We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org

Mapping To Reconnaissance

When an adversary engages in a specific behavior, they are vulnerable to expose an unintended weakness. By looking at each ATT&CK activity, we can examine the weaknesses revealed and identify an engagement activity or activities to exploit this weakness. The following table outlines the Adversary Vulnerabilities and Engagement Activities that are available to the defender when the adversary engages in Reconnaissance behaviors.

Details
ATT&CK ID: TA0043

ATT&CK® Technique Adversary Vulnerability Engagement Activity Engagement Activity Description
Gather Victim Identity Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Gather Victim Identity Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Identity Information When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Network Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Network Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Network Information When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Org Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Org Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Org Information When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Host Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Host Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Burn-In Exercise a target system in a manner where it will generate desirable system artifacts.
Gather Victim Host Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Host Information When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Host Information When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Artifact Diversity Present the adversary with a variety of network and system artifacts.
Search Open Websites/Domains When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Websites/Domains When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Open Websites/Domains When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Websites/Domains When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Victim-Owned Websites When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Search Victim-Owned Websites When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Victim-Owned Websites When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Victim-Owned Websites When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Active Scanning When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Active Scanning When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Active Scanning When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Active Scanning When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Active Scanning When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Network Diversity Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.
Active Scanning When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Search Open Technical Databases When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Technical Databases When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Closed Sources When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Closed Sources When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences. information Manipulation
Phishing for Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Phishing for Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Phishing for Information When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Stay tuned for more mappings with this tactic.