Skip to content

Hide Navigation Hide TOC

Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e)

Captured network traffic that provides details about responses received during an internet scan. This data includes both protocol header values (e.g., HTTP status codes, IP headers, or DNS response codes) and response body content (e.g., HTML, JSON, or raw data). Examples:

  • HTTP Scan: A web server responds to a probe with an HTTP 200 status code and an HTML body indicating the default page is accessible.
  • DNS Scan: A DNS server replies to a query with a resolved IP address for a domain, along with details like Time-To-Live (TTL) and authoritative information.
  • TCP Banner Grab: A service listening on a port (e.g., SSH or FTP) responds with a banner containing service name, version, or other metadata.

Data Collection Measures:

  • Network Traffic Monitoring:
    • Deploy packet capture tools like Wireshark, tcpdump, or Suricata to log both headers and body content of response traffic.
    • Use network appliances like firewalls, intrusion detection systems (IDS), or intrusion prevention systems (IPS) with logging enabled to capture scan responses.
  • Cloud Logging Services:
    • AWS VPC Flow Logs: Capture metadata about network flows, including source and destination, protocol, and response codes.
    • GCP Packet Mirroring: Use mirrored packets to analyze responses.
    • Azure NSG Flow Logs: Record network traffic flow information for analysis.
  • Specific Tools:
    • Zmap or Masscan: Can perform internet-wide scans and collect response content for analysis.
    • Nmap: Use custom scripts to capture and log detailed response data during scans.
Cluster A Galaxy A Cluster B Galaxy B Level
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern 1
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component 1
Response Content (0dcbbf4f-929c-489a-b66b-9b820d3f7f0e) mitre-data-component Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern 1
Hardware - T1592.001 (24286c33-d4a4-4419-85c2-1d094a896c26) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern 2
Upload Tool - T1608.002 (506f6f49-7045-4156-9007-7474cb44ad6d) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern 2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 2
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern 2
Serverless - T1583.007 (04a5a8ab-3bc8-4c83-95c9-55274a89786d) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Malvertising - T1583.008 (155207c0-7f53-4f13-a06b-0a9907ef5096) Attack Pattern 2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Install Digital Certificate - T1608.003 (c071d8c1-3b3a-4f22-9407-ca4e96921069) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701) Attack Pattern 2
Serverless - T1584.007 (df1bc34d-1634-4c93-b89e-8120994fce77) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern SEO Poisoning - T1608.006 (e5d550f3-2202-4634-85f2-4a200a1d49b3) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2