{'created': '2020-10-02T16:58:58.738Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may search public digital certificate data for '
                'information about victims that can be used during targeting. '
                'Digital certificates are issued by a certificate authority '
                '(CA) in order to cryptographically verify the origin of '
                'signed content. These certificates, such as those used for '
                'encrypted web traffic (HTTPS SSL/TLS communications), contain '
                'information about the registered organization such as name '
                'and location.\n'
                '\n'
                'Adversaries may search digital certificate data to gather '
                'actionable information. Threat actors can use online '
                'resources and lookup tools to harvest information about '
                'certificates.(Citation: SSLShopper Lookup) Digital '
                'certificate data may also be available from artifacts signed '
                'by the organization (ex: certificates used from encrypted web '
                'traffic are served with content).(Citation: Medium SSL Cert) '
                'Information from these sources may reveal opportunities for '
                'other forms of reconnaissance (ex: [Active '
                'Scanning](https://attack.mitre.org/techniques/T1595) or '
                '[Phishing for '
                'Information](https://attack.mitre.org/techniques/T1598)), '
                'establishing operational resources (ex: [Develop '
                'Capabilities](https://attack.mitre.org/techniques/T1587) or '
                '[Obtain '
                'Capabilities](https://attack.mitre.org/techniques/T1588)), '
                'and/or initial access (ex: [External Remote '
                'Services](https://attack.mitre.org/techniques/T1133) or '
                '[Trusted '
                'Relationship](https://attack.mitre.org/techniques/T1199)).',
 'external_references': [{'external_id': 'T1596.003',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1596/003'},
                         {'description': 'Jain, M. (2019, September 16). '
                                         'Export & Download — SSL Certificate '
                                         'from Server (Site URL). Retrieved '
                                         'October 20, 2020.',
                          'source_name': 'Medium SSL Cert',
                          'url': 'https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2'},
                         {'description': 'SSL Shopper. (n.d.). SSL Checker. '
                                         'Retrieved October 20, 2020.',
                          'source_name': 'SSLShopper Lookup',
                          'url': 'https://www.sslshopper.com/ssl-checker.html'}],
 'id': 'attack-pattern--0979abf9-4e26-43ec-9b6e-54efc4e70fca',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'reconnaissance'}],
 'modified': '2025-10-24T17:48:21.668Z',
 'name': 'Digital Certificates',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['PRE'],
 'x_mitre_version': '1.0'}