cti-ATT-CK-v13.1/pre-attack/attack-pattern/attack-pattern--2f442206-2983-4fc2-93fd-0a828e026412.json

{
    "type": "bundle",
    "id": "bundle--b1efae58-e72b-42e2-9cc8-e01ff7ab0086",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--2f442206-2983-4fc2-93fd-0a828e026412",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Disseminate removable media",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1379).\n\nRemovable media containing malware can be injected in to a supply chain at large or small scale. It can also be physically placed for someone to find or can be sent to someone in a more targeted manner. The intent is to have the user utilize the removable media on a system where the adversary is trying to gain access. (Citation: USBMalwareAttacks) (Citation: FPDefendNewDomain) (Citation: ParkingLotUSB)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1379",
                    "external_id": "T1379"
                },
                {
                    "source_name": "USBMalwareAttacks",
                    "description": "Sean Carroll. (2010, November 4). USB Malware Attacks On the Rise. Retrieved March 9, 2017."
                },
                {
                    "source_name": "FPDefendNewDomain",
                    "description": "William J. Lynn III. (2010, September). Defending a New Domain. Retrieved March 9, 2017."
                },
                {
                    "source_name": "ParkingLotUSB",
                    "description": "Emil Protalinski. (2012, July 11). Criminals push malware by 'losing' USB sticks in parking lots. Retrieved March 9, 2017."
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_detectable_by_common_defenses": "No",
            "x_mitre_detectable_by_common_defenses_explanation": "From a technical perspective, detection of an adversary disseminating removable media is not possible as there is no technical element involved until the compromise phase.  Most facilities generally do not perform extensive physical security patrols, which would be necessary in order to promptly identify an adversary deploying removable media to be used in an attack.",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_difficulty_for_adversary_explanation": "Commonly executed technique by penetration testers to gain access to networks via end users who are innately trusting of newly found or available technology.",
            "x_mitre_version": "1.0",
            "x_mitre_old_attack_id": "PRE-T1156",
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "stage-capabilities"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_deprecated": true
        }
    ]
}