cti-ATT-CK-v13.1/pre-attack/attack-pattern/attack-pattern--2141aea0-cf38-49aa-9e51-ac34092bc30a.json

{
    "type": "bundle",
    "id": "bundle--69f382be-308d-4d26-b021-e1cd6c7cacd2",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--2141aea0-cf38-49aa-9e51-ac34092bc30a",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Procure required equipment and software",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1335).\n\nAn adversary will require some physical hardware and software. They may only need a lightweight set-up if most of their activities will take place using on-line infrastructure. Or, they may need to build extensive infrastructure if they want to test, communicate, and control other aspects of their activities on their own systems. (Citation: NYTStuxnet)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1335",
                    "external_id": "T1335"
                },
                {
                    "source_name": "NYTStuxnet",
                    "description": "William J. Broad, John Markoff, and David E. Sanger. (2011, January 15). Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Retrieved March 1, 2017.",
                    "url": "https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "establish-&-maintain-infrastructure"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_old_attack_id": "PRE-T1112",
            "x_mitre_version": "1.0",
            "x_mitre_difficulty_for_adversary_explanation": "Ease and availability of current hardware and software, mobile phones (cash and go phones), and additional online technology simplifies adversary process to achieve this technique (and possibly without traceability). The adversary has control of the infrastructure and will likely be able to add/remove tools to infrastructure, whether acquired via hacking or standard computer acquisition (e.g., [https://aws.amazon.com AWS], VPS).",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_detectable_by_common_defenses_explanation": "Outside of highly specific or rare HW, nearly impossible to detect and track.",
            "x_mitre_detectable_by_common_defenses": "No",
            "x_mitre_deprecated": true
        }
    ]
}