Identifier: YEARMONTH-NAME (e.g. 202110-SCENARIO_HAPPENS_ABC)
Created: {{date}} {{time}}
Modified: YEAR-MONTH-DAY (e.g. 2021-11-11, 10:00)
Status: #Status/Open
Author(s): Venation
Category: #Category/Example
Tags: #Tags/Example
Priority Intelligence Requirement(s):
Objective(s):
Any_relevant_input_is_detailed_here
Summary:
Any_relevant_input_is_detailed_here
Industry Tagging: #Industry/Example
Functions and/or systems targeted:
Any_relevant_input_is_detailed_here
Scenario walkthrough:
- Step - Reconnaissance
- Step - Initial access
- Step - Lateral movement
Considerations:
Any_relevant_input_is_detailed_here
Associated threat actor profile:
| Name | Tag | Category | Capability | Intent | Comments |
|---|---|---|---|---|---|
| APT28 | #Actor/Example | State-sponsored entity | High | High | TBD |
TTP breakdown:
| Tactic_ID | Tactic | Technique_ID | Technique | Procedure(s) | Detection Opportunity | Comments |
|---|---|---|---|---|---|---|
| TA0043 | Reconnaissance | T1589 | Gather Victim Identity Information | Acquired mobile phone numbers of potential targets, possibly for mobile malware or additional phishing operations. | Detection_tagging | TBD |
| TA0001 | Initial Access | T1189 | Drive-by Compromise | Use watering hole attack to gain initial access to victims within a specific IP range. | Detection_tagging | TBD |
| TA0008 | Lateral Movement | T1550.001 | Use Alternate Authentication Material: Application Access Token | Use several malicious applications that abused OAuth access tokens to gain access to target email accounts. | Detection_tagging | TBD |
Wrap-up:
Any_relevant_input_is_detailed_here
Sources:
- LINKED_URL
JSON:
{
"firstName": "John",
"lastName": "Smith",
"age": 25
}