33 lines
1.8 KiB
JSON
33 lines
1.8 KiB
JSON
{
|
|
"id": "bundle--1a854c96-639e-4771-befb-e7b960a65974",
|
|
"objects": [
|
|
{
|
|
"created": "2017-05-31T21:30:29.458Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"description": "Data, such as sensitive documents, may be exfiltrated through the use of automated processing or Scripting after being gathered during Exfiltration Over Command and Control Channel and Exfiltration Over Alternative Protocol.\n\nDetection: Monitor process file access patterns and network behavior. Unrecognized processes or scripts that appear to be traversing file systems and sending network traffic may be suspicious.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: File monitoring, Process monitoring, Process use of network",
|
|
"external_references": [
|
|
{
|
|
"external_id": "T1020",
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/wiki/Technique/T1020"
|
|
}
|
|
],
|
|
"id": "attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-attack",
|
|
"phase_name": "exfiltration"
|
|
}
|
|
],
|
|
"modified": "2017-05-31T21:30:29.458Z",
|
|
"name": "Automated Exfiltration",
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"type": "attack-pattern"
|
|
}
|
|
],
|
|
"spec_version": "2.0",
|
|
"type": "bundle"
|
|
}
|