misp-galaxy/clusters/mitre-pre-attack-relationsh...

926 lines
33 KiB
JSON
Raw Normal View History

2018-02-21 16:28:11 +01:00
{
2018-02-23 08:38:32 +01:00
"name": "Pre Attack - Relationship",
"type": "mitre-pre-attack-relationship",
"description": "MITRE Relationship",
"version": 1,
"source": "https://github.com/mitre/cti",
"uuid": "1ffd3108-1708-11e8-9f98-67b378d9094c",
"authors": [
"MITRE"
],
"values": [
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "58d0b955-ae3d-424a-a537-2804dab38793"
},
"uuid": "1eed277b-a2a7-43f9-bf12-6e30abf0841a",
"value": "APT28 uses Unconditional client-side exploitation/Injected Website/Driveby"
},
{
"meta": {
"source-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
"target-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33"
},
"uuid": "4a69750c-47d5-40f5-b753-c6bb2a27a359",
"value": "Friend/Follow/Connect to targets of interest related-to Friend/Follow/Connect to targets of interest"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "15ef4da5-3b93-4bb1-a39a-5396661956d3"
},
"uuid": "2b6a71e4-e5d5-41d2-a193-9a95c94dc924",
"value": "APT1 uses Build and configure delivery systems"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "57723021-1eb3-4bf2-86eb-fdbf8a1b8125",
"value": "Night Dragon uses Spear phishing messages with malicious attachments"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92"
},
"uuid": "a34c16e9-bc7e-45f5-a9a2-8b05d868e6a0",
"value": "Night Dragon uses Remote access tool development"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "d69c3e06-8311-4093-8e3e-0a8e06b15d92"
},
"uuid": "307e24f8-4d7c-49a8-88f6-fb0a99fe8ff4",
"value": "APT16 uses Assess targeting options"
},
{
"meta": {
"source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
},
"uuid": "2dbdcf5e-af75-4f92-b4ad-942a06aab259",
"value": "Analyze organizational skillsets and deficiencies related-to Analyze organizational skillsets and deficiencies"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "f4c5d1d9-8f0e-46f1-a9fa-f9a440926046"
},
"uuid": "9af7194c-1eea-4aef-bab1-49bd29be069c",
"value": "APT1 uses Confirmation of launched compromise achieved"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "89a79d91-53e0-4ef5-ba28-558cb8b01f76"
},
"uuid": "f6dd74d9-ed02-4fe4-aff6-9ef25906592f",
"value": "Night Dragon uses Identify groups/roles"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "271e6d40-e191-421a-8f87-a8102452c201"
},
"uuid": "614f64d8-c221-4789-b1e1-787e9326a37b",
"value": "APT17 uses Develop social network persona digital footprint"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "84943231-1b44-4029-ae09-0dbf05440bef",
"value": "APT1 uses Spear phishing messages with malicious attachments"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "d3999268-740f-467e-a075-c82e2d04be62"
},
"uuid": "51d03816-347c-4716-9524-da99a58f5ea6",
"value": "APT1 uses Assess leadership areas of interest"
},
{
"meta": {
"source-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1"
},
"uuid": "ad510f42-e745-42d0-8b54-4bf7a2f3cf34",
"value": "Conduct social engineering related-to Conduct social engineering"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
},
"uuid": "ab356c7a-6922-4143-90eb-5be632e2f6cd",
"value": "Cleaver uses Build social network persona"
},
{
"meta": {
"source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407"
},
"uuid": "ab313887-ff00-4aa9-8edb-ab107c517c19",
"value": "Identify job postings and needs/gaps related-to Identify job postings and needs/gaps"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "edb31962-2310-4618-bd4f-d34f8e7d58e8",
"value": "APT16 uses Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "286cc500-4291-45c2-99a1-e760db176402"
},
"uuid": "0adf353d-688b-46ce-88bb-62a008675fe0",
"value": "Night Dragon uses Acquire and/or use 3rd party infrastructure services"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64"
},
"uuid": "e95ea206-3962-43af-aac1-042ac9928679",
"value": "Night Dragon uses Identify gap areas"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234"
},
"uuid": "b09b41c4-670f-4f00-b8d5-a8c6a2dcfcfb",
"value": "Cleaver uses Create custom payloads"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "c860af4a-376e-46d7-afbf-262c41012227"
},
"uuid": "26bf68a4-af3c-4d39-bad3-5f0ce824f4a3",
"value": "APT28 uses Determine operational element"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "45242287-2964-4a3e-9373-159fad4d8195"
},
"uuid": "3d65fc7e-87a5-4113-bd9c-09453fba4d1e",
"value": "APT28 uses Buy domain name"
},
{
"meta": {
"source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84"
},
"uuid": "22d4f32c-63c1-400f-8e2c-10e4a200d133",
"value": "Identify job postings and needs/gaps related-to Identify job postings and needs/gaps"
},
{
"meta": {
"source-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
"target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549"
},
"uuid": "ac1dfc58-d5a2-4b6f-9bf4-c6c0d2d3ae80",
"value": "Identify business relationships related-to Identify business relationships"
},
{
"meta": {
"source-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
"target-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a"
},
"uuid": "9524754d-7743-47b3-8395-3cbfb633c020",
"value": "Identify business relationships related-to Identify business relationships"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "271e6d40-e191-421a-8f87-a8102452c201"
},
"uuid": "d26a1746-b577-4a89-be5e-c49611e8c65a",
"value": "Cleaver uses Develop social network persona digital footprint"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93"
},
"uuid": "f43faad4-a016-4da0-8de6-53103d429268",
"value": "Cleaver uses Obfuscation or cryptography"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c"
},
"uuid": "0e7905fd-77c8-43cb-b499-7d6e37fefbeb",
"value": "APT1 uses Dynamic DNS"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "b79a1960-d0be-4b51-bb62-b27e91e1dea0"
},
"uuid": "3f8694fa-8e16-465b-8357-ec0a85316e9c",
"value": "Cleaver uses Conduct social engineering or HUMINT operation"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39"
},
"uuid": "9c87b627-de61-42da-a658-7bdb33358754",
"value": "APT17 uses Obfuscate infrastructure"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234"
},
"uuid": "6d809b32-a5db-4e1e-bea6-ef29a2c680e5",
"value": "APT28 uses Create custom payloads"
},
{
"meta": {
"source-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
"target-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe"
},
"uuid": "f24a6bf4-c60f-4fa6-8f6a-f2806ae92cdd",
"value": "Dynamic DNS related-to Dynamic DNS"
},
{
"meta": {
"source-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
"target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c"
},
"uuid": "94daf955-fb3e-4f13-af60-0e3ffa185be0",
"value": "Dynamic DNS related-to Dynamic DNS"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
},
"uuid": "545cd36e-572e-413d-82b9-db65788791f9",
"value": "APT17 uses Build social network persona"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
},
"uuid": "8a2c46d3-92f2-4ff7-a912-8d47189a7d79",
"value": "APT1 uses Compromise 3rd party infrastructure to support delivery"
},
{
"meta": {
"source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88"
},
"uuid": "60b6c9a6-7705-4c72-93bb-67de0caf11f4",
"value": "Acquire OSINT data sets and information related-to Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"target-uuid": "78e41091-d10d-4001-b202-89612892b6ff"
},
"uuid": "9c44b2ec-70b0-4f5c-800e-426477330658",
"value": "Identify supply chains related-to Identify supply chains"
},
{
"meta": {
"source-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
"target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077"
},
"uuid": "bc165934-7ef6-4aed-a0d7-81d3372589f4",
"value": "Compromise 3rd party infrastructure to support delivery related-to Compromise 3rd party infrastructure to support delivery"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "288b3cc3-f4da-4250-ab8c-d8b5dbed94ca"
},
"uuid": "643d984b-0c82-4e14-8ba9-1b8dec0c91e2",
"value": "APT28 uses Identify web defensive services"
},
{
"meta": {
"source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
},
"uuid": "715a66b4-7925-40b4-868a-e47aba879f8b",
"value": "Analyze organizational skillsets and deficiencies related-to Analyze organizational skillsets and deficiencies"
},
{
"meta": {
"source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88"
},
"uuid": "28bf7e8b-9948-40a8-945b-6b5f2c78ec53",
"value": "Acquire OSINT data sets and information related-to Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
},
"uuid": "2b0ec032-eaca-4f0c-be55-39471f0f2bf5",
"value": "APT1 uses Obtain/re-use payloads"
},
{
"meta": {
"source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a"
},
"uuid": "1143e6a6-deef-4dbd-8c91-7bf537d8f5ce",
"value": "Acquire OSINT data sets and information related-to Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"target-uuid": "59369f72-3005-4e54-9095-3d00efcece73"
},
"uuid": "a29f2adc-c328-4cf3-9984-2c0c72ec7061",
"value": "Identify supply chains related-to Identify supply chains"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "abd5bed1-4c12-45de-a623-ab8dc4ff862a"
},
"uuid": "eab3be4e-4130-4898-a7b6-d9e9eb34f2bd",
"value": "APT28 uses Research relevant vulnerabilities/CVEs"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
},
"uuid": "39db1df8-f786-480c-9faf-5b870de2250b",
"value": "APT1 uses Acquire and/or use 3rd party software services"
},
{
"meta": {
"source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a"
},
"uuid": "6ba71250-1dc7-4b8d-88e7-698440ea18a0",
"value": "Acquire OSINT data sets and information related-to Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "6238613d-8683-420d-baf7-6050aa27eb9d",
"value": "APT28 uses Spear phishing messages with malicious attachments"
},
{
"meta": {
"source-uuid": "286cc500-4291-45c2-99a1-e760db176402",
"target-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6"
},
"uuid": "5dc0b076-5f25-4bda-83c7-1d8bd214b81a",
"value": "Acquire and/or use 3rd party infrastructure services related-to Acquire and/or use 3rd party infrastructure services"
},
{
"meta": {
"source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"target-uuid": "59369f72-3005-4e54-9095-3d00efcece73"
},
"uuid": "7aaa32b6-73f3-4b6e-98ae-da16976e6003",
"value": "Identify supply chains related-to Identify supply chains"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077"
},
"uuid": "cc22ab71-f2fc-4885-832b-e75dadeefa2d",
"value": "APT1 uses Compromise 3rd party infrastructure to support delivery"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "60e79ac2-3dc1-4005-a1f8-260d58117dab",
"value": "APT28 uses Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "9a8c47f6-ae69-4044-917d-4b1602af64d9"
},
"uuid": "7da16587-3861-4404-9043-0076e4766ac4",
"value": "APT12 uses Choose pre-compromised persona and affiliated accounts"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "6cfc9229-9928-414e-bfaf-f63e815b4c84",
"value": "APT28 uses Determine strategic target"
},
{
"meta": {
"source-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
"target-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f"
},
"uuid": "a7f177e4-7e7f-4883-af3d-c95db9ea7a53",
"value": "Determine 3rd party infrastructure services related-to Determine 3rd party infrastructure services"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
},
"uuid": "515e7665-040c-44ac-a379-44d4399d6e2b",
"value": "Cleaver uses Obtain/re-use payloads"
},
{
"meta": {
"source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc"
},
"uuid": "b180dee5-0d48-448f-94b9-4997f0c584d5",
"value": "Analyze organizational skillsets and deficiencies related-to Analyze organizational skillsets and deficiencies"
},
{
"meta": {
"source-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
},
"uuid": "28815a00-1cf4-4fbc-9039-306a9542c7fd",
"value": "Compromise 3rd party infrastructure to support delivery related-to Compromise 3rd party infrastructure to support delivery"
},
{
"meta": {
"source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1"
},
"uuid": "8bcaccd1-403b-40f1-82d3-ac4d873263f8",
"value": "Identify job postings and needs/gaps related-to Identify job postings and needs/gaps"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957"
},
"uuid": "5aab758c-79d2-4219-9053-f50791d98531",
"value": "APT28 uses Discover target logon/email address format"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
},
"uuid": "b55534ba-37ce-47f2-a961-edeaeedcb399",
"value": "APT12 uses Obfuscate infrastructure"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
},
"uuid": "709bb5af-c484-48f2-bb19-bd7630e42e2d",
"value": "APT28 uses Obtain/re-use payloads"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "4e06cf53-00b1-46a6-a6b6-8e33e761b83f",
"value": "APT12 uses Determine strategic target"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "89754a0d-03b1-44e3-94c5-7a892d171a28",
"value": "APT17 uses Determine strategic target"
},
{
"meta": {
"source-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5"
},
"uuid": "984d13eb-ba9c-4e7c-8675-85dde9877a81",
"value": "Conduct social engineering related-to Conduct social engineering"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "d3999268-740f-467e-a075-c82e2d04be62"
},
"uuid": "2daad934-bf08-4a2f-b656-4f7d197eb8fa",
"value": "APT28 uses Assess leadership areas of interest"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "1895866a-4689-4527-8460-95e9cd7dd037",
"value": "APT12 uses Spear phishing messages with malicious attachments"
},
{
"meta": {
"source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1"
},
"uuid": "51c20b46-16cc-4b58-80d7-89d48b14b064",
"value": "Conduct social engineering related-to Conduct social engineering"
},
{
"meta": {
"source-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
"target-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59"
},
"uuid": "fe31fa7c-be01-47ca-90bb-0fb49b49eb03",
"value": "Acquire or compromise 3rd party signing certificates related-to Acquire or compromise 3rd party signing certificates"
},
{
"meta": {
"source-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"target-uuid": "78e41091-d10d-4001-b202-89612892b6ff"
},
"uuid": "432c700b-4bf3-4824-a530-a6e86882c4b7",
"value": "Identify supply chains related-to Identify supply chains"
},
{
"meta": {
"source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1"
},
"uuid": "ef32147c-d309-4867-aaba-998088290e32",
"value": "Identify job postings and needs/gaps related-to Identify job postings and needs/gaps"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
},
"uuid": "f8559304-7ef6-4c48-8d76-a56ebf37c0be",
"value": "APT16 uses Compromise 3rd party infrastructure to support delivery"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "2141aea0-cf38-49aa-9e51-ac34092bc30a"
},
"uuid": "3d3eb711-5054-4b32-8006-15ba67d3bb25",
"value": "APT1 uses Procure required equipment and software"
},
{
"meta": {
"source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
"target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407"
},
"uuid": "689ebb39-52f4-4b2f-8678-72cfed67cb9f",
"value": "Identify job postings and needs/gaps related-to Identify job postings and needs/gaps"
},
{
"meta": {
"source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
},
"uuid": "36990d75-9fbd-43f0-9966-ae58f0388e1d",
"value": "Analyze organizational skillsets and deficiencies related-to Analyze organizational skillsets and deficiencies"
},
{
"meta": {
"source-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
"target-uuid": "286cc500-4291-45c2-99a1-e760db176402"
},
"uuid": "9a1f729c-72a9-4735-9d48-ecb54ea018a9",
"value": "Acquire and/or use 3rd party infrastructure services related-to Acquire and/or use 3rd party infrastructure services"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "eb517589-eefc-480e-b8e3-7a8b1066f6f1"
},
"uuid": "7c68bb22-457e-4942-9e07-36f6cd5ac5ba",
"value": "APT1 uses Targeted social media phishing"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa"
},
"uuid": "75c781d7-f9ef-42c8-b610-0dc1ecb3b350",
"value": "Cleaver uses Authorized user performs requested cyber action"
},
{
"meta": {
"source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc"
},
"uuid": "d5bd7a33-a249-46e5-bb19-a498eba42bdb",
"value": "Analyze organizational skillsets and deficiencies related-to Analyze organizational skillsets and deficiencies"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "15d5eaa4-597a-47fd-a692-f2bed434d904"
},
"uuid": "8a2549fa-9e7c-4d47-9678-8ed0bb8fa3aa",
"value": "APT1 uses Derive intelligence requirements"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa"
},
"uuid": "0f97c2ae-2b89-4dd5-a270-42b1dcb5d403",
"value": "APT1 uses Authorized user performs requested cyber action"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "c90a4d6a-af21-4103-ba57-3ddeb6e973e7",
"value": "APT16 uses Spear phishing messages with malicious attachments"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "c860af4a-376e-46d7-afbf-262c41012227"
},
"uuid": "eca0f05c-5025-4149-9826-3715cc243180",
"value": "Cleaver uses Determine operational element"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64"
},
"uuid": "683d4e44-f763-492c-b510-fa469a923798",
"value": "APT12 uses Identify gap areas"
},
{
"meta": {
"source-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
"target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
},
"uuid": "db4dfa09-7f19-437a-9d79-15f2dc8ba0da",
"value": "Obfuscate infrastructure related-to Obfuscate infrastructure"
},
{
"meta": {
"source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
"target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84"
},
"uuid": "bbb1c074-a93a-4e40-b11e-2151403f7f1d",
"value": "Identify job postings and needs/gaps related-to Identify job postings and needs/gaps"
},
{
"meta": {
"source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "0e52753e-0a02-4bec-88f9-f8ee21b46bae",
"value": "Acquire OSINT data sets and information related-to Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "3c7c0851-1cf8-458f-862d-4e4827f8f474",
"value": "Cleaver uses Determine strategic target"
},
{
"meta": {
"source-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
"target-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983"
},
"uuid": "c388ed7c-3820-41a3-98af-a48dd7e4d88b",
"value": "Acquire or compromise 3rd party signing certificates related-to Acquire or compromise 3rd party signing certificates"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
},
"uuid": "34ba5998-4e43-4669-9701-1877aa267354",
"value": "APT1 uses Build social network persona"
},
{
"meta": {
"source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"target-uuid": "af358cad-eb71-4e91-a752-236edc237dae"
},
"uuid": "f8504a07-758c-4c51-ac94-c2e7ba652e29",
"value": "Conduct social engineering related-to Conduct social engineering"
},
{
"meta": {
"source-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
},
"uuid": "9ad9966d-4a8d-4b15-b503-c5d27104fcdd",
"value": "Identify supply chains related-to Identify supply chains"
},
{
"meta": {
"source-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
"target-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05"
},
"uuid": "e4501560-7850-4467-8422-2cf336429e8a",
"value": "Determine 3rd party infrastructure services related-to Determine 3rd party infrastructure services"
},
{
"meta": {
"source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5"
},
"uuid": "66e4da4a-6eb6-46e0-9baf-74059f341b4a",
"value": "Conduct social engineering related-to Conduct social engineering"
},
{
"meta": {
"source-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
"target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39"
},
"uuid": "41be9f31-9d2b-44b8-a7dc-31f8c4519751",
"value": "Obfuscate infrastructure related-to Obfuscate infrastructure"
},
{
"meta": {
"source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "be031f72-737b-4afd-b2c1-c565f5ab7369",
"value": "Acquire OSINT data sets and information related-to Acquire OSINT data sets and information"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
},
"uuid": "90d7f0f0-6e41-431a-a024-9375cbc18d2b",
"value": "APT1 uses Post compromise tool development"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "e60a165e-cfad-43e5-ba83-ea2430a377c5",
"value": "APT16 uses Determine strategic target"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "a071fc8f-6323-420b-9812-b51f12fc7956",
"value": "Night Dragon uses Determine strategic target"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "ec739e26-d097-4804-b04a-54dd81ff11e0"
},
"uuid": "970531a2-4927-41a3-b2cd-09d445322f51",
"value": "APT1 uses Create strategic plan"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "4aeafdb3-eb0b-4e8e-b93f-95cd499088b4"
},
"uuid": "c2571ca8-98c4-490d-b8f8-f3678b0ce74d",
"value": "Night Dragon uses Compromise of externally facing system"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "489a7797-01c3-4706-8cd1-ec56a9db3adc"
},
"uuid": "e78023e7-98de-4973-9331-843bfa28c9f7",
"value": "APT1 uses Spear phishing messages with malicious links"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "357e137c-7589-4af1-895c-3fbad35ea4d2"
},
"uuid": "f76d74b6-c797-487c-8388-536367d1b922",
"value": "APT1 uses Obfuscate or encrypt code"
},
{
"meta": {
"source-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
"target-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d"
},
"uuid": "87239038-7693-49b3-b595-b828cc2be1ba",
"value": "Friend/Follow/Connect to targets of interest related-to Friend/Follow/Connect to targets of interest"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
},
"uuid": "c6e43693-2a6d-4ba8-8fa7-ec1ab5239528",
"value": "Night Dragon uses Acquire and/or use 3rd party software services"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "5ed44a06-bcb4-4293-8bf4-aaebefddc09c",
"value": "APT1 uses Determine strategic target"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a"
},
"uuid": "db10491f-a854-4404-9271-600349484bc3",
"value": "APT1 uses Domain registration hijacking"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549"
},
"uuid": "4eb0e01c-85ae-466a-a8ff-0cf7891c5ab2",
"value": "APT16 uses Identify business relationships"
},
{
"meta": {
"source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
},
"uuid": "7bd3d2ba-f114-4835-97b6-1c3e2208d3f3",
"value": "Analyze organizational skillsets and deficiencies related-to Analyze organizational skillsets and deficiencies"
},
{
"meta": {
"source-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
},
"uuid": "2bf984b5-1a48-4d9a-a4f2-e97801254b84",
"value": "Acquire and/or use 3rd party software services related-to Acquire and/or use 3rd party software services"
},
{
"meta": {
"source-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
},
"uuid": "c124f0ba-f4bc-430a-b40c-eebe0577f812",
"value": "Identify supply chains related-to Identify supply chains"
},
{
"meta": {
"source-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
"target-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6"
},
"uuid": "3d781e9a-d3f8-4e9f-bb23-ba6c2ff22267",
"value": "Acquire and/or use 3rd party software services related-to Acquire and/or use 3rd party software services"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957"
},
"uuid": "597be8e7-58a4-4aff-a803-48a7a08164a2",
"value": "APT16 uses Discover target logon/email address format"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
},
"uuid": "7a254f4d-c7cf-4b98-94e9-3937785b7d68",
"value": "APT12 uses Post compromise tool development"
},
{
"meta": {
"source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"target-uuid": "af358cad-eb71-4e91-a752-236edc237dae"
},
"uuid": "46f1e7d4-4d73-4e33-b88b-b3bcde5d81fb",
"value": "Conduct social engineering related-to Conduct social engineering"
}
]
}