Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)

This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Network Trust Dependencies - T1590.003 (36aa137f-5166-41f8-b2f0-a4cfa1b4133e)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	DNS - T1590.002 (0ff59227-8aa8-4c09-bf1f-925605bd07ea)	Attack Pattern	1
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Network Security Appliances - T1590.006 (6c2957f9-502a-478c-b1dd-d626c0659413)	Attack Pattern	1
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5)	Attack Pattern	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Firmware - T1592.003 (b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d)	Attack Pattern	1
Identify Business Tempo - T1591.003 (2339cf19-8f1e-48f7-8a91-0262ba547b6f)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	WHOIS - T1596.002 (166de1c6-2814-4fe5-8438-4e80f76b169f)	Attack Pattern	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337)	Attack Pattern	1
Botnet - T1583.005 (31225cd3-cd46-4575-b287-c2c14011c074)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d)	Attack Pattern	1
Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Acquire Access - T1650 (d21bb61f-08ad-4dc1-b001-81ca6cb79954)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120)	Attack Pattern	1
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	CDNs - T1596.004 (91177e6d-b616-4a03-ba4b-f3b32f7dda75)	Attack Pattern	1
Exploits - T1587.004 (bbc3cba7-84ae-410d-b18b-16750731dfa2)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Threat Intel Vendors - T1597.001 (51e54974-a541-4fb6-a61b-0518e4c6de41)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Exploits - T1588.005 (f4b843c1-7e92-4701-8fed-ce82f8be2636)	Attack Pattern	1
Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	1
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Code Signing Certificates - T1587.002 (34b3f738-bd64-40e5-a112-29b0542bc8bf)	Attack Pattern	1
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	1
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4)	Attack Pattern	1
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
DNS Server - T1583.002 (197ef1b9-e764-46c3-b96c-23f77985dc81)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Search Engines - T1593.002 (6e561441-8431-4773-a9b8-ccf28ef6a968)	Attack Pattern	1
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c)	Attack Pattern	1
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9)	Attack Pattern	1
Cloud Accounts - T1585.003 (926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Wordlist Scanning - T1595.003 (bed04f7d-e48a-4e76-bd0f-4c57fe31fc46)	Attack Pattern	1
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Digital Certificates - T1596.003 (0979abf9-4e26-43ec-9b6e-54efc4e70fca)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	1
Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26)	Attack Pattern	1
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	DNS/Passive DNS - T1596.001 (17fd695c-b88c-455a-a3d1-43b6cb728532)	Attack Pattern	1
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	1
Scan Databases - T1596.005 (ec4be82f-940c-4dcb-87fe-2bbdd17c692f)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	1
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	1
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Pre-compromise - M1056 (78bb71be-92b4-46de-acd6-5f998fedf1cc)	Course of Action	1
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Network Trust Dependencies - T1590.003 (36aa137f-5166-41f8-b2f0-a4cfa1b4133e)	Attack Pattern	2
Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	DNS - T1590.002 (0ff59227-8aa8-4c09-bf1f-925605bd07ea)	Attack Pattern	2
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Network Security Appliances - T1590.006 (6c2957f9-502a-478c-b1dd-d626c0659413)	Attack Pattern	2
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26)	Attack Pattern	Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	2
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	2
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	2
SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Firmware - T1592.003 (b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d)	Attack Pattern	2
Identify Business Tempo - T1591.003 (2339cf19-8f1e-48f7-8a91-0262ba547b6f)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	WHOIS - T1596.002 (166de1c6-2814-4fe5-8438-4e80f76b169f)	Attack Pattern	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337)	Attack Pattern	2
Botnet - T1583.005 (31225cd3-cd46-4575-b287-c2c14011c074)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096)	Attack Pattern	2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120)	Attack Pattern	2
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d)	Attack Pattern	2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	CDNs - T1596.004 (91177e6d-b616-4a03-ba4b-f3b32f7dda75)	Attack Pattern	2
Exploits - T1587.004 (bbc3cba7-84ae-410d-b18b-16750731dfa2)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	2
Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4)	Attack Pattern	Threat Intel Vendors - T1597.001 (51e54974-a541-4fb6-a61b-0518e4c6de41)	Attack Pattern	2
Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Exploits - T1588.005 (f4b843c1-7e92-4701-8fed-ce82f8be2636)	Attack Pattern	2
Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Code Signing Certificates - T1587.002 (34b3f738-bd64-40e5-a112-29b0542bc8bf)	Attack Pattern	2
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f)	Attack Pattern	Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	2
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3)	Attack Pattern	Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4)	Attack Pattern	2
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	DNS Server - T1583.002 (197ef1b9-e764-46c3-b96c-23f77985dc81)	Attack Pattern	2
Search Engines - T1593.002 (6e561441-8431-4773-a9b8-ccf28ef6a968)	Attack Pattern	Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	2
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c)	Attack Pattern	2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9)	Attack Pattern	2
Cloud Accounts - T1585.003 (926d8cfd-1d0d-4da2-ab49-3ca10ec3f3b5)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Wordlist Scanning - T1595.003 (bed04f7d-e48a-4e76-bd0f-4c57fe31fc46)	Attack Pattern	2
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	Digital Certificates - T1596.003 (0979abf9-4e26-43ec-9b6e-54efc4e70fca)	Attack Pattern	2
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156)	Attack Pattern	2
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	DNS/Passive DNS - T1596.001 (17fd695c-b88c-455a-a3d1-43b6cb728532)	Attack Pattern	2
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Scan Databases - T1596.005 (ec4be82f-940c-4dcb-87fe-2bbdd17c692f)	Attack Pattern	Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2