We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Mapping To Reconnaissance

When an adversary engages in a specific behavior, they are vulnerable to expose an unintended weakness. By looking at each ATT&CK activity, we can examine the weaknesses revealed and identify an engagement activity or activities to exploit this weakness. The following table outlines the Adversary Vulnerabilities and Engagement Activities that are available to the defender when the adversary engages in Reconnaissance behaviors.

Details
ATT&CK ID: TA0043

ATT&CK® Technique Adversary Vulnerability Engagement Activity Engagement Activity Description
Active Scanning When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Active Scanning When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Active Scanning When adversaries interact with engagement environments and personas, their future capability, targetting, and/or infastructure requirements are vulnerable to influence Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Active Scanning When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to reveal their targetting preferences and capabilities Network Diversity Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.
Active Scanning When adversaries interact with network or system resources they are vulnerable to trigger tripwires or engage in easily detectable, anomalous behavior Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Active Scanning When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availibilty, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Gather Victim Host Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Host Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Burn-In Exercise a target system in a manner where it will generate desirable system artifacts.
Gather Victim Host Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Host Information When adversaries interact with engagement environments and personas, their future capability, targetting, and/or infastructure requirements are vulnerable to influence Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Host Information When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to reveal their targetting preferences and capabilities Artifact Diversity Present the adversary with a variety of network and system artifacts.
Gather Victim Identity Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Gather Victim Identity Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Identity Information When adversaries interact with engagement environments and personas, their future capability, targetting, and/or infastructure requirements are vulnerable to influence Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Network Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Network Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Network Information When adversaries interact with engagement environments and personas, their future capability, targetting, and/or infastructure requirements are vulnerable to influence Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Org Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Gather Victim Org Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Gather Victim Org Information When adversaries interact with engagement environments and personas, their future capability, targetting, and/or infastructure requirements are vulnerable to influence Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Phishing for Information When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Phishing for Information When adversaries interact with the environment or personas, they are vulnerable to collecting, or in someway interact with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Phishing for Information When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Closed Sources When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Closed Sources When adversaries collect targetting information from open or closed data sources, they may reveal their targetting preferences. information Manipulation
Search Open Technical Databases When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Technical Databases When adversaries collect targetting information from open or closed data sources, they may reveal their targetting preferences. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Websites/Domains When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Websites/Domains When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Open Websites/Domains When adversaries collect targetting information from open or closed data sources, they may reveal their targetting preferences. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Open Websites/Domains When adversaries collect targetting information from open or closed data sources, they may reveal their targetting preferences. Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Victim-Owned Websites When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Search Victim-Owned Websites When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.
Search Victim-Owned Websites When adversaries interact with the environment or personas, they are vulnerable when they collect, observe or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Search Victim-Owned Websites When adversaries collect targetting information from open or closed data sources, they may reveal their targetting preferences. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Stay tuned for more mappings with this tactic.