mirror of
https://github.com/DISARMFoundation/DISARMframeworks.git
synced 2024-12-18 12:24:25 -05:00
40 lines
2.1 KiB
JSON
40 lines
2.1 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--12c704f2-e7ca-46bb-9ffb-2ddf73386151",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa",
|
|
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
|
|
"created": "2024-08-02T17:12:32.430653Z",
|
|
"modified": "2024-08-02T17:12:32.430653Z",
|
|
"name": "Acquire Compromised Account",
|
|
"description": "Threat Actors can take over existing users\u2019 accounts to distribute campaign content.<br /> <br />The actor may maintain the asset\u2019s previous identity to capitalise on the perceived legitimacy its previous owner had cultivated.<br /> <br />The actor may completely rebrand the account to exploit its existing reach, or relying on the account\u2019s history to avoid more stringent automated content moderation rules applied to new accounts.<br /> <br />See also [Mitre ATT&CK\u2019s T1586 Compromise Accounts](https://attack.mitre.org/techniques/T1586/) for more technical information on how threat actors may achieve this objective.<br /> <br />This Technique was previously called Compromise Legitimate Accounts, and used the ID T0011.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-attack",
|
|
"phase_name": "establish-assets"
|
|
}
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0141.001.md",
|
|
"external_id": "T0141.001"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
|
|
],
|
|
"x_mitre_is_subtechnique": true,
|
|
"x_mitre_platforms": [
|
|
"Windows",
|
|
"Linux",
|
|
"Mac"
|
|
],
|
|
"x_mitre_version": "2.1"
|
|
}
|
|
]
|
|
}
|