Skip to content

Hide Navigation Hide TOC

Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)

This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.

Cluster A Galaxy A Cluster B Galaxy B Level
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Cloud Accounts - T1585.003 (926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5) Attack Pattern 1
Wordlist Scanning - T1595.003 (bed04f7d-e48a-4e76-bd0f-4c57fe31fc46) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
Digital Certificates - T1596.003 (0979abf9-4e26-43ec-9b6e-54efc4e70fca) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern 1
Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
DNS/Passive DNS - T1596.001 (17fd695c-b88c-455a-a3d1-43b6cb728532) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern 1
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Scan Databases - T1596.005 (ec4be82f-940c-4dcb-87fe-2bbdd17c692f) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 1
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 1
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Network Trust Dependencies - T1590.003 (36aa137f-5166-41f8-b2f0-a4cfa1b4133e) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action DNS - T1590.002 (0ff59227-8aa8-4c09-bf1f-925605bd07ea) Attack Pattern 1
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Network Security Appliances - T1590.006 (6c2957f9-502a-478c-b1dd-d626c0659413) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5) Attack Pattern 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Firmware - T1592.003 (b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Identify Business Tempo - T1591.003 (2339cf19-8f1e-48f7-8a91-0262ba547b6f) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
WHOIS - T1596.002 (166de1c6-2814-4fe5-8438-4e80f76b169f) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 1
Botnet - T1583.005 (31225cd3-cd46-4575-b287-c2c14011c074) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 1
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Acquire Access - T1650 (d21bb61f-08ad-4dc1-b001-81ca6cb79954) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action CDNs - T1596.004 (91177e6d-b616-4a03-ba4b-f3b32f7dda75) Attack Pattern 1
Exploits - T1587.004 (bbc3cba7-84ae-410d-b18b-16750731dfa2) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Threat Intel Vendors - T1597.001 (51e54974-a541-4fb6-a61b-0518e4c6de41) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Exploits - T1588.005 (f4b843c1-7e92-4701-8fed-ce82f8be2636) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 1
Code Signing Certificates - T1587.002 (34b3f738-bd64-40e5-a112-29b0542bc8bf) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 1
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
DNS Server - T1583.002 (197ef1b9-e764-46c3-b96c-23f77985dc81) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Search Engines - T1593.002 (6e561441-8431-4773-a9b8-ccf28ef6a968) Attack Pattern 1
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern 1
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 1
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc) Course of Action 1
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Cloud Accounts - T1585.003 (926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Wordlist Scanning - T1595.003 (bed04f7d-e48a-4e76-bd0f-4c57fe31fc46) Attack Pattern 2
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern Digital Certificates - T1596.003 (0979abf9-4e26-43ec-9b6e-54efc4e70fca) Attack Pattern 2
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern 2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern DNS/Passive DNS - T1596.001 (17fd695c-b88c-455a-a3d1-43b6cb728532) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Scan Databases - T1596.005 (ec4be82f-940c-4dcb-87fe-2bbdd17c692f) Attack Pattern Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern 2
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Network Trust Dependencies - T1590.003 (36aa137f-5166-41f8-b2f0-a4cfa1b4133e) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern 2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern DNS - T1590.002 (0ff59227-8aa8-4c09-bf1f-925605bd07ea) Attack Pattern 2
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Network Security Appliances - T1590.006 (6c2957f9-502a-478c-b1dd-d626c0659413) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern 2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 2
Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern 2
Firmware - T1592.003 (b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Identify Business Tempo - T1591.003 (2339cf19-8f1e-48f7-8a91-0262ba547b6f) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern WHOIS - T1596.002 (166de1c6-2814-4fe5-8438-4e80f76b169f) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 2
Botnet - T1583.005 (31225cd3-cd46-4575-b287-c2c14011c074) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern 2
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern CDNs - T1596.004 (91177e6d-b616-4a03-ba4b-f3b32f7dda75) Attack Pattern 2
Exploits - T1587.004 (bbc3cba7-84ae-410d-b18b-16750731dfa2) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) Attack Pattern Threat Intel Vendors - T1597.001 (51e54974-a541-4fb6-a61b-0518e4c6de41) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern 2
Exploits - T1588.005 (f4b843c1-7e92-4701-8fed-ce82f8be2636) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern 2
Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
Code Signing Certificates - T1587.002 (34b3f738-bd64-40e5-a112-29b0542bc8bf) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) Attack Pattern Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern 2
Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern 2
DNS Server - T1583.002 (197ef1b9-e764-46c3-b96c-23f77985dc81) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern Search Engines - T1593.002 (6e561441-8431-4773-a9b8-ccf28ef6a968) Attack Pattern 2
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2