File size: 3,240 Bytes

5fe70fd

{
    "type": "bundle",
    "id": "bundle--724a5141-de2c-42cf-9d03-46bbbb06b79d",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--1f82ef59-b7da-4cd3-a41c-2e80f80f084f",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Identify business processes/tempo",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1280).\n\nUnderstanding an organizations business processes and tempo may allow an adversary to more effectively craft social engineering attempts or to better hide technical actions, such as those that generate network traffic. (Citation: Scasny2015) (Citation: Infosec-osint)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1280",
                    "external_id": "T1280"
                },
                {
                    "source_name": "Scasny2015",
                    "description": "Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017."
                },
                {
                    "source_name": "Infosec-osint",
                    "description": "InfoSec Institute. (2013, September 11). OSINT (Open-Source Intelligence). Retrieved May 9, 2017."
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_detectable_by_common_defenses": "No",
            "x_mitre_detectable_by_common_defenses_explanation": "Current or previous employees may divulge information on the Internet.  If insiders are used, the defender may have policies or tools in place to detect loss of this data or knowledge.",
            "x_mitre_difficulty_for_adversary": "No",
            "x_mitre_difficulty_for_adversary_explanation": "In some cases, this requires some insider knowledge or specialized access to learn when critical operations occur in a corporation.  For publicly traded US corporations, there is a lot of open source information about their financial reporting obligations (per SEC).  Companies announce their annual shareholder meeting and their quarter phone calls with investors.  Information such as this can help the adversary to glean certain aspects of the business processes and/or rhythm.",
            "x_mitre_version": "1.0",
            "x_mitre_old_attack_id": "PRE-T1057",
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "organizational-information-gathering"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_deprecated": true
        }
    ]
}