Trusted Design戦術「Resource Development」に関連する攻撃手法(Technique)の一覧です。
| Technique ID | Name | Description |
|---|---|---|
| T1583 | Acquire Infrastructure | Adversaries may buy, lease, rent, or obtain infrastructure that can be used during targeting. A wide variety of infrastr… |
| T1583.001 | Domains | Adversaries may acquire domains that can be used during targeting. Domain names are the human readable names used to rep… |
| T1583.002 | DNS Server | Adversaries may set up their own Domain Name System (DNS) servers that can be used during targeting. During post-comprom… |
| T1583.003 | Virtual Private Server | Adversaries may rent Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud se… |
| T1583.004 | Server | Adversaries may buy, lease, rent, or obtain physical servers that can be used during targeting. Use of servers allows an… |
| T1583.005 | Botnet | Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a ne… |
| T1583.006 | Web Services | Adversaries may register for web services that can be used during targeting. A variety of popular websites exist for adv… |
| T1583.007 | Serverless | Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda functions… |
| T1583.008 | Malvertising | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased… |
| T1584 | Compromise Infrastructure | Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastructure solutions includ… |
| T1584.001 | Domains | Adversaries may hijack domains and/or subdomains that can be used during targeting. Domain registration hijacking is the… |
| T1584.002 | DNS Server | Adversaries may compromise third-party DNS servers that can be used during targeting. During post-compromise activity, a… |
| T1584.003 | Virtual Private Server | Adversaries may compromise third-party Virtual Private Servers (VPSs) that can be used during targeting. There exist a v… |
| T1584.004 | Server | Adversaries may compromise third-party servers that can be used during targeting. Use of servers allows an adversary to … |
| T1584.005 | Botnet | Adversaries may compromise numerous third-party systems to form a botnet that can be used during targeting. A botnet is … |
| T1584.006 | Web Services | Adversaries may compromise access to third-party web services that can be used during targeting. A variety of popular we… |
| T1584.007 | Serverless | Adversaries may compromise serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda functions, or Google … |
| T1584.008 | Network Devices | Adversaries may compromise third-party network devices that can be used during targeting. Network devices, such as small… |
| T1585 | Establish Accounts | Adversaries may create and cultivate accounts with services that can be used during targeting. Adversaries can create ac… |
| T1585.001 | Social Media Accounts | Adversaries may create and cultivate social media accounts that can be used during targeting. Adversaries can create soc… |
| T1585.002 | Email Accounts | Adversaries may create email accounts that can be used during targeting. Adversaries can use accounts created with email… |
| T1585.003 | Cloud Accounts | Adversaries may create accounts with cloud providers that can be used during targeting. Adversaries can use cloud accoun… |
| T1586 | Compromise Accounts | Adversaries may compromise accounts with services that can be used during targeting. For operations incorporating social… |
| T1586.001 | Social Media Accounts | Adversaries may compromise social media accounts that can be used during targeting. For operations incorporating social … |
| T1586.002 | Email Accounts | Adversaries may compromise email accounts that can be used during targeting. Adversaries can use compromised email accou… |
| T1586.003 | Cloud Accounts | Adversaries may compromise cloud accounts that can be used during targeting. Adversaries can use compromised cloud accou… |
| T1587 | Develop Capabilities | Adversaries may build capabilities that can be used during targeting. Rather than purchasing, freely downloading, or ste… |
| T1587.001 | Malware | Adversaries may develop malware and malware components that can be used during targeting. Building malicious software ca… |
| T1587.002 | Code Signing Certificates | Adversaries may create self-signed code signing certificates that can be used during targeting. Code signing is the proc… |
| T1587.003 | Digital Certificates | Adversaries may create self-signed SSL/TLS certificates that can be used during targeting. SSL/TLS certificates are desi… |
| T1587.004 | Exploits | Adversaries may develop exploits that can be used during targeting. An exploit takes advantage of a bug or vulnerability… |
| T1588 | Obtain Capabilities | Adversaries may buy and/or steal capabilities that can be used during targeting. Rather than developing their own capabi… |
| T1588.001 | Malware | Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloa… |
| T1588.002 | Tool | Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can be open or closed so… |
| T1588.003 | Code Signing Certificates | Adversaries may buy and/or steal code signing certificates that can be used during targeting. Code signing is the proces… |
| T1588.004 | Digital Certificates | Adversaries may buy and/or steal SSL/TLS certificates that can be used during targeting. SSL/TLS certificates are design… |
| T1588.005 | Exploits | Adversaries may buy, steal, or download exploits that can be used during targeting. An exploit takes advantage of a bug … |
| T1588.006 | Vulnerabilities | Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakne… |
| T1588.007 | Artificial Intelligence | Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid … |
| T1608 | Stage Capabilities | Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting. To support their op… |
| T1608.001 | Upload Malware | Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during target… |
| T1608.002 | Upload Tool | Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targetin… |
| T1608.003 | Install Digital Certificate | Adversaries may install SSL/TLS certificates that can be used during targeting. SSL/TLS certificates are files that can … |
| T1608.004 | Drive-by Target | Adversaries may prepare an operational environment to infect systems that visit a website over the normal course of brow… |
| T1608.005 | Link Target | Adversaries may put in place resources that are referenced by a link that can be used during targeting. An adversary may… |
| T1608.006 | SEO Poisoning | Adversaries may poison mechanisms that influence search engine optimization (SEO) to further lure staged capabilities to… |
| T1650 | Acquire Access | Adversaries may purchase or otherwise acquire an existing access to a target system or network. A variety of online serv… |
| T1683 | Generate Content | Adversaries may create or generate content to support targeting and operations. This content may be used to establish pe… |
| T1683.001 | Written Content | Adversaries may create or tailor written materials to support targeting and malicious operations. Content may include ph… |
| T1683.002 | Audio-Visual Content | Adversaries may create or manipulate audio, image, and video content to support targeting and malicious operations. Adve… |