2018-02-21 16:28:11 +01:00
{
2018-04-04 12:54:04 +02:00
"uuid" : "1ffd3108-1708-11e8-9f98-67b378d9094c" ,
"description" : "MITRE Relationship" ,
"source" : "https://github.com/mitre/cti" ,
"version" : 2 ,
"values" : [
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "58d0b955-ae3d-424a-a537-2804dab38793"
} ,
"uuid" : "1eed277b-a2a7-43f9-bf12-6e30abf0841a" ,
"value" : "APT28 (G0007) uses Unconditional client-side exploitation/Injected Website/Driveby (PRE-T1149)"
} ,
{
"meta" : {
"source-uuid" : "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d" ,
"target-uuid" : "103d72e6-7e0d-4b3a-9373-c38567305c33"
} ,
"uuid" : "4a69750c-47d5-40f5-b753-c6bb2a27a359" ,
"value" : "Friend/Follow/Connect to targets of interest (PRE-T1141) related-to Friend/Follow/Connect to targets of interest (PRE-T1121)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "15ef4da5-3b93-4bb1-a39a-5396661956d3"
} ,
"uuid" : "2b6a71e4-e5d5-41d2-a193-9a95c94dc924" ,
"value" : "APT1 (G0006) uses Build and configure delivery systems (PRE-T1124)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "e24a9f99-cb76-42a3-a50b-464668773e97"
} ,
"uuid" : "57723021-1eb3-4bf2-86eb-fdbf8a1b8125" ,
"value" : "Night Dragon (G0014) uses Spear phishing messages with malicious attachments (PRE-T1144)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "9755ecdc-deb0-40e6-af49-713cb0f8ed92"
} ,
"uuid" : "a34c16e9-bc7e-45f5-a9a2-8b05d868e6a0" ,
"value" : "Night Dragon (G0014) uses Remote access tool development (PRE-T1128)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "d69c3e06-8311-4093-8e3e-0a8e06b15d92"
} ,
"uuid" : "307e24f8-4d7c-49a8-88f6-fb0a99fe8ff4" ,
"value" : "APT16 (G0023) uses Assess targeting options (PRE-T1073)"
} ,
{
"meta" : {
"source-uuid" : "7baccb84-356c-4e89-8c5d-58e701f033fc" ,
"target-uuid" : "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
} ,
"uuid" : "2dbdcf5e-af75-4f92-b4ad-942a06aab259" ,
"value" : "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "f4c5d1d9-8f0e-46f1-a9fa-f9a440926046"
} ,
"uuid" : "9af7194c-1eea-4aef-bab1-49bd29be069c" ,
"value" : "APT1 (G0006) uses Confirmation of launched compromise achieved (PRE-T1160)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "89a79d91-53e0-4ef5-ba28-558cb8b01f76"
} ,
"uuid" : "f6dd74d9-ed02-4fe4-aff6-9ef25906592f" ,
"value" : "Night Dragon (G0014) uses Identify groups/roles (PRE-T1047)"
} ,
{
"meta" : {
"source-uuid" : "090242d7-73fc-4738-af68-20162f7a5aae" ,
"target-uuid" : "271e6d40-e191-421a-8f87-a8102452c201"
} ,
"uuid" : "614f64d8-c221-4789-b1e1-787e9326a37b" ,
"value" : "APT17 (G0025) uses Develop social network persona digital footprint (PRE-T1119)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "e24a9f99-cb76-42a3-a50b-464668773e97"
} ,
"uuid" : "84943231-1b44-4029-ae09-0dbf05440bef" ,
"value" : "APT1 (G0006) uses Spear phishing messages with malicious attachments (PRE-T1144)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "d3999268-740f-467e-a075-c82e2d04be62"
} ,
"uuid" : "51d03816-347c-4716-9524-da99a58f5ea6" ,
"value" : "APT1 (G0006) uses Assess leadership areas of interest (PRE-T1001)"
} ,
{
"meta" : {
"source-uuid" : "af358cad-eb71-4e91-a752-236edc237dae" ,
"target-uuid" : "74a3288e-eee9-4f8e-973a-fbc128e033f1"
} ,
"uuid" : "ad510f42-e745-42d0-8b54-4bf7a2f3cf34" ,
"value" : "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1026)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
} ,
"uuid" : "ab356c7a-6922-4143-90eb-5be632e2f6cd" ,
"value" : "Cleaver (G0003) uses Build social network persona (PRE-T1118)"
} ,
{
"meta" : {
"source-uuid" : "c721b235-679a-4d76-9ae9-e08921fccf84" ,
"target-uuid" : "7718e92f-b011-4f88-b822-ae245a1de407"
} ,
"uuid" : "ab313887-ff00-4aa9-8edb-ab107c517c19" ,
"value" : "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1055)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
} ,
"uuid" : "edb31962-2310-4618-bd4f-d34f8e7d58e8" ,
"value" : "APT16 (G0023) uses Acquire OSINT data sets and information (PRE-T1024)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "286cc500-4291-45c2-99a1-e760db176402"
} ,
"uuid" : "0adf353d-688b-46ce-88bb-62a008675fe0" ,
"value" : "Night Dragon (G0014) uses Acquire and/or use 3rd party infrastructure services (PRE-T1084)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "d778cb83-2292-4995-b006-d38f52bc1e64"
} ,
"uuid" : "e95ea206-3962-43af-aac1-042ac9928679" ,
"value" : "Night Dragon (G0014) uses Identify gap areas (PRE-T1002)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "fddd81e9-dd3d-477e-9773-4fb8ae227234"
} ,
"uuid" : "b09b41c4-670f-4f00-b8d5-a8c6a2dcfcfb" ,
"value" : "Cleaver (G0003) uses Create custom payloads (PRE-T1122)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "c860af4a-376e-46d7-afbf-262c41012227"
} ,
"uuid" : "26bf68a4-af3c-4d39-bad3-5f0ce824f4a3" ,
"value" : "APT28 (G0007) uses Determine operational element (PRE-T1019)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "45242287-2964-4a3e-9373-159fad4d8195"
} ,
"uuid" : "3d65fc7e-87a5-4113-bd9c-09453fba4d1e" ,
"value" : "APT28 (G0007) uses Buy domain name (PRE-T1105)"
} ,
{
"meta" : {
"source-uuid" : "7718e92f-b011-4f88-b822-ae245a1de407" ,
"target-uuid" : "c721b235-679a-4d76-9ae9-e08921fccf84"
} ,
"uuid" : "22d4f32c-63c1-400f-8e2c-10e4a200d133" ,
"value" : "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1025)"
} ,
{
"meta" : {
"source-uuid" : "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a" ,
"target-uuid" : "5b6ce031-bb86-407a-9984-2b9700ac4549"
} ,
"uuid" : "ac1dfc58-d5a2-4b6f-9bf4-c6c0d2d3ae80" ,
"value" : "Identify business relationships (PRE-T1060) related-to Identify business relationships (PRE-T1049)"
} ,
{
"meta" : {
"source-uuid" : "5b6ce031-bb86-407a-9984-2b9700ac4549" ,
"target-uuid" : "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a"
} ,
"uuid" : "9524754d-7743-47b3-8395-3cbfb633c020" ,
"value" : "Identify business relationships (PRE-T1049) related-to Identify business relationships (PRE-T1060)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "271e6d40-e191-421a-8f87-a8102452c201"
} ,
"uuid" : "d26a1746-b577-4a89-be5e-c49611e8c65a" ,
"value" : "Cleaver (G0003) uses Develop social network persona digital footprint (PRE-T1119)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "c2ffd229-11bb-4fd8-9208-edbe97b14c93"
} ,
"uuid" : "f43faad4-a016-4da0-8de6-53103d429268" ,
"value" : "Cleaver (G0003) uses Obfuscation or cryptography (PRE-T1090)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "20a66013-8dab-4ca3-a67d-766c842c561c"
} ,
"uuid" : "0e7905fd-77c8-43cb-b499-7d6e37fefbeb" ,
"value" : "APT1 (G0006) uses Dynamic DNS (PRE-T1088)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "b79a1960-d0be-4b51-bb62-b27e91e1dea0"
} ,
"uuid" : "3f8694fa-8e16-465b-8357-ec0a85316e9c" ,
"value" : "Cleaver (G0003) uses Conduct social engineering or HUMINT operation (PRE-T1153)"
} ,
{
"meta" : {
"source-uuid" : "090242d7-73fc-4738-af68-20162f7a5aae" ,
"target-uuid" : "72c8d526-1247-42d4-919c-6d7a31ca8f39"
} ,
"uuid" : "9c87b627-de61-42da-a658-7bdb33358754" ,
"value" : "APT17 (G0025) uses Obfuscate infrastructure (PRE-T1108)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "fddd81e9-dd3d-477e-9773-4fb8ae227234"
} ,
"uuid" : "6d809b32-a5db-4e1e-bea6-ef29a2c680e5" ,
"value" : "APT28 (G0007) uses Create custom payloads (PRE-T1122)"
} ,
{
"meta" : {
"source-uuid" : "20a66013-8dab-4ca3-a67d-766c842c561c" ,
"target-uuid" : "54eb2bab-125f-4d1c-b999-0c692860bafe"
} ,
"uuid" : "f24a6bf4-c60f-4fa6-8f6a-f2806ae92cdd" ,
"value" : "Dynamic DNS (PRE-T1088) related-to Dynamic DNS (PRE-T1110)"
} ,
{
"meta" : {
"source-uuid" : "54eb2bab-125f-4d1c-b999-0c692860bafe" ,
"target-uuid" : "20a66013-8dab-4ca3-a67d-766c842c561c"
} ,
"uuid" : "94daf955-fb3e-4f13-af60-0e3ffa185be0" ,
"value" : "Dynamic DNS (PRE-T1110) related-to Dynamic DNS (PRE-T1088)"
} ,
{
"meta" : {
"source-uuid" : "090242d7-73fc-4738-af68-20162f7a5aae" ,
"target-uuid" : "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
} ,
"uuid" : "545cd36e-572e-413d-82b9-db65788791f9" ,
"value" : "APT17 (G0025) uses Build social network persona (PRE-T1118)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "e51398e6-53dc-4e9f-a323-e54683d8672b"
} ,
"uuid" : "8a2c46d3-92f2-4ff7-a912-8d47189a7d79" ,
"value" : "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
} ,
{
"meta" : {
"source-uuid" : "784ff1bc-1483-41fe-a172-4cd9ae25c06b" ,
"target-uuid" : "028ad431-84c5-4eb7-a364-2b797c234f88"
} ,
"uuid" : "60b6c9a6-7705-4c72-93bb-67de0caf11f4" ,
"value" : "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1054)"
} ,
{
"meta" : {
"source-uuid" : "7860e21e-7514-4a3f-8a9d-56405ccfdb0c" ,
"target-uuid" : "78e41091-d10d-4001-b202-89612892b6ff"
} ,
"uuid" : "9c44b2ec-70b0-4f5c-800e-426477330658" ,
"value" : "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1023)"
} ,
{
"meta" : {
"source-uuid" : "e51398e6-53dc-4e9f-a323-e54683d8672b" ,
"target-uuid" : "4900fabf-1142-4c1f-92f5-0b590e049077"
} ,
"uuid" : "bc165934-7ef6-4aed-a0d7-81d3372589f4" ,
"value" : "Compromise 3rd party infrastructure to support delivery (PRE-T1111) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1089)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "288b3cc3-f4da-4250-ab8c-d8b5dbed94ca"
} ,
"uuid" : "643d984b-0c82-4e14-8ba9-1b8dec0c91e2" ,
"value" : "APT28 (G0007) uses Identify web defensive services (PRE-T1033)"
} ,
{
"meta" : {
"source-uuid" : "7baccb84-356c-4e89-8c5d-58e701f033fc" ,
"target-uuid" : "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
} ,
"uuid" : "715a66b4-7925-40b4-868a-e47aba879f8b" ,
"value" : "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)"
} ,
{
"meta" : {
"source-uuid" : "2b9a666e-bd59-4f67-9031-ed41b428e04a" ,
"target-uuid" : "028ad431-84c5-4eb7-a364-2b797c234f88"
} ,
"uuid" : "28bf7e8b-9948-40a8-945b-6b5f2c78ec53" ,
"value" : "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1054)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
} ,
"uuid" : "2b0ec032-eaca-4f0c-be55-39471f0f2bf5" ,
"value" : "APT1 (G0006) uses Obtain/re-use payloads (PRE-T1123)"
} ,
{
"meta" : {
"source-uuid" : "784ff1bc-1483-41fe-a172-4cd9ae25c06b" ,
"target-uuid" : "2b9a666e-bd59-4f67-9031-ed41b428e04a"
} ,
"uuid" : "1143e6a6-deef-4dbd-8c91-7bf537d8f5ce" ,
"value" : "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1043)"
} ,
{
"meta" : {
"source-uuid" : "78e41091-d10d-4001-b202-89612892b6ff" ,
"target-uuid" : "59369f72-3005-4e54-9095-3d00efcece73"
} ,
"uuid" : "a29f2adc-c328-4cf3-9984-2c0c72ec7061" ,
"value" : "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1042)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "abd5bed1-4c12-45de-a623-ab8dc4ff862a"
} ,
"uuid" : "eab3be4e-4130-4898-a7b6-d9e9eb34f2bd" ,
"value" : "APT28 (G0007) uses Research relevant vulnerabilities/CVEs (PRE-T1068)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "1a295f87-af63-4d94-b130-039d6221fb11"
} ,
"uuid" : "39db1df8-f786-480c-9faf-5b870de2250b" ,
"value" : "APT1 (G0006) uses Acquire and/or use 3rd party software services (PRE-T1085)"
} ,
{
"meta" : {
"source-uuid" : "028ad431-84c5-4eb7-a364-2b797c234f88" ,
"target-uuid" : "2b9a666e-bd59-4f67-9031-ed41b428e04a"
} ,
"uuid" : "6ba71250-1dc7-4b8d-88e7-698440ea18a0" ,
"value" : "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1043)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "e24a9f99-cb76-42a3-a50b-464668773e97"
} ,
"uuid" : "6238613d-8683-420d-baf7-6050aa27eb9d" ,
"value" : "APT28 (G0007) uses Spear phishing messages with malicious attachments (PRE-T1144)"
} ,
{
"meta" : {
"source-uuid" : "286cc500-4291-45c2-99a1-e760db176402" ,
"target-uuid" : "795c1a92-3a26-453e-b99a-6a566aa94dc6"
} ,
"uuid" : "5dc0b076-5f25-4bda-83c7-1d8bd214b81a" ,
"value" : "Acquire and/or use 3rd party infrastructure services (PRE-T1084) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1106)"
} ,
{
"meta" : {
"source-uuid" : "7860e21e-7514-4a3f-8a9d-56405ccfdb0c" ,
"target-uuid" : "59369f72-3005-4e54-9095-3d00efcece73"
} ,
"uuid" : "7aaa32b6-73f3-4b6e-98ae-da16976e6003" ,
"value" : "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1042)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "4900fabf-1142-4c1f-92f5-0b590e049077"
} ,
"uuid" : "cc22ab71-f2fc-4885-832b-e75dadeefa2d" ,
"value" : "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1089)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
} ,
"uuid" : "60e79ac2-3dc1-4005-a1f8-260d58117dab" ,
"value" : "APT28 (G0007) uses Acquire OSINT data sets and information (PRE-T1024)"
} ,
{
"meta" : {
"source-uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"target-uuid" : "9a8c47f6-ae69-4044-917d-4b1602af64d9"
} ,
"uuid" : "7da16587-3861-4404-9043-0076e4766ac4" ,
"value" : "APT12 (G0005) uses Choose pre-compromised persona and affiliated accounts (PRE-T1120)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "6cfc9229-9928-414e-bfaf-f63e815b4c84" ,
"value" : "APT28 (G0007) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "dfa4eaf4-50d9-49de-89e9-d33f579f3e05" ,
"target-uuid" : "856a9371-4f0f-4ea9-946e-f3144204240f"
} ,
"uuid" : "a7f177e4-7e7f-4883-af3d-c95db9ea7a53" ,
"value" : "Determine 3rd party infrastructure services (PRE-T1061) related-to Determine 3rd party infrastructure services (PRE-T1037)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
} ,
"uuid" : "515e7665-040c-44ac-a379-44d4399d6e2b" ,
"value" : "Cleaver (G0003) uses Obtain/re-use payloads (PRE-T1123)"
} ,
{
"meta" : {
"source-uuid" : "96eb59d1-6c46-44bb-bfcd-56be02a00d41" ,
"target-uuid" : "7baccb84-356c-4e89-8c5d-58e701f033fc"
} ,
"uuid" : "b180dee5-0d48-448f-94b9-4997f0c584d5" ,
"value" : "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)"
} ,
{
"meta" : {
"source-uuid" : "4900fabf-1142-4c1f-92f5-0b590e049077" ,
"target-uuid" : "e51398e6-53dc-4e9f-a323-e54683d8672b"
} ,
"uuid" : "28815a00-1cf4-4fbc-9039-306a9542c7fd" ,
"value" : "Compromise 3rd party infrastructure to support delivery (PRE-T1089) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
} ,
{
"meta" : {
"source-uuid" : "c721b235-679a-4d76-9ae9-e08921fccf84" ,
"target-uuid" : "0722cd65-0c83-4c89-9502-539198467ab1"
} ,
"uuid" : "8bcaccd1-403b-40f1-82d3-ac4d873263f8" ,
"value" : "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1044)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "ef0f816a-d561-4953-84c6-2a2936c96957"
} ,
"uuid" : "5aab758c-79d2-4219-9053-f50791d98531" ,
"value" : "APT28 (G0007) uses Discover target logon/email address format (PRE-T1032)"
} ,
{
"meta" : {
"source-uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"target-uuid" : "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
} ,
"uuid" : "b55534ba-37ce-47f2-a961-edeaeedcb399" ,
"value" : "APT12 (G0005) uses Obfuscate infrastructure (PRE-T1086)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
} ,
"uuid" : "709bb5af-c484-48f2-bb19-bd7630e42e2d" ,
"value" : "APT28 (G0007) uses Obtain/re-use payloads (PRE-T1123)"
} ,
{
"meta" : {
"source-uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "4e06cf53-00b1-46a6-a6b6-8e33e761b83f" ,
"value" : "APT12 (G0005) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "090242d7-73fc-4738-af68-20162f7a5aae" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "89754a0d-03b1-44e3-94c5-7a892d171a28" ,
"value" : "APT17 (G0025) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "af358cad-eb71-4e91-a752-236edc237dae" ,
"target-uuid" : "a757670d-d600-48d9-8ae9-601d42c184a5"
} ,
"uuid" : "984d13eb-ba9c-4e7c-8675-85dde9877a81" ,
"value" : "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1056)"
} ,
{
"meta" : {
"source-uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"target-uuid" : "d3999268-740f-467e-a075-c82e2d04be62"
} ,
"uuid" : "2daad934-bf08-4a2f-b656-4f7d197eb8fa" ,
"value" : "APT28 (G0007) uses Assess leadership areas of interest (PRE-T1001)"
} ,
{
"meta" : {
"source-uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"target-uuid" : "e24a9f99-cb76-42a3-a50b-464668773e97"
} ,
"uuid" : "1895866a-4689-4527-8460-95e9cd7dd037" ,
"value" : "APT12 (G0005) uses Spear phishing messages with malicious attachments (PRE-T1144)"
} ,
{
"meta" : {
"source-uuid" : "a757670d-d600-48d9-8ae9-601d42c184a5" ,
"target-uuid" : "74a3288e-eee9-4f8e-973a-fbc128e033f1"
} ,
"uuid" : "51c20b46-16cc-4b58-80d7-89d48b14b064" ,
"value" : "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1026)"
} ,
{
"meta" : {
"source-uuid" : "03f4a766-7a21-4b5e-9ccf-e0cf422ab983" ,
"target-uuid" : "e5164428-03ca-4336-a9a7-4d9ea1417e59"
} ,
"uuid" : "fe31fa7c-be01-47ca-90bb-0fb49b49eb03" ,
"value" : "Acquire or compromise 3rd party signing certificates (PRE-T1109) related-to Acquire or compromise 3rd party signing certificates (PRE-T1087)"
} ,
{
"meta" : {
"source-uuid" : "59369f72-3005-4e54-9095-3d00efcece73" ,
"target-uuid" : "78e41091-d10d-4001-b202-89612892b6ff"
} ,
"uuid" : "432c700b-4bf3-4824-a530-a6e86882c4b7" ,
"value" : "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1023)"
} ,
{
"meta" : {
"source-uuid" : "7718e92f-b011-4f88-b822-ae245a1de407" ,
"target-uuid" : "0722cd65-0c83-4c89-9502-539198467ab1"
} ,
"uuid" : "ef32147c-d309-4867-aaba-998088290e32" ,
"value" : "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1044)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "e51398e6-53dc-4e9f-a323-e54683d8672b"
} ,
"uuid" : "f8559304-7ef6-4c48-8d76-a56ebf37c0be" ,
"value" : "APT16 (G0023) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "2141aea0-cf38-49aa-9e51-ac34092bc30a"
} ,
"uuid" : "3d3eb711-5054-4b32-8006-15ba67d3bb25" ,
"value" : "APT1 (G0006) uses Procure required equipment and software (PRE-T1112)"
} ,
{
"meta" : {
"source-uuid" : "0722cd65-0c83-4c89-9502-539198467ab1" ,
"target-uuid" : "7718e92f-b011-4f88-b822-ae245a1de407"
} ,
"uuid" : "689ebb39-52f4-4b2f-8678-72cfed67cb9f" ,
"value" : "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1055)"
} ,
{
"meta" : {
"source-uuid" : "96eb59d1-6c46-44bb-bfcd-56be02a00d41" ,
"target-uuid" : "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
} ,
"uuid" : "36990d75-9fbd-43f0-9966-ae58f0388e1d" ,
"value" : "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)"
} ,
{
"meta" : {
"source-uuid" : "795c1a92-3a26-453e-b99a-6a566aa94dc6" ,
"target-uuid" : "286cc500-4291-45c2-99a1-e760db176402"
} ,
"uuid" : "9a1f729c-72a9-4735-9d48-ecb54ea018a9" ,
"value" : "Acquire and/or use 3rd party infrastructure services (PRE-T1106) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1084)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "eb517589-eefc-480e-b8e3-7a8b1066f6f1"
} ,
"uuid" : "7c68bb22-457e-4942-9e07-36f6cd5ac5ba" ,
"value" : "APT1 (G0006) uses Targeted social media phishing (PRE-T1143)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "0440f60f-9056-4791-a740-8eae96eb61fa"
} ,
"uuid" : "75c781d7-f9ef-42c8-b610-0dc1ecb3b350" ,
"value" : "Cleaver (G0003) uses Authorized user performs requested cyber action (PRE-T1163)"
} ,
{
"meta" : {
"source-uuid" : "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc" ,
"target-uuid" : "7baccb84-356c-4e89-8c5d-58e701f033fc"
} ,
"uuid" : "d5bd7a33-a249-46e5-bb19-a498eba42bdb" ,
"value" : "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "15d5eaa4-597a-47fd-a692-f2bed434d904"
} ,
"uuid" : "8a2549fa-9e7c-4d47-9678-8ed0bb8fa3aa" ,
"value" : "APT1 (G0006) uses Derive intelligence requirements (PRE-T1007)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "0440f60f-9056-4791-a740-8eae96eb61fa"
} ,
"uuid" : "0f97c2ae-2b89-4dd5-a270-42b1dcb5d403" ,
"value" : "APT1 (G0006) uses Authorized user performs requested cyber action (PRE-T1163)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "e24a9f99-cb76-42a3-a50b-464668773e97"
} ,
"uuid" : "c90a4d6a-af21-4103-ba57-3ddeb6e973e7" ,
"value" : "APT16 (G0023) uses Spear phishing messages with malicious attachments (PRE-T1144)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "c860af4a-376e-46d7-afbf-262c41012227"
} ,
"uuid" : "eca0f05c-5025-4149-9826-3715cc243180" ,
"value" : "Cleaver (G0003) uses Determine operational element (PRE-T1019)"
} ,
{
"meta" : {
"source-uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"target-uuid" : "d778cb83-2292-4995-b006-d38f52bc1e64"
} ,
"uuid" : "683d4e44-f763-492c-b510-fa469a923798" ,
"value" : "APT12 (G0005) uses Identify gap areas (PRE-T1002)"
} ,
{
"meta" : {
"source-uuid" : "72c8d526-1247-42d4-919c-6d7a31ca8f39" ,
"target-uuid" : "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
} ,
"uuid" : "db4dfa09-7f19-437a-9d79-15f2dc8ba0da" ,
"value" : "Obfuscate infrastructure (PRE-T1108) related-to Obfuscate infrastructure (PRE-T1086)"
} ,
{
"meta" : {
"source-uuid" : "0722cd65-0c83-4c89-9502-539198467ab1" ,
"target-uuid" : "c721b235-679a-4d76-9ae9-e08921fccf84"
} ,
"uuid" : "bbb1c074-a93a-4e40-b11e-2151403f7f1d" ,
"value" : "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1025)"
} ,
{
"meta" : {
"source-uuid" : "028ad431-84c5-4eb7-a364-2b797c234f88" ,
"target-uuid" : "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
} ,
"uuid" : "0e52753e-0a02-4bec-88f9-f8ee21b46bae" ,
"value" : "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1024)"
} ,
{
"meta" : {
"source-uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "3c7c0851-1cf8-458f-862d-4e4827f8f474" ,
"value" : "Cleaver (G0003) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "e5164428-03ca-4336-a9a7-4d9ea1417e59" ,
"target-uuid" : "03f4a766-7a21-4b5e-9ccf-e0cf422ab983"
} ,
"uuid" : "c388ed7c-3820-41a3-98af-a48dd7e4d88b" ,
"value" : "Acquire or compromise 3rd party signing certificates (PRE-T1087) related-to Acquire or compromise 3rd party signing certificates (PRE-T1109)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
} ,
"uuid" : "34ba5998-4e43-4669-9701-1877aa267354" ,
"value" : "APT1 (G0006) uses Build social network persona (PRE-T1118)"
} ,
{
"meta" : {
"source-uuid" : "74a3288e-eee9-4f8e-973a-fbc128e033f1" ,
"target-uuid" : "af358cad-eb71-4e91-a752-236edc237dae"
} ,
"uuid" : "f8504a07-758c-4c51-ac94-c2e7ba652e29" ,
"value" : "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1045)"
} ,
{
"meta" : {
"source-uuid" : "78e41091-d10d-4001-b202-89612892b6ff" ,
"target-uuid" : "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
} ,
"uuid" : "9ad9966d-4a8d-4b15-b503-c5d27104fcdd" ,
"value" : "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1053)"
} ,
{
"meta" : {
"source-uuid" : "856a9371-4f0f-4ea9-946e-f3144204240f" ,
"target-uuid" : "dfa4eaf4-50d9-49de-89e9-d33f579f3e05"
} ,
"uuid" : "e4501560-7850-4467-8422-2cf336429e8a" ,
"value" : "Determine 3rd party infrastructure services (PRE-T1037) related-to Determine 3rd party infrastructure services (PRE-T1061)"
} ,
{
"meta" : {
"source-uuid" : "74a3288e-eee9-4f8e-973a-fbc128e033f1" ,
"target-uuid" : "a757670d-d600-48d9-8ae9-601d42c184a5"
} ,
"uuid" : "66e4da4a-6eb6-46e0-9baf-74059f341b4a" ,
"value" : "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1056)"
} ,
{
"meta" : {
"source-uuid" : "e6ca2820-a564-4b74-b42a-b6bdf052e5b6" ,
"target-uuid" : "72c8d526-1247-42d4-919c-6d7a31ca8f39"
} ,
"uuid" : "41be9f31-9d2b-44b8-a7dc-31f8c4519751" ,
"value" : "Obfuscate infrastructure (PRE-T1086) related-to Obfuscate infrastructure (PRE-T1108)"
} ,
{
"meta" : {
"source-uuid" : "2b9a666e-bd59-4f67-9031-ed41b428e04a" ,
"target-uuid" : "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
} ,
"uuid" : "be031f72-737b-4afd-b2c1-c565f5ab7369" ,
"value" : "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1024)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
} ,
"uuid" : "90d7f0f0-6e41-431a-a024-9375cbc18d2b" ,
"value" : "APT1 (G0006) uses Post compromise tool development (PRE-T1130)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "e60a165e-cfad-43e5-ba83-ea2430a377c5" ,
"value" : "APT16 (G0023) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "a071fc8f-6323-420b-9812-b51f12fc7956" ,
"value" : "Night Dragon (G0014) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "ec739e26-d097-4804-b04a-54dd81ff11e0"
} ,
"uuid" : "970531a2-4927-41a3-b2cd-09d445322f51" ,
"value" : "APT1 (G0006) uses Create strategic plan (PRE-T1008)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "4aeafdb3-eb0b-4e8e-b93f-95cd499088b4"
} ,
"uuid" : "c2571ca8-98c4-490d-b8f8-f3678b0ce74d" ,
"value" : "Night Dragon (G0014) uses Compromise of externally facing system (PRE-T1165)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "489a7797-01c3-4706-8cd1-ec56a9db3adc"
} ,
"uuid" : "e78023e7-98de-4973-9331-843bfa28c9f7" ,
"value" : "APT1 (G0006) uses Spear phishing messages with malicious links (PRE-T1146)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "357e137c-7589-4af1-895c-3fbad35ea4d2"
} ,
"uuid" : "f76d74b6-c797-487c-8388-536367d1b922" ,
"value" : "APT1 (G0006) uses Obfuscate or encrypt code (PRE-T1096)"
} ,
{
"meta" : {
"source-uuid" : "103d72e6-7e0d-4b3a-9373-c38567305c33" ,
"target-uuid" : "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d"
} ,
"uuid" : "87239038-7693-49b3-b595-b828cc2be1ba" ,
"value" : "Friend/Follow/Connect to targets of interest (PRE-T1121) related-to Friend/Follow/Connect to targets of interest (PRE-T1141)"
} ,
{
"meta" : {
"source-uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"target-uuid" : "1a295f87-af63-4d94-b130-039d6221fb11"
} ,
"uuid" : "c6e43693-2a6d-4ba8-8fa7-ec1ab5239528" ,
"value" : "Night Dragon (G0014) uses Acquire and/or use 3rd party software services (PRE-T1085)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "91a3735f-817a-4450-8ed4-f05a0f5c3877"
} ,
"uuid" : "5ed44a06-bcb4-4293-8bf4-aaebefddc09c" ,
"value" : "APT1 (G0006) uses Determine strategic target (PRE-T1018)"
} ,
{
"meta" : {
"source-uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"target-uuid" : "aadaee0d-794c-4642-8293-7ec22a99fb1a"
} ,
"uuid" : "db10491f-a854-4404-9271-600349484bc3" ,
"value" : "APT1 (G0006) uses Domain registration hijacking (PRE-T1103)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "5b6ce031-bb86-407a-9984-2b9700ac4549"
} ,
"uuid" : "4eb0e01c-85ae-466a-a8ff-0cf7891c5ab2" ,
"value" : "APT16 (G0023) uses Identify business relationships (PRE-T1049)"
} ,
{
"meta" : {
"source-uuid" : "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc" ,
"target-uuid" : "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
} ,
"uuid" : "7bd3d2ba-f114-4835-97b6-1c3e2208d3f3" ,
"value" : "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)"
} ,
{
"meta" : {
"source-uuid" : "488da8ed-2887-4ef6-a39a-5b69bc6682c6" ,
"target-uuid" : "1a295f87-af63-4d94-b130-039d6221fb11"
} ,
"uuid" : "2bf984b5-1a48-4d9a-a4f2-e97801254b84" ,
"value" : "Acquire and/or use 3rd party software services (PRE-T1107) related-to Acquire and/or use 3rd party software services (PRE-T1085)"
} ,
{
"meta" : {
"source-uuid" : "59369f72-3005-4e54-9095-3d00efcece73" ,
"target-uuid" : "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
} ,
"uuid" : "c124f0ba-f4bc-430a-b40c-eebe0577f812" ,
"value" : "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1053)"
} ,
{
"meta" : {
"source-uuid" : "1a295f87-af63-4d94-b130-039d6221fb11" ,
"target-uuid" : "488da8ed-2887-4ef6-a39a-5b69bc6682c6"
} ,
"uuid" : "3d781e9a-d3f8-4e9f-bb23-ba6c2ff22267" ,
"value" : "Acquire and/or use 3rd party software services (PRE-T1085) related-to Acquire and/or use 3rd party software services (PRE-T1107)"
} ,
{
"meta" : {
"source-uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"target-uuid" : "ef0f816a-d561-4953-84c6-2a2936c96957"
} ,
"uuid" : "597be8e7-58a4-4aff-a803-48a7a08164a2" ,
"value" : "APT16 (G0023) uses Discover target logon/email address format (PRE-T1032)"
} ,
{
"meta" : {
"source-uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"target-uuid" : "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
} ,
"uuid" : "7a254f4d-c7cf-4b98-94e9-3937785b7d68" ,
"value" : "APT12 (G0005) uses Post compromise tool development (PRE-T1130)"
} ,
{
"meta" : {
"source-uuid" : "a757670d-d600-48d9-8ae9-601d42c184a5" ,
"target-uuid" : "af358cad-eb71-4e91-a752-236edc237dae"
} ,
"uuid" : "46f1e7d4-4d73-4e33-b88b-b3bcde5d81fb" ,
"value" : "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1045)"
}
] ,
"authors" : [
"MITRE"
] ,
"type" : "mitre-pre-attack-relationship" ,
"name" : "Pre Attack - Relationship"
}