Get Techniques from Data Sources

Import Library

from attackcti import attack_client

Initialize Client

lift = attack_client()

Retrieve Techniques

techniques = lift.get_techniques_by_datasources(
    "Network intrusion detection system",
    "Network protocol analysis",
    "Netflow/Enclave netflow",
    "Packet capture",
    "DNS records"
)
len(techniques)
45
print(techniques[0])
{
    "type": "attack-pattern",
    "id": "attack-pattern--2877063e-1851-48d2-bcc6-bc1d2733157e",
    "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
    "created": "2020-05-21T17:43:26.506Z",
    "modified": "2020-05-21T17:43:26.506Z",
    "name": "Wireless Compromise",
    "description": "Adversaries may perform wireless compromise as a method of gaining communications and unauthorized access to a wireless network. Access to a wireless network may be gained through the compromise of a wireless device. (Citation: ICSCorsair - Bolshev) (Citation: Hart - Bolshev) Adversaries may also utilize radios and other wireless communication devices on the same frequency as the wireless network. Wireless compromise can be done as an initial access vector from a remote distance.  \n\nA joint case study on the Maroochy Shire Water Services event examined the attack from a cyber security perspective.  (Citation: Maroochy - MITRE - 200808) The adversary disrupted Maroochy Shire's radio-controlled sewage system by driving around with stolen radio equipment and issuing commands with them. Boden used a two-way radio to communicate with and set the frequencies of Maroochy Shire's repeater stations. \n\nA Polish student used a modified TV remote controller to gain access to and control over the Lodz city tram system in Poland. (Citation: LodzTram-LondonReconnections-2017-12) (Citation: LodzTram-InHomelandSecurity-2008-02) The remote controller device allowed the student to interface with the tram\u2019s network to modify track settings and override operator control. The adversary may have accomplished this by aligning the controller to the frequency and amplitude of IR control protocol signals. (Citation: LodzTram-Schneier-2008-01) The controller then enabled initial access to the network, allowing the capture and replay of tram signals. (Citation: LodzTram-LondonReconnections-2017-12)",
    "kill_chain_phases": [
        {
            "kill_chain_name": "mitre-ics-attack",
            "phase_name": "initial-access-ics"
        }
    ],
    "external_references": [
        {
            "source_name": "mitre-ics-attack",
            "url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0860",
            "external_id": "T0860"
        },
        {
            "source_name": "Hart - Bolshev",
            "description": "Alexander Bolshev. (2014, March 11). S4x14: HART As An Attack Vector. Retrieved January 5, 2020.",
            "url": "https://www.slideshare.net/dgpeters/17-bolshev-1-13"
        },
        {
            "source_name": "ICSCorsair - Bolshev",
            "description": "Alexander Bolshev, Gleb Cherbov. (2014, July 08). ICSCorsair: How I will PWN your ERP through 4-20 mA current loop. Retrieved January 5, 2020.",
            "url": "https://www.blackhat.com/docs/us-14/materials/us-14-Bolshev-ICSCorsair-How-I-Will-PWN-Your-ERP-Through-4-20mA-Current-Loop-WP.pdf"
        },
        {
            "source_name": "LodzTram-InHomelandSecurity-2008-02",
            "description": "Shelley Smith. (2008, February 12). Teen Hacker in Poland Plays Trains and Derails City Tram System. Retrieved October 17, 2019.",
            "url": "https://inhomelandsecurity.com/teen%20hacker%20in%20poland%20plays%20tr/"
        },
        {
            "source_name": "LodzTram-LondonReconnections-2017-12",
            "description": "John Bill. (2017, May 12). Hacked Cyber Security Railways. Retrieved October 17, 2019.",
            "url": "https://www.londonreconnections.com/2017/hacked-cyber-security-railways/"
        },
        {
            "source_name": "LodzTram-Schneier-2008-01",
            "description": "Bruce Schneier. (2008, January 17). Hacking Polish Trams. Retrieved October 17, 2019.",
            "url": "https://www.schneier.com/blog/archives/2008/01/hacking%20the%20pol.html"
        },
        {
            "source_name": "Maroochy - MITRE - 200808",
            "description": "Marshall Abrams. (2008, July 23). Malicious Control System Cyber Security Attack Case Study\u2013 Maroochy Water Services, Australia. Retrieved March 27, 2018.",
            "url": "https://www.mitre.org/sites/default/files/pdf/08%201145.pdf"
        }
    ],
    "object_marking_refs": [
        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
    ],
    "x_mitre_contributors": [
        "Scott Dougherty"
    ],
    "x_mitre_data_sources": [
        "Network protocol analysis",
        "Packet capture",
        "Network intrusion detection system"
    ],
    "x_mitre_platforms": [
        "Windows"
    ]
}