Trusted Design戦術「Reconnaissance」に関連する攻撃手法(Technique)の一覧です。
| Technique ID | Name | Description |
|---|---|---|
| T1589 | Gather Victim Identity Information | Adversaries may gather information about the victim's identity that can be used during targeting. Information about iden… |
| T1589.001 | Credentials | Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be… |
| T1589.002 | Email Addresses | Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organization… |
| T1589.003 | Employee Names | Adversaries may gather employee names that can be used during targeting. Employee names be used to derive email addresse… |
| T1590 | Gather Victim Network Information | Adversaries may gather information about the victim's networks that can be used during targeting. Information about netw… |
| T1590.001 | Domain Properties | Adversaries may gather information about the victim's network domain(s) that can be used during targeting. Information a… |
| T1590.002 | DNS | Adversaries may gather information about the victim's DNS that can be used during targeting. DNS information may include… |
| T1590.003 | Network Trust Dependencies | Adversaries may gather information about the victim's network trust dependencies that can be used during targeting. Info… |
| T1590.004 | Network Topology | Adversaries may gather information about the victim's network topology that can be used during targeting. Information ab… |
| T1590.005 | IP Addresses | Adversaries may gather the victim's IP addresses that can be used during targeting. Public IP addresses may be allocated… |
| T1590.006 | Network Security Appliances | Adversaries may gather information about the victim's network security appliances that can be used during targeting. Inf… |
| T1591 | Gather Victim Org Information | Adversaries may gather information about the victim's organization that can be used during targeting. Information about … |
| T1591.001 | Determine Physical Locations | Adversaries may gather the victim's physical location(s) that can be used during targeting. Information about physical l… |
| T1591.002 | Business Relationships | Adversaries may gather information about the victim's business relationships that can be used during targeting. Informat… |
| T1591.003 | Identify Business Tempo | Adversaries may gather information about the victim's business tempo that can be used during targeting. Information abou… |
| T1591.004 | Identify Roles | Adversaries may gather information about identities and roles within the victim organization that can be used during tar… |
| T1592 | Gather Victim Host Information | Adversaries may gather information about the victim's hosts that can be used during targeting. Information about hosts m… |
| T1592.001 | Hardware | Adversaries may gather information about the victim's host hardware that can be used during targeting. Information about… |
| T1592.002 | Software | Adversaries may gather information about the victim's host software that can be used during targeting. Information about… |
| T1592.003 | Firmware | Adversaries may gather information about the victim's host firmware that can be used during targeting. Information about… |
| T1592.004 | Client Configurations | Adversaries may gather information about the victim's client configurations that can be used during targeting. Informati… |
| T1593 | Search Open Websites/Domains | Adversaries may search freely available websites and/or domains for information about victims that can be used during ta… |
| T1593.001 | Social Media | Adversaries may search social media for information about victims that can be used during targeting. Social media sites … |
| T1593.002 | Search Engines | Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine… |
| T1593.003 | Code Repositories | Adversaries may search public code repositories for information about victims that can be used during targeting. Victims… |
| T1594 | Search Victim-Owned Websites | Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned webs… |
| T1595 | Active Scanning | Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scan… |
| T1595.001 | Scanning IP Blocks | Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may b… |
| T1595.002 | Vulnerability Scanning | Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check … |
| T1595.003 | Wordlist Scanning | Adversaries may iteratively probe infrastructure using brute-forcing and crawling techniques. While this technique emplo… |
| T1596 | Search Open Technical Databases | Adversaries may search freely available technical databases for information about victims that can be used during target… |
| T1596.001 | DNS/Passive DNS | Adversaries may search DNS data for information about victims that can be used during targeting. DNS information may inc… |
| T1596.002 | WHOIS | Adversaries may search public WHOIS data for information about victims that can be used during targeting. WHOIS data is … |
| T1596.003 | Digital Certificates | Adversaries may search public digital certificate data for information about victims that can be used during targeting. … |
| T1596.004 | CDNs | Adversaries may search content delivery network (CDN) data about victims that can be used during targeting. CDNs allow a… |
| T1596.005 | Scan Databases | Adversaries may search within public scan databases for information about victims that can be used during targeting. Var… |
| T1597 | Search Closed Sources | Adversaries may search and gather information about victims from closed (e.g., paid, private, or otherwise not freely av… |
| T1597.001 | Threat Intel Vendors | Adversaries may search private data from threat intelligence vendors for information that can be used during targeting. … |
| T1597.002 | Purchase Technical Data | Adversaries may purchase technical information about victims that can be used during targeting. Information about victim… |
| T1598 | Phishing for Information | Adversaries may send phishing messages to elicit sensitive information that can be used during targeting. Phishing for i… |
| T1598.001 | Spearphishing Service | Adversaries may send spearphishing messages via third-party services to elicit sensitive information that can be used du… |
| T1598.002 | Spearphishing Attachment | Adversaries may send spearphishing messages with a malicious attachment to elicit sensitive information that can be used… |
| T1598.003 | Spearphishing Link | Adversaries may send spearphishing messages with a malicious link to elicit sensitive information that can be used durin… |
| T1598.004 | Spearphishing Voice | Adversaries may use voice communications to elicit sensitive information that can be used during targeting. Spearphishin… |
| T1681 | Search Threat Vendor Data | Threat actors may seek information/indicators from closed or open threat intelligence sources gathered about their own c… |
| T1682 | Query Public AI Services | Adversaries may query publicly accessible artificial intelligence (AI) services, such as large language models (LLMs), t… |