cti-ATT-CK-v13.1/pre-attack/attack-pattern/attack-pattern--3d1488a6-59e6-455a-8b80-78b53edc33fe.json

{
    "type": "bundle",
    "id": "bundle--0f147bb6-4652-4f1c-b0b9-e909147272d7",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--3d1488a6-59e6-455a-8b80-78b53edc33fe",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Obtain booter/stressor subscription",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1396).\n\nConfigure and setup booter/stressor services, often intended for server stress testing, to enable denial of service attacks. (Citation: Krebs-Anna) (Citation: Krebs-Booter) (Citation: Krebs-Bazaar)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1396",
                    "external_id": "T1396"
                },
                {
                    "source_name": "Krebs-Anna",
                    "description": "Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.",
                    "url": "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/"
                },
                {
                    "source_name": "Krebs-Booter",
                    "description": "Brian Krebs. (2016, October 27). Are the Days of \u201cBooter\u201d Services Numbered?. Retrieved May 15, 2017.",
                    "url": "https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/"
                },
                {
                    "source_name": "Krebs-Bazaar",
                    "description": "Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.",
                    "url": "https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "establish-&-maintain-infrastructure"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_old_attack_id": "PRE-T1173",
            "x_mitre_version": "1.0",
            "x_mitre_difficulty_for_adversary_explanation": "Easily accessible and used to launch DDoS attacks by even novice Internet users, and can be purchased from providers for a nominal fee, some of which even accept credit cards and PayPal payments to do.",
            "x_mitre_difficulty_for_adversary": "Yes",
            "x_mitre_detectable_by_common_defenses_explanation": "Purchase of booster services is not observable; potentially can trace booster service used to origin of sale, yet not before attack is executed. Furthermore, subscription does not automatically mean foul intention.",
            "x_mitre_detectable_by_common_defenses": "No",
            "x_mitre_deprecated": true
        }
    ]
}