{ "authors": [ "MITRE" ], "description": "MITRE Relationship", "name": "Pre Attack - Relationship", "source": "https://github.com/mitre/cti", "type": "mitre-pre-attack-relationship", "uuid": "1ffd3108-1708-11e8-9f98-67b378d9094c", "values": [ { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "58d0b955-ae3d-424a-a537-2804dab38793" }, "uuid": "1eed277b-a2a7-43f9-bf12-6e30abf0841a", "value": "APT28 (G0007) uses Unconditional client-side exploitation/Injected Website/Driveby (PRE-T1149)" }, { "meta": { "source-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d", "target-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33" }, "uuid": "4a69750c-47d5-40f5-b753-c6bb2a27a359", "value": "Friend/Follow/Connect to targets of interest (PRE-T1141) related-to Friend/Follow/Connect to targets of interest (PRE-T1121)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "15ef4da5-3b93-4bb1-a39a-5396661956d3" }, "uuid": "2b6a71e4-e5d5-41d2-a193-9a95c94dc924", "value": "APT1 (G0006) uses Build and configure delivery systems (PRE-T1124)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97" }, "uuid": "57723021-1eb3-4bf2-86eb-fdbf8a1b8125", "value": "Night Dragon (G0014) uses Spear phishing messages with malicious attachments (PRE-T1144)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92" }, "uuid": "a34c16e9-bc7e-45f5-a9a2-8b05d868e6a0", "value": "Night Dragon (G0014) uses Remote access tool development (PRE-T1128)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "d69c3e06-8311-4093-8e3e-0a8e06b15d92" }, "uuid": "307e24f8-4d7c-49a8-88f6-fb0a99fe8ff4", "value": "APT16 (G0023) uses Assess targeting options (PRE-T1073)" }, { "meta": { "source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", "target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc" }, "uuid": "2dbdcf5e-af75-4f92-b4ad-942a06aab259", "value": "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "f4c5d1d9-8f0e-46f1-a9fa-f9a440926046" }, "uuid": "9af7194c-1eea-4aef-bab1-49bd29be069c", "value": "APT1 (G0006) uses Confirmation of launched compromise achieved (PRE-T1160)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "89a79d91-53e0-4ef5-ba28-558cb8b01f76" }, "uuid": "f6dd74d9-ed02-4fe4-aff6-9ef25906592f", "value": "Night Dragon (G0014) uses Identify groups/roles (PRE-T1047)" }, { "meta": { "source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "target-uuid": "271e6d40-e191-421a-8f87-a8102452c201" }, "uuid": "614f64d8-c221-4789-b1e1-787e9326a37b", "value": "APT17 (G0025) uses Develop social network persona digital footprint (PRE-T1119)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97" }, "uuid": "84943231-1b44-4029-ae09-0dbf05440bef", "value": "APT1 (G0006) uses Spear phishing messages with malicious attachments (PRE-T1144)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "d3999268-740f-467e-a075-c82e2d04be62" }, "uuid": "51d03816-347c-4716-9524-da99a58f5ea6", "value": "APT1 (G0006) uses Assess leadership areas of interest (PRE-T1001)" }, { "meta": { "source-uuid": "af358cad-eb71-4e91-a752-236edc237dae", "target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1" }, "uuid": "ad510f42-e745-42d0-8b54-4bf7a2f3cf34", "value": "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1026)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4" }, "uuid": "ab356c7a-6922-4143-90eb-5be632e2f6cd", "value": "Cleaver (G0003) uses Build social network persona (PRE-T1118)" }, { "meta": { "source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84", "target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407" }, "uuid": "ab313887-ff00-4aa9-8edb-ab107c517c19", "value": "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1055)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b" }, "uuid": "edb31962-2310-4618-bd4f-d34f8e7d58e8", "value": "APT16 (G0023) uses Acquire OSINT data sets and information (PRE-T1024)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "286cc500-4291-45c2-99a1-e760db176402" }, "uuid": "0adf353d-688b-46ce-88bb-62a008675fe0", "value": "Night Dragon (G0014) uses Acquire and/or use 3rd party infrastructure services (PRE-T1084)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64" }, "uuid": "e95ea206-3962-43af-aac1-042ac9928679", "value": "Night Dragon (G0014) uses Identify gap areas (PRE-T1002)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234" }, "uuid": "b09b41c4-670f-4f00-b8d5-a8c6a2dcfcfb", "value": "Cleaver (G0003) uses Create custom payloads (PRE-T1122)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "c860af4a-376e-46d7-afbf-262c41012227" }, "uuid": "26bf68a4-af3c-4d39-bad3-5f0ce824f4a3", "value": "APT28 (G0007) uses Determine operational element (PRE-T1019)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "45242287-2964-4a3e-9373-159fad4d8195" }, "uuid": "3d65fc7e-87a5-4113-bd9c-09453fba4d1e", "value": "APT28 (G0007) uses Buy domain name (PRE-T1105)" }, { "meta": { "source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407", "target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84" }, "uuid": "22d4f32c-63c1-400f-8e2c-10e4a200d133", "value": "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1025)" }, { "meta": { "source-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a", "target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549" }, "uuid": "ac1dfc58-d5a2-4b6f-9bf4-c6c0d2d3ae80", "value": "Identify business relationships (PRE-T1060) related-to Identify business relationships (PRE-T1049)" }, { "meta": { "source-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549", "target-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a" }, "uuid": "9524754d-7743-47b3-8395-3cbfb633c020", "value": "Identify business relationships (PRE-T1049) related-to Identify business relationships (PRE-T1060)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "271e6d40-e191-421a-8f87-a8102452c201" }, "uuid": "d26a1746-b577-4a89-be5e-c49611e8c65a", "value": "Cleaver (G0003) uses Develop social network persona digital footprint (PRE-T1119)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93" }, "uuid": "f43faad4-a016-4da0-8de6-53103d429268", "value": "Cleaver (G0003) uses Obfuscation or cryptography (PRE-T1090)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c" }, "uuid": "0e7905fd-77c8-43cb-b499-7d6e37fefbeb", "value": "APT1 (G0006) uses Dynamic DNS (PRE-T1088)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "b79a1960-d0be-4b51-bb62-b27e91e1dea0" }, "uuid": "3f8694fa-8e16-465b-8357-ec0a85316e9c", "value": "Cleaver (G0003) uses Conduct social engineering or HUMINT operation (PRE-T1153)" }, { "meta": { "source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39" }, "uuid": "9c87b627-de61-42da-a658-7bdb33358754", "value": "APT17 (G0025) uses Obfuscate infrastructure (PRE-T1108)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234" }, "uuid": "6d809b32-a5db-4e1e-bea6-ef29a2c680e5", "value": "APT28 (G0007) uses Create custom payloads (PRE-T1122)" }, { "meta": { "source-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c", "target-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe" }, "uuid": "f24a6bf4-c60f-4fa6-8f6a-f2806ae92cdd", "value": "Dynamic DNS (PRE-T1088) related-to Dynamic DNS (PRE-T1110)" }, { "meta": { "source-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe", "target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c" }, "uuid": "94daf955-fb3e-4f13-af60-0e3ffa185be0", "value": "Dynamic DNS (PRE-T1110) related-to Dynamic DNS (PRE-T1088)" }, { "meta": { "source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4" }, "uuid": "545cd36e-572e-413d-82b9-db65788791f9", "value": "APT17 (G0025) uses Build social network persona (PRE-T1118)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b" }, "uuid": "8a2c46d3-92f2-4ff7-a912-8d47189a7d79", "value": "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)" }, { "meta": { "source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b", "target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88" }, "uuid": "60b6c9a6-7705-4c72-93bb-67de0caf11f4", "value": "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1054)" }, { "meta": { "source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c", "target-uuid": "78e41091-d10d-4001-b202-89612892b6ff" }, "uuid": "9c44b2ec-70b0-4f5c-800e-426477330658", "value": "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1023)" }, { "meta": { "source-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b", "target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077" }, "uuid": "bc165934-7ef6-4aed-a0d7-81d3372589f4", "value": "Compromise 3rd party infrastructure to support delivery (PRE-T1111) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1089)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "288b3cc3-f4da-4250-ab8c-d8b5dbed94ca" }, "uuid": "643d984b-0c82-4e14-8ba9-1b8dec0c91e2", "value": "APT28 (G0007) uses Identify web defensive services (PRE-T1033)" }, { "meta": { "source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", "target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41" }, "uuid": "715a66b4-7925-40b4-868a-e47aba879f8b", "value": "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)" }, { "meta": { "source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a", "target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88" }, "uuid": "28bf7e8b-9948-40a8-945b-6b5f2c78ec53", "value": "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1054)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768" }, "uuid": "2b0ec032-eaca-4f0c-be55-39471f0f2bf5", "value": "APT1 (G0006) uses Obtain/re-use payloads (PRE-T1123)" }, { "meta": { "source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b", "target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a" }, "uuid": "1143e6a6-deef-4dbd-8c91-7bf537d8f5ce", "value": "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1043)" }, { "meta": { "source-uuid": "78e41091-d10d-4001-b202-89612892b6ff", "target-uuid": "59369f72-3005-4e54-9095-3d00efcece73" }, "uuid": "a29f2adc-c328-4cf3-9984-2c0c72ec7061", "value": "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1042)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "abd5bed1-4c12-45de-a623-ab8dc4ff862a" }, "uuid": "eab3be4e-4130-4898-a7b6-d9e9eb34f2bd", "value": "APT28 (G0007) uses Research relevant vulnerabilities/CVEs (PRE-T1068)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11" }, "uuid": "39db1df8-f786-480c-9faf-5b870de2250b", "value": "APT1 (G0006) uses Acquire and/or use 3rd party software services (PRE-T1085)" }, { "meta": { "source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88", "target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a" }, "uuid": "6ba71250-1dc7-4b8d-88e7-698440ea18a0", "value": "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1043)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97" }, "uuid": "6238613d-8683-420d-baf7-6050aa27eb9d", "value": "APT28 (G0007) uses Spear phishing messages with malicious attachments (PRE-T1144)" }, { "meta": { "source-uuid": "286cc500-4291-45c2-99a1-e760db176402", "target-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6" }, "uuid": "5dc0b076-5f25-4bda-83c7-1d8bd214b81a", "value": "Acquire and/or use 3rd party infrastructure services (PRE-T1084) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1106)" }, { "meta": { "source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c", "target-uuid": "59369f72-3005-4e54-9095-3d00efcece73" }, "uuid": "7aaa32b6-73f3-4b6e-98ae-da16976e6003", "value": "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1042)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077" }, "uuid": "cc22ab71-f2fc-4885-832b-e75dadeefa2d", "value": "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1089)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b" }, "uuid": "60e79ac2-3dc1-4005-a1f8-260d58117dab", "value": "APT28 (G0007) uses Acquire OSINT data sets and information (PRE-T1024)" }, { "meta": { "source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "target-uuid": "9a8c47f6-ae69-4044-917d-4b1602af64d9" }, "uuid": "7da16587-3861-4404-9043-0076e4766ac4", "value": "APT12 (G0005) uses Choose pre-compromised persona and affiliated accounts (PRE-T1120)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "6cfc9229-9928-414e-bfaf-f63e815b4c84", "value": "APT28 (G0007) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05", "target-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f" }, "uuid": "a7f177e4-7e7f-4883-af3d-c95db9ea7a53", "value": "Determine 3rd party infrastructure services (PRE-T1061) related-to Determine 3rd party infrastructure services (PRE-T1037)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768" }, "uuid": "515e7665-040c-44ac-a379-44d4399d6e2b", "value": "Cleaver (G0003) uses Obtain/re-use payloads (PRE-T1123)" }, { "meta": { "source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", "target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc" }, "uuid": "b180dee5-0d48-448f-94b9-4997f0c584d5", "value": "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)" }, { "meta": { "source-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077", "target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b" }, "uuid": "28815a00-1cf4-4fbc-9039-306a9542c7fd", "value": "Compromise 3rd party infrastructure to support delivery (PRE-T1089) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1111)" }, { "meta": { "source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84", "target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1" }, "uuid": "8bcaccd1-403b-40f1-82d3-ac4d873263f8", "value": "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1044)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957" }, "uuid": "5aab758c-79d2-4219-9053-f50791d98531", "value": "APT28 (G0007) uses Discover target logon/email address format (PRE-T1032)" }, { "meta": { "source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6" }, "uuid": "b55534ba-37ce-47f2-a961-edeaeedcb399", "value": "APT12 (G0005) uses Obfuscate infrastructure (PRE-T1086)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768" }, "uuid": "709bb5af-c484-48f2-bb19-bd7630e42e2d", "value": "APT28 (G0007) uses Obtain/re-use payloads (PRE-T1123)" }, { "meta": { "source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "4e06cf53-00b1-46a6-a6b6-8e33e761b83f", "value": "APT12 (G0005) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "89754a0d-03b1-44e3-94c5-7a892d171a28", "value": "APT17 (G0025) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "af358cad-eb71-4e91-a752-236edc237dae", "target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5" }, "uuid": "984d13eb-ba9c-4e7c-8675-85dde9877a81", "value": "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1056)" }, { "meta": { "source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "target-uuid": "d3999268-740f-467e-a075-c82e2d04be62" }, "uuid": "2daad934-bf08-4a2f-b656-4f7d197eb8fa", "value": "APT28 (G0007) uses Assess leadership areas of interest (PRE-T1001)" }, { "meta": { "source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97" }, "uuid": "1895866a-4689-4527-8460-95e9cd7dd037", "value": "APT12 (G0005) uses Spear phishing messages with malicious attachments (PRE-T1144)" }, { "meta": { "source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", "target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1" }, "uuid": "51c20b46-16cc-4b58-80d7-89d48b14b064", "value": "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1026)" }, { "meta": { "source-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983", "target-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59" }, "uuid": "fe31fa7c-be01-47ca-90bb-0fb49b49eb03", "value": "Acquire or compromise 3rd party signing certificates (PRE-T1109) related-to Acquire or compromise 3rd party signing certificates (PRE-T1087)" }, { "meta": { "source-uuid": "59369f72-3005-4e54-9095-3d00efcece73", "target-uuid": "78e41091-d10d-4001-b202-89612892b6ff" }, "uuid": "432c700b-4bf3-4824-a530-a6e86882c4b7", "value": "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1023)" }, { "meta": { "source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407", "target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1" }, "uuid": "ef32147c-d309-4867-aaba-998088290e32", "value": "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1044)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b" }, "uuid": "f8559304-7ef6-4c48-8d76-a56ebf37c0be", "value": "APT16 (G0023) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "2141aea0-cf38-49aa-9e51-ac34092bc30a" }, "uuid": "3d3eb711-5054-4b32-8006-15ba67d3bb25", "value": "APT1 (G0006) uses Procure required equipment and software (PRE-T1112)" }, { "meta": { "source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1", "target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407" }, "uuid": "689ebb39-52f4-4b2f-8678-72cfed67cb9f", "value": "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1055)" }, { "meta": { "source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", "target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc" }, "uuid": "36990d75-9fbd-43f0-9966-ae58f0388e1d", "value": "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)" }, { "meta": { "source-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6", "target-uuid": "286cc500-4291-45c2-99a1-e760db176402" }, "uuid": "9a1f729c-72a9-4735-9d48-ecb54ea018a9", "value": "Acquire and/or use 3rd party infrastructure services (PRE-T1106) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1084)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "eb517589-eefc-480e-b8e3-7a8b1066f6f1" }, "uuid": "7c68bb22-457e-4942-9e07-36f6cd5ac5ba", "value": "APT1 (G0006) uses Targeted social media phishing (PRE-T1143)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa" }, "uuid": "75c781d7-f9ef-42c8-b610-0dc1ecb3b350", "value": "Cleaver (G0003) uses Authorized user performs requested cyber action (PRE-T1163)" }, { "meta": { "source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", "target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc" }, "uuid": "d5bd7a33-a249-46e5-bb19-a498eba42bdb", "value": "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "15d5eaa4-597a-47fd-a692-f2bed434d904" }, "uuid": "8a2549fa-9e7c-4d47-9678-8ed0bb8fa3aa", "value": "APT1 (G0006) uses Derive intelligence requirements (PRE-T1007)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa" }, "uuid": "0f97c2ae-2b89-4dd5-a270-42b1dcb5d403", "value": "APT1 (G0006) uses Authorized user performs requested cyber action (PRE-T1163)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97" }, "uuid": "c90a4d6a-af21-4103-ba57-3ddeb6e973e7", "value": "APT16 (G0023) uses Spear phishing messages with malicious attachments (PRE-T1144)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "c860af4a-376e-46d7-afbf-262c41012227" }, "uuid": "eca0f05c-5025-4149-9826-3715cc243180", "value": "Cleaver (G0003) uses Determine operational element (PRE-T1019)" }, { "meta": { "source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64" }, "uuid": "683d4e44-f763-492c-b510-fa469a923798", "value": "APT12 (G0005) uses Identify gap areas (PRE-T1002)" }, { "meta": { "source-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39", "target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6" }, "uuid": "db4dfa09-7f19-437a-9d79-15f2dc8ba0da", "value": "Obfuscate infrastructure (PRE-T1108) related-to Obfuscate infrastructure (PRE-T1086)" }, { "meta": { "source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1", "target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84" }, "uuid": "bbb1c074-a93a-4e40-b11e-2151403f7f1d", "value": "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1025)" }, { "meta": { "source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88", "target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b" }, "uuid": "0e52753e-0a02-4bec-88f9-f8ee21b46bae", "value": "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1024)" }, { "meta": { "source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "3c7c0851-1cf8-458f-862d-4e4827f8f474", "value": "Cleaver (G0003) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59", "target-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983" }, "uuid": "c388ed7c-3820-41a3-98af-a48dd7e4d88b", "value": "Acquire or compromise 3rd party signing certificates (PRE-T1087) related-to Acquire or compromise 3rd party signing certificates (PRE-T1109)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4" }, "uuid": "34ba5998-4e43-4669-9701-1877aa267354", "value": "APT1 (G0006) uses Build social network persona (PRE-T1118)" }, { "meta": { "source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", "target-uuid": "af358cad-eb71-4e91-a752-236edc237dae" }, "uuid": "f8504a07-758c-4c51-ac94-c2e7ba652e29", "value": "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1045)" }, { "meta": { "source-uuid": "78e41091-d10d-4001-b202-89612892b6ff", "target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c" }, "uuid": "9ad9966d-4a8d-4b15-b503-c5d27104fcdd", "value": "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1053)" }, { "meta": { "source-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f", "target-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05" }, "uuid": "e4501560-7850-4467-8422-2cf336429e8a", "value": "Determine 3rd party infrastructure services (PRE-T1037) related-to Determine 3rd party infrastructure services (PRE-T1061)" }, { "meta": { "source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", "target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5" }, "uuid": "66e4da4a-6eb6-46e0-9baf-74059f341b4a", "value": "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1056)" }, { "meta": { "source-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6", "target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39" }, "uuid": "41be9f31-9d2b-44b8-a7dc-31f8c4519751", "value": "Obfuscate infrastructure (PRE-T1086) related-to Obfuscate infrastructure (PRE-T1108)" }, { "meta": { "source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a", "target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b" }, "uuid": "be031f72-737b-4afd-b2c1-c565f5ab7369", "value": "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1024)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7" }, "uuid": "90d7f0f0-6e41-431a-a024-9375cbc18d2b", "value": "APT1 (G0006) uses Post compromise tool development (PRE-T1130)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "e60a165e-cfad-43e5-ba83-ea2430a377c5", "value": "APT16 (G0023) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "a071fc8f-6323-420b-9812-b51f12fc7956", "value": "Night Dragon (G0014) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "ec739e26-d097-4804-b04a-54dd81ff11e0" }, "uuid": "970531a2-4927-41a3-b2cd-09d445322f51", "value": "APT1 (G0006) uses Create strategic plan (PRE-T1008)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "4aeafdb3-eb0b-4e8e-b93f-95cd499088b4" }, "uuid": "c2571ca8-98c4-490d-b8f8-f3678b0ce74d", "value": "Night Dragon (G0014) uses Compromise of externally facing system (PRE-T1165)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "489a7797-01c3-4706-8cd1-ec56a9db3adc" }, "uuid": "e78023e7-98de-4973-9331-843bfa28c9f7", "value": "APT1 (G0006) uses Spear phishing messages with malicious links (PRE-T1146)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "357e137c-7589-4af1-895c-3fbad35ea4d2" }, "uuid": "f76d74b6-c797-487c-8388-536367d1b922", "value": "APT1 (G0006) uses Obfuscate or encrypt code (PRE-T1096)" }, { "meta": { "source-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33", "target-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d" }, "uuid": "87239038-7693-49b3-b595-b828cc2be1ba", "value": "Friend/Follow/Connect to targets of interest (PRE-T1121) related-to Friend/Follow/Connect to targets of interest (PRE-T1141)" }, { "meta": { "source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11" }, "uuid": "c6e43693-2a6d-4ba8-8fa7-ec1ab5239528", "value": "Night Dragon (G0014) uses Acquire and/or use 3rd party software services (PRE-T1085)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877" }, "uuid": "5ed44a06-bcb4-4293-8bf4-aaebefddc09c", "value": "APT1 (G0006) uses Determine strategic target (PRE-T1018)" }, { "meta": { "source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "target-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a" }, "uuid": "db10491f-a854-4404-9271-600349484bc3", "value": "APT1 (G0006) uses Domain registration hijacking (PRE-T1103)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549" }, "uuid": "4eb0e01c-85ae-466a-a8ff-0cf7891c5ab2", "value": "APT16 (G0023) uses Identify business relationships (PRE-T1049)" }, { "meta": { "source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", "target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41" }, "uuid": "7bd3d2ba-f114-4835-97b6-1c3e2208d3f3", "value": "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)" }, { "meta": { "source-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", "target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11" }, "uuid": "2bf984b5-1a48-4d9a-a4f2-e97801254b84", "value": "Acquire and/or use 3rd party software services (PRE-T1107) related-to Acquire and/or use 3rd party software services (PRE-T1085)" }, { "meta": { "source-uuid": "59369f72-3005-4e54-9095-3d00efcece73", "target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c" }, "uuid": "c124f0ba-f4bc-430a-b40c-eebe0577f812", "value": "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1053)" }, { "meta": { "source-uuid": "1a295f87-af63-4d94-b130-039d6221fb11", "target-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6" }, "uuid": "3d781e9a-d3f8-4e9f-bb23-ba6c2ff22267", "value": "Acquire and/or use 3rd party software services (PRE-T1085) related-to Acquire and/or use 3rd party software services (PRE-T1107)" }, { "meta": { "source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957" }, "uuid": "597be8e7-58a4-4aff-a803-48a7a08164a2", "value": "APT16 (G0023) uses Discover target logon/email address format (PRE-T1032)" }, { "meta": { "source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7" }, "uuid": "7a254f4d-c7cf-4b98-94e9-3937785b7d68", "value": "APT12 (G0005) uses Post compromise tool development (PRE-T1130)" }, { "meta": { "source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", "target-uuid": "af358cad-eb71-4e91-a752-236edc237dae" }, "uuid": "46f1e7d4-4d73-4e33-b88b-b3bcde5d81fb", "value": "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1045)" } ], "version": 2 }