective.
This Technique was previously called Compromise Legitimate Accounts, and used the ID T0011.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0141.001.md",
"external_id": "T0141.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}