cti-ATT-CK-v13.1/pre-attack/attack-pattern/attack-pattern--2ec57bf1-fcc3-4c19-9516-79b7fde483af.json

{
    "type": "bundle",
    "id": "bundle--8816a3d1-495c-4040-9160-05b530b387f8",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--2ec57bf1-fcc3-4c19-9516-79b7fde483af",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Untargeted client-side exploitation",
            "description": "**This technique has been deprecated. Please see ATT&CK's Initial Access and Execution tactics for replacement techniques.**\n\nA technique that takes advantage of flaws in client-side applications without targeting specific users. For example, an exploit placed on an often widely used public web site intended for drive-by delivery to whomever visits the site. (Citation: CitizenLabGreatCannon)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "external_id": "T1370",
                    "url": "https://attack.mitre.org/techniques/T1370"
                },
                {
                    "description": "Bill Marczak, Jakub Dalek, John Scott-Railton, Ron Deibert, Sarah McKune. (2015, April 10). China\u2019s Great Cannon. Retrieved March 9, 2017.",
                    "source_name": "CitizenLabGreatCannon"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "launch"
                }
            ],
            "modified": "2020-03-30T14:30:45.039Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_is_subtechnique": false,
            "x_mitre_old_attack_id": "PRE-T1147",
            "x_mitre_version": "1.0",
            "x_mitre_difficulty_for_adversary_explanation": "Commonly executed technique to place an exploit on an often widely used public web site intended for driveby delivery.",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_detectable_by_common_defenses_explanation": "Defensive technologies exist to scan web content before delivery to the requested end user.  However, this is not fool proof as some sites encrypt web communications and the adversary constantly moves to sites not previously flagged as malicious thus defeating this defense.  Host-based defenses can also aid in detection/mitigation as well as detection by the web site that got compromised.",
            "x_mitre_deprecated": true,
            "x_mitre_detectable_by_common_defenses": "Yes"
        }
    ]
}