Skip to content

Hide Navigation Hide TOC

Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e)

Captured network traffic that provides details about responses received during an internet scan. This data includes both protocol header values (e.g., HTTP status codes, IP headers, or DNS response codes) and response body content (e.g., HTML, JSON, or raw data). Examples:

  • HTTP Scan: A web server responds to a probe with an HTTP 200 status code and an HTML body indicating the default page is accessible.
  • DNS Scan: A DNS server replies to a query with a resolved IP address for a domain, along with details like Time-To-Live (TTL) and authoritative information.
  • TCP Banner Grab: A service listening on a port (e.g., SSH or FTP) responds with a banner containing service name, version, or other metadata.

Data Collection Measures:

  • Network Traffic Monitoring:
    • Deploy packet capture tools like Wireshark, tcpdump, or Suricata to log both headers and body content of response traffic.
    • Use network appliances like firewalls, intrusion detection systems (IDS), or intrusion prevention systems (IPS) with logging enabled to capture scan responses.
  • Cloud Logging Services:
    • AWS VPC Flow Logs: Capture metadata about network flows, including source and destination, protocol, and response codes.
    • GCP Packet Mirroring: Use mirrored packets to analyze responses.
    • Azure NSG Flow Logs: Record network traffic flow information for analysis.
  • Specific Tools:
    • Zmap or Masscan: Can perform internet-wide scans and collect response content for analysis.
    • Nmap: Use custom scripts to capture and log detailed response data during scans.
Cluster A Galaxy A Cluster B Galaxy B Level
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 1
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern 1
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern 1
Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern 1
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 1
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern 1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern 2
Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 2
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 2
Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2