{'created': '2020-10-19T18:47:08.759Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may compromise a network device’s encryption '
                'capability in order to bypass encryption that would otherwise '
                'protect data communications. (Citation: Cisco Synful Knock '
                'Evolution)\n'
                '\n'
                'Encryption can be used to protect transmitted network traffic '
                'to maintain its confidentiality (protect against unauthorized '
                'disclosure) and integrity (protect against unauthorized '
                'changes). Encryption ciphers are used to convert a plaintext '
                'message to ciphertext and can be computationally intensive to '
                'decipher without the associated decryption key. Typically, '
                'longer keys increase the cost of cryptanalysis, or decryption '
                'without the key.\n'
                '\n'
                'Adversaries can compromise and manipulate devices that '
                'perform encryption of network traffic. For example, through '
                'behaviors such as [Modify System '
                'Image](https://attack.mitre.org/techniques/T1601), [Reduce '
                'Key Space](https://attack.mitre.org/techniques/T1600/001), '
                'and [Disable Crypto '
                'Hardware](https://attack.mitre.org/techniques/T1600/002), an '
                'adversary can negatively effect and/or eliminate a device’s '
                'ability to securely encrypt network traffic. This poses a '
                'greater risk of unauthorized disclosure and may help '
                'facilitate data manipulation, Credential Access, or '
                'Collection efforts. (Citation: Cisco Blog Legacy Device '
                'Attacks)',
 'external_references': [{'external_id': 'T1600',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1600'},
                         {'description': 'Graham Holmes. (2015, October 8). '
                                         'Evolution of attacks on Cisco IOS '
                                         'devices. Retrieved October 19, 2020.',
                          'source_name': 'Cisco Synful Knock Evolution',
                          'url': 'https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices'},
                         {'description': 'Omar Santos. (2020, October 19). '
                                         'Attackers Continue to Target Legacy '
                                         'Devices. Retrieved October 20, 2020.',
                          'source_name': 'Cisco Blog Legacy Device Attacks',
                          'url': 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954'}],
 'id': 'attack-pattern--1f9012ef-1e10-4e48-915e-e03563435fe8',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'defense-evasion'}],
 'modified': '2025-10-24T17:48:30.124Z',
 'name': 'Weaken Encryption',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Network Devices'],
 'x_mitre_version': '1.1'}