File size: 3,404 Bytes

5fe70fd

{
    "type": "bundle",
    "id": "bundle--cc716cb4-3d47-4c4a-abb4-919ff8006658",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--0c0f075b-5d69-43f2-90df-d9ad18f44624",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Identify people of interest",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1269).\n\nThe attempt to identify people of interest or with an inherent weakness for direct or indirect targeting to determine an approach to compromise a person or organization.  Such targets may include individuals with poor OPSEC practices or those who have a trusted relationship with the intended target. (Citation: RSA-APTRecon) (Citation: Scasny2015)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1269",
                    "external_id": "T1269"
                },
                {
                    "source_name": "RSA-APTRecon",
                    "description": "Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the \u201cAPT\u201d Intelligence Gathering Process. Retrieved March 1, 2017."
                },
                {
                    "source_name": "Scasny2015",
                    "description": "Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017."
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_detectable_by_common_defenses": "No",
            "x_mitre_detectable_by_common_defenses_explanation": "Common defenses protecting against poor OPSEC practices are traditionally more policy-based in nature rather than technical.  Policy-based mitigations are generally more difficult to enforce and track violations, making it more difficult that this technique can be detected by common defenses.",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_difficulty_for_adversary_explanation": "Specialty cases enable an adversary to use key words in order to search social media and identify personnel with poor OPSEC practices who may have access to specialized information which would make them a target of interest.  In addition, the open nature of social media leads to a tendency among individuals to overshare, encouraging poor OPSEC and increasing the ease by which an adversary can identify interesting targets.",
            "x_mitre_version": "1.0",
            "x_mitre_old_attack_id": "PRE-T1046",
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "people-information-gathering"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_deprecated": true
        }
    ]
}