Skip to content

Hide Navigation Hide TOC

Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)

Pre-compromise mitigations involve proactive measures and defenses implemented to prevent adversaries from successfully identifying and exploiting weaknesses during the Reconnaissance and Resource Development phases of an attack. These activities focus on reducing an organization's attack surface, identify adversarial preparation efforts, and increase the difficulty for attackers to conduct successful operations. This mitigation can be implemented through the following measures:

Limit Information Exposure:

  • Regularly audit and sanitize publicly available data, including job posts, websites, and social media.
  • Use tools like OSINT monitoring platforms (e.g., SpiderFoot, Recon-ng) to identify leaked information.

Protect Domain and DNS Infrastructure:

  • Enable DNSSEC and use WHOIS privacy protection.
  • Monitor for domain hijacking or lookalike domains using services like RiskIQ or DomainTools.

External Monitoring:

  • Use tools like Shodan, Censys to monitor your external attack surface.
  • Deploy external vulnerability scanners to proactively address weaknesses.

Threat Intelligence:

  • Leverage platforms like MISP, Recorded Future, or Anomali to track adversarial infrastructure, tools, and activity.

Content and Email Protections:

  • Use email security solutions like Proofpoint, Microsoft Defender for Office 365, or Mimecast.
  • Enforce SPF/DKIM/DMARC policies to protect against email spoofing.

Training and Awareness:

  • Educate employees on identifying phishing attempts, securing their social media, and avoiding information leaks.
Cluster A Galaxy A Cluster B Galaxy B Level
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action DNS Server - T1583.002 (197ef1b9-e764-46c3-b96c-23f77985dc81) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 1
Botnet - T1583.005 (31225cd3-cd46-4575-b287-c2c14011c074) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Search Engines - T1593.002 (6e561441-8431-4773-a9b8-ccf28ef6a968) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern 1
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5) Attack Pattern 1
Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
CDNs - T1596.004 (91177e6d-b616-4a03-ba4b-f3b32f7dda75) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Exploits - T1587.004 (bbc3cba7-84ae-410d-b18b-16750731dfa2) Attack Pattern 1
Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Exploits - T1588.005 (f4b843c1-7e92-4701-8fed-ce82f8be2636) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern 1
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4) Attack Pattern 1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Cloud Accounts - T1585.003 (926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5) Attack Pattern 1
Network Trust Dependencies - T1590.003 (36aa137f-5166-41f8-b2f0-a4cfa1b4133e) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Wordlist Scanning - T1595.003 (bed04f7d-e48a-4e76-bd0f-4c57fe31fc46) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern 1
Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
DNS/Passive DNS - T1596.001 (17fd695c-b88c-455a-a3d1-43b6cb728532) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
Digital Certificates - T1596.003 (0979abf9-4e26-43ec-9b6e-54efc4e70fca) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Network Security Appliances - T1590.006 (6c2957f9-502a-478c-b1dd-d626c0659413) Attack Pattern 1
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Scan Databases - T1596.005 (ec4be82f-940c-4dcb-87fe-2bbdd17c692f) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 1
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Identify Business Tempo - T1591.003 (2339cf19-8f1e-48f7-8a91-0262ba547b6f) Attack Pattern 1
Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 1
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Search Threat Vendor Data - T1681 (63b24abc-5702-4745-b1e4-ac70b20a43f2) Attack Pattern 1
Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Threat Intel Vendors - T1597.001 (51e54974-a541-4fb6-a61b-0518e4c6de41) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 1
Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Code Signing Certificates - T1587.002 (34b3f738-bd64-40e5-a112-29b0542bc8bf) Attack Pattern 1
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Query Public AI Services - T1682 (143122a8-fcda-4dd7-aded-5b9387d9c2d6) Attack Pattern 1
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern 1
Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4) Attack Pattern 1
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Acquire Access - T1650 (d21bb61f-08ad-4dc1-b001-81ca6cb79954) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern 1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Firmware - T1592.003 (b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action WHOIS - T1596.002 (166de1c6-2814-4fe5-8438-4e80f76b169f) Attack Pattern 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern DNS Server - T1583.002 (197ef1b9-e764-46c3-b96c-23f77985dc81) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 2
Botnet - T1583.005 (31225cd3-cd46-4575-b287-c2c14011c074) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Search Engines - T1593.002 (6e561441-8431-4773-a9b8-ccf28ef6a968) Attack Pattern Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern 2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
CDNs - T1596.004 (91177e6d-b616-4a03-ba4b-f3b32f7dda75) Attack Pattern Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Exploits - T1587.004 (bbc3cba7-84ae-410d-b18b-16750731dfa2) Attack Pattern 2
Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Exploits - T1588.005 (f4b843c1-7e92-4701-8fed-ce82f8be2636) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4) Attack Pattern 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Cloud Accounts - T1585.003 (926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5) Attack Pattern 2
Network Trust Dependencies - T1590.003 (36aa137f-5166-41f8-b2f0-a4cfa1b4133e) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 2
Wordlist Scanning - T1595.003 (bed04f7d-e48a-4e76-bd0f-4c57fe31fc46) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern 2
Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
DNS/Passive DNS - T1596.001 (17fd695c-b88c-455a-a3d1-43b6cb728532) Attack Pattern Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Digital Certificates - T1596.003 (0979abf9-4e26-43ec-9b6e-54efc4e70fca) Attack Pattern Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern 2
Network Security Appliances - T1590.006 (6c2957f9-502a-478c-b1dd-d626c0659413) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 2
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Scan Databases - T1596.005 (ec4be82f-940c-4dcb-87fe-2bbdd17c692f) Attack Pattern Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 2
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Identify Business Tempo - T1591.003 (2339cf19-8f1e-48f7-8a91-0262ba547b6f) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern 2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 2
Threat Intel Vendors - T1597.001 (51e54974-a541-4fb6-a61b-0518e4c6de41) Attack Pattern Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) Attack Pattern 2
Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Code Signing Certificates - T1587.002 (34b3f738-bd64-40e5-a112-29b0542bc8bf) Attack Pattern 2
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f) Attack Pattern Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) Attack Pattern 2
SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 2
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 2
Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf) Attack Pattern Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4) Attack Pattern 2
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 2
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Firmware - T1592.003 (b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern WHOIS - T1596.002 (166de1c6-2814-4fe5-8438-4e80f76b169f) Attack Pattern 2