{
    "type": "bundle",
    "id": "bundle--83edd6e1-4b9b-4937-b81a-2b014cdcb2eb",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "Linux",
                "Windows",
                "macOS"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_contributors": [
                "Center for Threat-Informed Defense (CTID)"
            ],
            "x_mitre_collection_layers": [
                "Host"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "x-mitre-data-source--61bbbf27-f7c3-46ba-a6bc-48ae76928065",
            "type": "x-mitre-data-source",
            "created": "2021-10-20T15:05:19.272Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/datasources/DS0016",
                    "external_id": "DS0016"
                },
                {
                    "source_name": "Sysmon EID 9",
                    "description": "Russinovich, R. & Garnier, T. (2021, August 18). Sysmon Event ID 9. Retrieved September 24, 2021.",
                    "url": "https://docs.microsoft.com/sysinternals/downloads/sysmon#event-id-9-rawaccessread"
                }
            ],
            "modified": "2022-03-30T14:26:51.804Z",
            "name": "Drive",
            "description": "A non-volatile data storage device (hard drive, floppy disk, USB flash drive) with at least one formatted partition, typically mounted to the file system and/or assigned a drive letter(Citation: Sysmon EID 9)",
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}