cti-ATT-CK-v13.1/enterprise-attack/attack-pattern/attack-pattern--0979abf9-4e26-43ec-9b6e-54efc4e70fca.json

{
    "type": "bundle",
    "id": "bundle--edd4433f-4641-4c82-8eac-1cd3135dd554",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "PRE"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "attack-pattern--0979abf9-4e26-43ec-9b6e-54efc4e70fca",
            "type": "attack-pattern",
            "created": "2020-10-02T16:58:58.738Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "T1596.003",
                    "url": "https://attack.mitre.org/techniques/T1596/003"
                },
                {
                    "source_name": "SSLShopper Lookup",
                    "url": "https://www.sslshopper.com/ssl-checker.html",
                    "description": "SSL Shopper. (n.d.). SSL Checker. Retrieved October 20, 2020."
                },
                {
                    "source_name": "Medium SSL Cert",
                    "url": "https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2",
                    "description": "Jain, M. (2019, September 16). Export & Download \u2014 SSL Certificate from Server (Site URL). Retrieved October 20, 2020."
                }
            ],
            "modified": "2021-04-15T03:48:37.628Z",
            "name": "Digital Certificates",
            "description": "Adversaries may search public digital certificate data for information about victims that can be used during targeting. Digital certificates are issued by a certificate authority (CA) in order to cryptographically verify the origin of signed content. These certificates, such as those used for encrypted web traffic (HTTPS SSL/TLS communications), contain information about the registered organization such as name and location.\n\nAdversaries may search digital certificate data to gather actionable information. Threat actors can use online resources and lookup tools to harvest information about certificates.(Citation: SSLShopper Lookup) Digital certificate data may also be available from artifacts signed by the organization (ex: certificates used from encrypted web traffic are served with content).(Citation: Medium SSL Cert) Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Active Scanning](https://attack.mitre.org/techniques/T1595) or [Phishing for Information](https://attack.mitre.org/techniques/T1598)), establishing operational resources (ex: [Develop Capabilities](https://attack.mitre.org/techniques/T1587) or [Obtain Capabilities](https://attack.mitre.org/techniques/T1588)), and/or initial access (ex: [External Remote Services](https://attack.mitre.org/techniques/T1133) or [Trusted Relationship](https://attack.mitre.org/techniques/T1199)).",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-attack",
                    "phase_name": "reconnaissance"
                }
            ],
            "x_mitre_detection": "Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders.\n\nDetection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.",
            "x_mitre_is_subtechnique": true,
            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}