cti-ATT-CK-v13.1/pre-attack/attack-pattern/attack-pattern--1a295f87-af63-4d94-b130-039d6221fb11.json

{
    "type": "bundle",
    "id": "bundle--e2a7d2e2-ccb1-48ac-8b7a-7b487a589af3",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--1a295f87-af63-4d94-b130-039d6221fb11",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Acquire and/or use 3rd party software services",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1308).\n\nA wide variety of 3rd party software services  are available (e.g., [Twitter](https://twitter.com), [Dropbox](https://www.dropbox.com), [GoogleDocs](https://www.google.com/docs/about)). Use of these solutions allow an adversary to stage, launch, and execute an attack from infrastructure that does not physically tie back to them and can be rapidly provisioned, modified, and shut down. (Citation: LUCKYCAT2012) (Citation: Nemucod Facebook)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1308",
                    "external_id": "T1308"
                },
                {
                    "source_name": "LUCKYCAT2012",
                    "description": "Forward-Looking Threat Research Team. (2012). LUCKYCAT REDUX: Inside an APT Campaign with Multiple Targets in India and Japan. Retrieved March 1, 2017."
                },
                {
                    "source_name": "Nemucod Facebook",
                    "description": "Bart Blaze. (2016, November 20). Nemucod downloader spreading via Facebook. Retrieved March 28, 2017."
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_detectable_by_common_defenses": "No",
            "x_mitre_detectable_by_common_defenses_explanation": "Defender will not have visibility over account creation for 3rd party software services.",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_difficulty_for_adversary_explanation": "3rd party services like these listed are freely available.",
            "x_mitre_version": "1.0",
            "x_mitre_old_attack_id": "PRE-T1085",
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "adversary-opsec"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_deprecated": true
        }
    ]
}