Matrix

View settings:
<div class="et_pb_row et_pb_row_2 api-monitoring-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">API Monitoring</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0001</h5>
                        <p>Monitor local APIs that might be used by adversary tools and activity.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 api-monitoring-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>API Monitoring involves capturing an internal OS function for its usage, accompanying arguments, and result. When a defender captures this information, the data gathered can be analyzed to gain insights into the activity of an adversary at a level deeper than normal system activity monitoring. This type of monitoring can also be used to produce high-fidelity detections. For example, the defender can trace activity through WinSock TCP API functions to view potentially malicious network events or trace usage of the Win32 DeleteFile() function to log all attempts at deleting a given file.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 api-monitoring-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://arxiv.org/pdf/2005.00323" target="_blank" rel="noopener">Designing Robust API Monitoring Solutions</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://link.springer.com/chapter/10.1007/978-3-642-41284-4_7" target="_blank" rel="noopener">International Workshop On Recent Advances In Intrusion Detection</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ajaymas.github.io/ISDA2019.pdf" target="_blank" rel="noopener">API Call Based Malware Detection Approach Using Recurrent Neural Network---LSTM</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 api-monitoring-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 network-monitoring-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Network Monitoring</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0002</h5>
                        <p>Monitor network traffic in order to detect adversary activity.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 network-monitoring-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Network Monitoring involves capturing network activity data, including capturing server, firewall, and other relevant logs. A defender can send this data to a centralized collection location for further analysis. This analysis can be automated or manual. In either case, a defender can use Network Monitoring to identify anomalous traffic patterns, large or unexpected data transfers, and other activity that may reveal the presence of an adversary.  Monitoring is essential to maintain situational awareness of adversary activities to ensure operational safety and make progress towards the defender’s goals. Careful pre-operational planning should be done to properly instrument the engagement environment to ensure that all key network traffic is collected. Some use cases of network monitoring include detecting unexpected outbound traffic, systems establishing connections using encapsulated protocols, and known adversary C2 protocols.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-monitoring-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.researchgate.net/publication/309229246_A_Survey_on_Network_Security_Monitoring_Systems" target="_blank" rel="noopener">A Survey On Network Security Monitoring Systems</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.hindawi.com/journals/jece/2016/6297476/" target="_blank" rel="noopener">Protecting Clock Synchronization: Adversary Detection Through Network Monitoring</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.usenix.org/legacy/publications/library/proceedings/sec98/full_papers/paxson/paxson.pdf" target="_blank" rel="noopener">Bro: A System For Detecting Network Intruders In Real-Time</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.sciencedirect.com/science/article/pii/S1363412798800381" target="_blank" rel="noopener">Implementing A Generalized Tool For Network Monitoring</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/4660030" target="_blank" rel="noopener">Spymon: Hidden Network Monitoring For Security In Wireless Sensor Networks</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-monitoring-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0101">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to remotely manipulate, damage or effect some change in the physical environment, they are vulnerable to Man-in-the-Middle manipulations. </td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 system-activity-monitoring-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">System Activity Monitoring</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0003</h5>
                        <p>Collect system activity logs that can reveal adversary activity.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 system-activity-monitoring-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Capturing system logs can show logins, user and system events, etc. A defender can use such inherent system logging to study and collect first-hand observations about the adversary’s actions and tools.  This data can be sent to a centralized collection location for further analysis. Careful planning should be used to guide which system logs are collected and at what level. If the logging level is set too high or too many system logs are collected, the defender may be blinded by the excess data. For example, understanding the adversary’s known TTPs will highlight resources the adversary is likely to touch and therefore which system logs are likely to capture adversary activity.  Overall, System Activity Monitoring is essential to maintain situational awareness of adversarial activities in order to ensure operational safety and progress towards operational goals. Careful pre-operational planning should be done to properly instrument the engagement environment. This will ensure that all key network traffic is collected.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 system-activity-monitoring-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.462.1508&amp;rep=rep1&amp;type=pdf" target="_blank" rel="noopener">Signature Based Intrusion Detection System Using SNORT</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/8717892" target="_blank" rel="noopener">Machine Learning Based Insider Threat Modelling And Detection</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/document/8968697" target="_blank" rel="noopener">Real-Time Detection System Against Malicious Tools By Monitoring Dll On Client Computers</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/document/7163279" target="_blank" rel="noopener">Detecting APT Malware Infections Based On Malicious DNS And Traffic Analysis</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 system-activity-monitoring-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 network-analysis-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Network Analysis</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0004</h5>
                        <p>Analyze network traffic to gain intelligence on communications between systems.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 network-analysis-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Network analysis can be an automated or manual task to review communications between systems to expose adversary activity, such as C2 or data exfiltration traffic. This analysis is normally done by capturing and analyzing traffic on the wire or from previously collected packet capture.  When custom protocols are in use, defenders can leverage protocol decoder frameworks. These are customized code modules that can read network traffic and contextualize activity between the C2 operator and the implant. These frameworks are often required to process complex encryption ciphers and custom protocols into a human-readable format for an analyst to interpret. Decoder creation requires malware analysis of the implant to understand the design of the protocol. While a high level of technical maturity is required to create such a decoder, once created they are invaluable to the defender.  For example, a defender can use a protocol decode to decrypt network capture data and expose an adversary’s C2 or exfiltration activity. Not only does this data provide exquisite intelligence in regard to the adversary’s communications channels and targeting preferences, but it also provides future opportunities for data manipulation to further operational goals.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-analysis-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://sefcom.asu.edu/publications/utilizing-network-science-hicss2015.pdf" target="_blank" rel="noopener">Utilizing Network Science And Honeynets For Software Induced Cyber Incident Analysis</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://www.thucsnet.org/uploads/2/5/2/8/25289795/guodong_zhao_ieee_access_2015.pdf" target="_blank" rel="noopener">Detecting APT Malware Infections Based On Malicious DNS And Traffic Analysis</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-analysis-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 lures-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Lures</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0005</h5>
                        <p>Deceptive systems and artifacts intended to serve as decoys, breadcrumbs, or bait to elicit a specific response from the adversary.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 lures-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Lures are intended to elicit a particular response from the adversary. For example, the defender may utilize Lures to enable or block the adversary’s intended actions or encourage or discourage a specific action or response. Lures can take a variety of forms including credentials, accounts, files/directories, browser extensions/bookmarks, system processes, etc. Regardless of form, Lures provide opportunities to the defender to drive adversary behavior in ways that align with operational outcomes.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 lures-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://doi.org/10.1145/3478905.3478930" target="_blank" rel="noopener">Comparison Of Defense Effectiveness Between Moving Target Defense And Cyber Deception Defense</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://doi.org/10.1145/3338468.3356826" target="_blank" rel="noopener">A Scalable High Fidelity Decoy Framework Against Sophisticated Cyber Attacks</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://www.cs.columbia.edu/~bmbowen/papers/DecoyDocumentsCameraReadySECCOM09.pdf" target="_blank" rel="noopener">Baiting Inside Attackers Using Decoy Documents</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/3338468.3356826" target="_blank" rel="noopener">A Scalable High Fidelity Decoy Framework Against Sophisticated Cyber Attacks</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/3129790.3129805" target="_blank" rel="noopener">Categorization Of Cyber Security Deception Events For Measuring The Severity Level Of Advanced Targeted Breaches</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://www.people.vcu.edu/~mmanic/papers/2014/TII14_VolManic_CPSSecurityVirtualHost.pdf" target="_blank" rel="noopener">Cyber-Physical System Security With Deceptive Virtual Hosts For Industrial Control Networks</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://scholarspace.manoa.hawaii.edu/handle/10125/41897" target="_blank" rel="noopener">Automating The Generation Of Enticing Text Content For High-Interaction Honeyfiles</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://faculty.nps.edu/dedennin/publications/honeyfiles.pdf" target="_blank" rel="noopener">Honeyfiles: Deceptive Files For Intrusion Detection</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.academia.edu/49519275/DECEPTIVE_DECOYS_COMBINING_BELIEVABLE_USER_AND_NETWORK_ACTIVITIES_AND_DECEPTIVE_NETWORK_SETUP_IN_ENHANCING_EFFECTIVENESS?from=cover_page" target="_blank" rel="noopener">Deceptive Decoys: Combining Believable User and Network Activities and Deceptive Network Setup in Enhancing Effectiveness</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.nytimes.com/2017/05/09/world/europe/hackers-came-but-the-french-were-prepared.html" target="_blank" rel="noopener">Hackers Came but the French Were Prepared</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 lures-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exploit a trusted relationship, such as using an account to access or move in the environment, they are vulnerable to triggering tripwires or engaging in anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites, they provide a pathway for beginning engagements and may be unable to differentiate real from deceptive victims.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites and collect information about potential victims, they may reveal information about their targeting preferences by selecting or rejecting an arbitrary victim.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exploit a trusted relationship, they are vulnerable to collecting and acting on manipulated data provided by the trusted party.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use brute-force techniques to access accounts or encrypted data, they are vulnerable to wasting resources if the artifact has no valid credentials or is locked in some other way.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites, they reveal information about their targeting capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites, they provide a pathway for beginning engagements and may be unable to differentiate real from deceptive victims.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites and collect information about potential victims, they may reveal information about their targeting preferences by selecting or rejecting an arbitrary victim.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites, they reveal information about their targeting capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites, they provide a pathway for beginning engagements and may be unable to differentiate real from deceptive victims.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites and collect information about potential victims, they may reveal information about their targeting preferences by selecting or rejecting an arbitrary victim.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries maintain drive-by sites, they reveal information about their targeting capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible (but possibly valuable) data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 application-diversity-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Application Diversity</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0006</h5>
                        <p>Present the adversary with a variety of installed applications and services.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 application-diversity-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Application Diversity presents an array of software targets to the adversary. On a single target system, defenders can configure multiple services or software applications. This diversity may include not only a variety of different types of applications, but also various versions of the same application. Application Diversity can be used to encourage engagement by offering a broad attack surface. By monitoring adversary activity in a diverse environment, the defender can gain information on the adversary’s capabilities and targeting preferences. For example, a defender can install one or more applications with a variety of patch levels to see how the adversary’s response differs across versions.  Additionally, a diverse set of applications provides a variety of avenues for the defender to present additional information throughout an operation. This information can be used to introduce additional attack surfaces, motivate or demotivate the adversary, or further the engagement narrative. For example, if the adversary is close to uncovering something that might raise suspicion around a target, the defender can add an event to a shared calendar application or a message in a notes application that the system will be offline for scheduled maintenance. Having a variety of applications on the system provides the defender with multiple engagement avenues to handle whatever events happen during the operation. Finally, diversity can increase the adversary’s overall comfort level by adding to the believability of the environment. </p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 application-diversity-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/2993412.2993417" target="_blank" rel="noopener">An Interface Diversified Honeypot For Malware Analysis</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://core.ac.uk/download/pdf/36728948.pdf" target="_blank" rel="noopener">Defending Cyberspace With Fake Honeypots</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/9348122" target="_blank" rel="noopener">Software Diversity For Cyber Deception</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/iel7/9322055/9321973/09348122.pdf" target="_blank" rel="noopener">Software Diversity For Cyber Deception</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 application-diversity-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 network-diversity-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Network Diversity</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0007</h5>
                        <p>Use a diverse set of devices on the network to help establish the legitimacy of a deceptive network.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 network-diversity-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Network Diversity involves the use of an assorted collection of network resources such as networking devices, firewalls, printers, phones, etc. Network Diversity can be used to encourage adversaries to engage by offering a broad attack surface. Additionally, diversity can increase the adversary’s overall comfort level by adding to the believability of the environment. By monitoring adversary activity in a diverse environment, the defender can gain information on the adversary’s capabilities and targeting preferences. For example, a defender can deploy a variety of network resources to identify which devices are targeted by the adversary.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-diversity-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://core.ac.uk/download/pdf/36729002.pdf" target="_blank" rel="noopener">A Technique For Network Topology Deception</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-diversity-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 burn-in-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Burn-In</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0008</h5>
                        <p>Exercise a target system in a manner where it will generate desirable system artifacts.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 burn-in-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Burn-In involves exercising the system to create desirable system artifacts such as web browsing history, file system usage, or the running of user applications. At times, Burn-In can be accomplished by simply letting a system or application run for an extended period of time. Other times, the defender engages with the environment to produce the Burn-In artifacts, such as when the defender logs into a decoy account or accesses a decoy website to generate session cookies and browser history. These tasks can be accomplished manually or via automated tooling.  Burn-In should occur pre-operation and continue as appropriate during the operation. The artifacts generated during the Burn-In process can reassure the adversary of the environment’s legitimacy by creating an environment that more closely resembles a real, lived in, system or network.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 burn-in-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 email-manipulation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Email Manipulation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0009</h5>
                        <p>Modify the flow of email in the environment.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 email-manipulation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Email Manipulation covers the various ways email flows in the environment can be affected. Email Manipulation can affect which mail appliances process mail flows, where mail is forwarded, or what mail is present in an inbox. A common use case for email manipulation is as a vector to introduce malware into the engagement environment.  Suspicious emails may be removed from production mailbox and placed into an inbox in an engagement environment. Then, any suspicious attachments or links could be detonated from within the environment. As another example, emails collected over a long period of time from a legitimate inbox outside the environment may be moved into the environment to reassure the adversary of the environment’s legitimacy by creating a mailbox that more closely resembles a real, lived-in inbox.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 email-manipulation-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.nytimes.com/2017/05/09/world/europe/hackers-came-but-the-french-were-prepared.html" target="_blank" rel="noopener">Hackers Came but the French Were Prepared</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 email-manipulation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use phishing emails to gain access to victim systems, they have no control over where a malicious attachment is detonated from, or where a link is clicked.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 peripheral-management-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Peripheral Management</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0010</h5>
                        <p>Manage peripheral devices used on systems within the network for engagement purposes.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 peripheral-management-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Peripheral Management is the administration of peripheral devices used on systems within the engagement environment. A defender can choose to allow or deny certain types of peripherals from being used on systems to either motivate or demotivate adversary activity or to direct the adversary towards specific targets. Defenders can also introduce peripherals to an adversary-controlled system to see how the adversary reacts. For example, the defender can introduce external Wi-Fi adapters, USB devices, etc. to determine if adversaries attempt to use them for exfiltration purposes.  Additionally, peripherals provide an avenue for the defender to present new or additional information to the adversary. This information can be used to introduce an additional attack surface, motivate or demotivate adversary activity, or to further the deception story. For example, the defender may include data on a connected USB device or stage an important conversation near an externally connected camera or microphone. Depending on the contents of this data, the adversary may be encouraged to take a specific action and/or reassured about the legitimacy of the environment.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 peripheral-management-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 pocket-litter-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Pocket Litter</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0011</h5>
                        <p>Data used to support the engagement narrative.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 pocket-litter-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Pocket Litter is data placed on a system to help tell the engagement narrative, to increase the credibility of an environment, and/or to establish a cognitive bias to raise the adversary’s tolerance to weaknesses in the environment. Unlike Lures, Pocket Litter does not necessarily aim to encourage the adversary to take a specific action, but rather it supports the overall deception story.  Pocket Litter can include documents, pictures, registry entries, installed software, log history, browsing history, connection history, and other user data that an adversary would expect to exist on a user’s computer. For example, a defender might conduct a series of web searches to generate browser artifacts, or scatter a variety of photos and documents across the desktop to make the computer feel lived in.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 pocket-litter-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://aclanthology.org/W18-4104.pdf" target="_blank" rel="noopener">Enhancing Cohesion And Coherence Of Fake Text To Improve Believability For Deceiving Cyber Attackers</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/8998256" target="_blank" rel="noopener">Phantomfs: File-Based Deception Technology For Thwarting Malicious Users</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 pocket-litter-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible (but possibly valuable) data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 personas-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Personas</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0012</h5>
                        <p>Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 personas-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>A Persona is used to establish background information about a victim to increase the believability of the target. To create a Persona, the defender must develop a backstory and seed the environment with varying data in support of this story. Depending on the need for realism, the constructed persona can be supported by evidence of hobbies, social and professional interactions, consumer transactions, employment, browsing habits, etc.  In addition to lending legitimacy to the environment, personas can be used to engage directly with adversaries, such as during phishing email exchanges. Additionally, personas can make changes to the environment during the operation, such as adding or removing a USB device or introducing new decoy documents or credentials.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 personas-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 malware-detonation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Malware Detonation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0013</h5>
                        <p>Execute malware under controlled conditions to analyze its functionality.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 malware-detonation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Malware can be detonated in a controlled and safe environment. Clear goals and safety procedures should always be established before detonation to ensure that the operation is focused and safe. The malware can be detonated in an execution environment ranging from a somewhat sterile commercial malware execution appliance to a bespoke engagement environment crafted to support an extended engagement.  Depending on operational objectives, the outcome of a malware detonation operation can include: collecting new IOCs during dynamic analysis,  observing additional TTPs by detonating the malware in a target rich environment, and/or negatively impacting the adversary and their operation. </p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 malware-detonation-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://sefcom.asu.edu/publications/utilizing-network-science-hicss2015.pdf" target="_blank" rel="noopener">Utilizing Network Science And Honeynets For Software Induced Cyber Incident Analysis</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://apps.dtic.mil/sti/pdfs/ADA527328.pdf" target="_blank" rel="noopener">Duping The Soviets: The Farewell Dossier</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 malware-detonation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 software-manipulation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Software Manipulation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0014</h5>
                        <p>Make changes to a system’s software properties and functions to achieve a desired effect.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 software-manipulation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Software Manipulation allows a defender to alter or replace elements of the OS, file system, or other software installed and executed on a system. These alterations can affect outputs, degrade effectiveness, and/or prevent the software from functioning altogether. For example, the defender can manipulate software by changing the output of commonly used discovery commands to hide legitimate systems and artifacts and/or reveal deceptive artifacts and systems.  Alternatively, the defender can change the output of the password policy description for an adversary attempting to brute-force credentials. This manipulation may cause the adversary to waste resources brute-forcing passwords with inaccurate complexity requirements. If the defender wanted to degrade software effectiveness, they might weaken algorithms to expose data that is being archived, encoded, and/or encrypted.  Finally, to prevent software from functioning altogether, the defender may cause failures in software typically used to delete data or hide adversary artifacts. For some Software Manipulation use cases, it may be possible to make changes in such a way that adversary actions and legitimate user actions are handled differently. For example, the defender could show all files when viewed in a graphical application but hide files or introduce decoy files when viewed via a terminal command. This setup would allow legitimate users full access to the file system, while manipulating access for adversaries using a reverse shell.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 software-manipulation-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/7346842/" target="_blank" rel="noopener">A Deception Based Approach For Defeating OS And Service Fingerprinting</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.696.2803&amp;rep=rep1&amp;type=pdf" target="_blank" rel="noopener">From Patches To Honey-Patches: Lightweight Attacker Misdirection, Deception, And Disinformation</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://apps.dtic.mil/sti/pdfs/ADA485003.pdf" target="_blank" rel="noopener">Using Deception To Hide Things From Hackers: Processes, Principles, And Techniques</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 software-manipulation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use brute-force techniques to access accounts or encrypted data, they are vulnerable to wasting resources if the artifact has no valid credentials or is locked in some other way.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible but perceived as interesting data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible (but possibly valuable) data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 information-manipulation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Information Manipulation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0015</h5>
                        <p>Conceal and reveal both facts and fictions to support a deception story</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 information-manipulation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Information Manipulation is used to support the engagement narrative and directly impact adversary activities. Revealed facts and fictions can be used to adjust the adversary’s trust in the environment. Concealed facts and fiction can be used to adjust the adversary’s sense of uncertainty towards the environment. Revealed facts may include OS type and version, geographic location, hardware type and version, accounts, credentials, etc. Revealed fictions may include the content of decoy files, emails, messages, etc. Revealed facts and fictions may or may not be believed by the adversary.  If an adversary believes a revealed fact or fiction, it may lend credibility to the environment or encourage a specific action. If an adversary is suspicious or does not believe a revealed fact or fiction, it may erode adversary trust in the environment or discourage a specific action. Therefore, revealed facts and fictions can be used to adjust the adversary’s trust in the environment in ways that support the operational objectives.  </p>
                            <p>Concealed facts may include virtualized systems disguised as physical systems, monitoring software, or collection efforts. Concealed fictions may include an encrypted, interestingly named, decoy file or a partially deleted email thread referencing high value, but decoy, assets. Concealed facts and fictions may or may not be discovered by the adversary. If the adversary discovers a concealed fact or fiction, it may increase the ambiguity of the environment and affect the adversary’s sense of uncertainty.  In this way, concealed facts and fictions can be used to adjust the ambiguity and affect the adversary’s sense of uncertainty in ways that support the operational objectives</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 information-manipulation-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/3418289" target="_blank" rel="noopener">Using Word Embeddings To Deter Intellectual Property Theft Through Automated Generation Of Fake Documents</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://apps.dtic.mil/sti/pdfs/ADA527328.pdf" target="_blank" rel="noopener">Duping The Soviets: The Farewell Dossier</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.nytimes.com/2017/05/09/world/europe/hackers-came-but-the-french-were-prepared.html" target="_blank" rel="noopener">Hackers Came but the French Were Prepared</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 information-manipulation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 network-manipulation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Network Manipulation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0016</h5>
                        <p>Make changes to network properties and functions to achieve a desired effect.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 network-manipulation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Network Manipulation allows a defender to throttle network speeds, segment the network, maintain a unique IP addressing scheme, add a kill switch to cut off network access, etc. These types of manipulations can affect the adversary’s ability to achieve their operational objectives by incurring an increased resource cost, forcing them to change tactics, or stopping them altogether.  For example, a defender can limit the allowed ports or network requests to force the adversary to alter their planned C2 or exfiltration channels. As another example, a defender could allow or deny outbound SMB requests from a network to affect the success of forced authentication. Additionally, the defender can degrade network speeds and reliability to impose a resource cost as adversaries exfiltrate large quantities of data. Finally, a defender can block primary C2 domains and IPs to determine if the adversary has additional infrastructure. While there are a range of network manipulation options, in all cases, the defender has an opportunity to learn about or influence the adversaries operating in the environment.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-manipulation-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://doi.org/10.1145/3268966.3268971" target="_blank" rel="noopener">Ensuring Deception Consistency For FTP Services Hardened Against Advanced Persistent Threats</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.academia.edu/49519275/DECEPTIVE_DECOYS_COMBINING_BELIEVABLE_USER_AND_NETWORK_ACTIVITIES_AND_DECEPTIVE_NETWORK_SETUP_IN_ENHANCING_EFFECTIVENESS?from=cover_page" target="_blank" rel="noopener">Deceptive Decoys: Combining Believable User and Network Activities and Deceptive Network Setup in Enhancing Effectiveness</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/2995959.2995962" target="_blank" rel="noopener">Cyber Deception: Virtual Networks To Defend Insider Reconnaissance</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/7971943" target="_blank" rel="noopener">Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://ieeexplore.ieee.org/abstract/document/9045164" target="_blank" rel="noopener">Deceptor-In-The-Middle (Ditm): Cyber Deception For Security In Wireless Network Virtualization</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://calhoun.nps.edu/handle/10945/46358" target="_blank" rel="noopener">Uncovering Network Tarpits With Degreaser</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://ceur-ws.org/Vol-2081/paper19.pdf" target="_blank" rel="noopener">Hiding Computer Network Proactive Security Tools Unmasking Features</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.osti.gov/biblio/1466480" target="_blank" rel="noopener">Now You See Me Now You Don&#39;t: Advancing Network Defense Through Network Deception</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://core.ac.uk/download/pdf/36729002.pdf" target="_blank" rel="noopener">A Technique For Network Topology Deception</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 network-manipulation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0101">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0102">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. </td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries attempt to remotely manipulate, damage or effect some change in the physical environment, they are vulnerable to Man-in-the-Middle manipulations. </td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 hardware-manipulation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Hardware Manipulation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0017</h5>
                        <p>Alter the hardware configuration of a system to limit what an adversary can do with the device.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 hardware-manipulation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Hardware Manipulation can include physical adjustments or configuration changes to the hardware in the environment. This manipulation can include physically removing a system’s microphone, camera, on-board Wi-Fi adapter, etc. or using software controls to disable those devices. These types of manipulations can affect the adversary’s ability to achieve their operational objectives by incurring an increased resource cost, forcing them to change tactics, or stopping them altogether.  Hardware Manipulation is often required to maintain operational safety. For example, if the operation includes Malware Detonation using a laptop physically located in a shared space, it is likely that the defender will not have the ability to hide the legitimate conversations and individuals present in the space. Unless the defender can control the background sounds and visuals, it is likely too risky to leave the camera and microphone connected to the machine.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 hardware-manipulation-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://books.google.com/books?hl=en&amp;lr=&amp;id=uYiRDgAAQBAJ&amp;oi=fnd&amp;pg=PA194&amp;ots=gLR_G-9dbA&amp;sig=QSJ2NxcWqBfhZXpuM8x23r1AAg8#v=onepage&amp;q&amp;f=false" target="_blank" rel="noopener">Cyber Deception Via System Manipulation</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 hardware-manipulation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 security-controls-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Security Controls</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0018</h5>
                        <p>Alter security controls to make the system more or less vulnerable to attack.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 security-controls-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Manipulating Security Controls involves making configuration changes to a system’s security settings including modifying Group Policies, disabling/enabling autorun for removable media, tightening or relaxing system firewalls, etc. Such security controls can be tightened to dissuade or prevent adversary activity. Conversely, security controls can be weakened or left overly permissive to encourage or enable adversary activity.  Tightening security controls can typically be done by implementing any of the mitigations described in MITRE ATT&amp;CK. See https://attack.mitre.org/mitigations/enterprise/ for a full list of mitigation strategies. While loosening security controls may seem obvious (i.e., simply don’t employ a given mitigation strategy), there is an additional level of nuance that must be considered. Some security controls are considered so routine that its absence may be suspicious.  For example, completely turning off Windows Defender would likely raise the adversary’s suspicion. However, it is possible to turn off Windows Defender in certain shared drives to encourage adversary activity in predetermined locations. Therefore, it will likely be far less suspicious to turn off Windows Defender in a single directory or share. When assessing the likelihood that removing a given security control is overly suspicious, it is important to consider how prevalent that security control is, the target adversary’s sophistication, and the engagement narrative.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 security-controls-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/2818000.2818015" target="_blank" rel="noopener">Ersatzpasswords: Ending Password Cracking And Detecting Password Leakage</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://dl.acm.org/doi/abs/10.1145/2660267.2660329" target="_blank" rel="noopener">From Patches To Honey-Patches: Lightweight Attacker Misdirection, Deception, And Disinformation</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://isyou.info/jisis/vol5/no3/jisis-2015-vol5-no3-02.pdf" target="_blank" rel="noopener">Toward An Insider Threat Detection Framework Using Honey Permissions</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 security-controls-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0010">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible but perceived as interesting data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0031">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0036">Exfiltration</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible but perceived as interesting data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0106">Impair Process Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover inaccessible but perceived as interesting data or data streams, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 baseline-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Baseline</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0019</h5>
                        <p>Identify key system elements to establish a baseline and be prepared to reset a system to that baseline when necessary.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 baseline-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>To determine the system Baseline, the defender must identify software and configuration elements that are critical to a set of objectives. The defender must define the proper values and be prepared to reset a running system to its intended state. Reverting to a Baseline configuration can be essential when restoring an operational environment to a safe state or when looking to impose a cost on adversaries by preventing their activity.  For example, the defender can watch for an adversary to make changes in the environment and then revert the environment with the goal of either forcing the adversary to target elsewhere in the network or to display a new, possibly more advanced, TTP. The Baseline values will also be crucial post-operation when analyzing changes to the environment over time.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 baseline-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 isolation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Isolation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0020</h5>
                        <p>Configure devices, systems, networks, etc. to contain activity and data, thus preventing the expansion of an engagement beyond desired limits.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 isolation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Using Isolation, a defender can limit the effectiveness and scope of malicious activity and/or lower exposure to unintended risks. When a system or resource is isolated, a defender can observe adversary behaviors or tools with limited, or no, lateral movement allowed. For example, a defender may detonate a piece of malware on an isolated system to perform dynamic analysis without risk to other network resources.  Determining which systems should be isolated in an operation is a critical decision when calculating acceptable operational risk. However, if the adversary expects to find an entire corporate network but instead finds only an isolated system, they may not be interested in engaging with the target. Balancing acceptable risk, believability, and operational objectives is essential when determining if or when a system should be isolated.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 isolation-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0037">Command and Control</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 attack-vector-migration-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Attack Vector Migration</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0021</h5>
                        <p>Move a malicious link, file, or device from its intended location to an engagement system or network for execution/use.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 attack-vector-migration-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>When a defender Migrates an Attack Vector, the defender intercepts a malicious element and moves it to a safe environment, such as a decoy system within a decoy network, for continued engagement or analysis. A defender may choose to Attack Vector Migrations, which may appear in the form of phishing emails, suspicious email attachments, or malicious USBs. For example, a defender might move a suspicious attachment from a corporate inbox to an inbox on a system that, while in the corporate IP space, is completely segmented from the enterprise network. This segregated environment will allow the adversary to move laterally throughout the environment without risk to enterprise resources.  Determining when an engagement should be moved to an engagement environment is a critical decision when calculating acceptable operational risk. However, if the adversary sent a custom malware sample to a phishing victim, but ultimately find themselves on an unrelated victim, they may be suspicious. Balancing this acceptable risk, believability, and operational goals is essential when determining if or when to migrate an attack vector.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 attack-vector-migration-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://doi.org/10.1145/3268966.3268971" target="_blank" rel="noopener">Ensuring Deception Consistency For FTP Services Hardened Against Advanced Persistent Threats</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.310.2514&amp;rep=rep1&amp;type=pdf" target="_blank" rel="noopener">Honeywords: Making Password-Cracking Detectable</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 attack-vector-migration-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use phishing emails to gain access to victim systems, they have no control over where a malicious attachment is detonated from, or where a link is clicked.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0011">Command and Control</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0033">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0028">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0027">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use phishing emails to gain access to victim systems, they have no control over where a malicious attachment is detonated from, or where a link is clicked.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0104">Execution</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries’ malware is detonated, they may be encouraged to operate in an unintended environment.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries use hardware peripherals, removable media, or connected transient cyber assets, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 artifact-diversity-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Artifact Diversity</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0022</h5>
                        <p>Present the adversary with a variety of network and system artifacts.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 artifact-diversity-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Artifact Diversity means presenting multiple network and system artifacts to the adversary including accounts, files/directories, credentials, logs, web browsing history, browser cookies, etc. These artifacts can be legitimate artifacts created as the result of natural usage over time or manually added to the environment by the defender. Artifact Diversity can be used to encourage the adversary to engage by offering a broad attack surface or can increase the adversary’s overall comfort level by adding to the believability of the environment.  Additionally, these artifacts may be Lures intended to elicit a specific response from the adversary. In any case, by monitoring adversary activity in a diverse environment, the defender can gain information on the adversary’s capabilities and targeting preferences. For example, a defender can include a diverse set of accounts and credentials and then monitor to determine which accounts the adversary targets in the future.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 artifact-diversity-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0009">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0005">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0040">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0001">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0003">Persistence</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0043">Reconnaissance</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0035">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0030">Defense Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0032">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0041">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0034">Impact</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0100">Collection</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0107">Inhibit Response Function</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0110">Persistence</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 introduced-vulnerabilities-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Introduced Vulnerabilities</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAC0023</h5>
                        <p>Intentionally introduce vulnerabilities into the environment for the adversary to exploit.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 introduced-vulnerabilities-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>By intentionally Introducing Vulnerabilities into the engagement environment, the defender can attempt to motivate the adversary to target specific resources. This targeting may serve to move the adversary towards a particular resource, or away from another resource. At other times, the defender may Introduce Vulnerabilities as a mean of encouraging the adversary to reveal targeting preferences, available capabilities, or even to influence future targeting decisions. The operational objectives will drive how and why the defender Introduces Vulnerabilities in the engagement environment.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 introduced-vulnerabilities-attack-mappings et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Enterprise</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0006">Credential Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0007">Discovery</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0002">Execution</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0008">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0004">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>Mobile</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0029">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                                    <table class="table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                        <thead>
                                            <tr style="height: 23px">
                                                <th style="height: 23px;width: 249.016px;text-align: left">
                                                    <span>ICS</span><br>
                                                    ATT&amp;CK&reg; Tactics
                                                </th>
                                                <th style="height: 23px;width: 647.969px;text-align: left">
                                                    Adversary Vulnerability Presented
                                                </th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.</td>
                                                </tr>
                                                <tr style="height: 95px">
                                                    <td style="height: 95px;width: 249.016px">
                                                            <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0103">Evasion</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0105">Impact</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0108">Initial Access</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0109">Lateral Movement</a>,                                                             <a style="color: #0163CB !important; font-weight: bold; text-decoration: none;" target="_blank" rel="noopener" href="https://attack.mitre.org/tactics/TA0111">Privilege Escalation</a>                                                    </td>
                                                    <td style="height: 95px;width: 647.969px">When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment (production or isolated), they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.</td>
                                                </tr>
                                        </tbody>
                                    </table>
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 collect-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Collect</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0001</h5>
                        <p>Gather adversary tools, observe tactics, and collect other raw intelligence about the adversary’s activity.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 collect-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Collection activities are used to gather information about an adversary or their activities. This collection can include gathering system logs, network traffic, adversary artifacts, or other data that can be used to expose adversary activity. In many cases, collection activities are also good cybersecurity practices. However, in Engage, these activities will focus exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Expose the adversary.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 detect-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Detect</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0002</h5>
                        <p>Establish or maintain awareness regarding adversary activity.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 detect-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Detection activities focus on the defender’s ability to monitor adversary activity throughout an environment, often by creating high-fidelity detections. These detections can be produced in several ways. For example, a defender can deploy lures as tripwires in the environment. The defender may create custom alerts based on TTPs or IOCs observed during a malware detonation operation. Finally, the defender may write customer decoders to analyze and alert on malicious traffic.</p>
                            <p>In all these cases, detection activities allow the defender to produce a high-fidelity alert to monitor adversary activities. Often Detection activities are also good cybersecurity practices. However, in Engage, these activities will focus exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Expose the adversary.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 prevent-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Prevent</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0003</h5>
                        <p>Stop all or part of the adversary’s ability to conduct their operation as intended.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 prevent-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Prevention activities focus on stopping the adversary’s ability to conduct their operations as intended. The defender can physically or virtually remove or disable resources, tighten security controls, or otherwise impair the adversary’s ability to operate. A defender might prevent an adversary from operating to force them to reveal different, possibly more advanced, capabilities. Additionally, a defender can use prevention activities to discourage the adversary from operating against a specific target. In this case, the defender may be attempting to encourage the adversary to focus elsewhere in the engagement environment.  There are many more prevention activities that are also good cybersecurity practices. However, in Engage, we are focused on a subset of activities. Those are focused exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Affect the adversary.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 direct-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Direct</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0004</h5>
                        <p>Encourage or discourage the adversary from conducting their operation as intended.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 direct-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Direction activities focus on moving the adversary towards or away from an intended path. This forced direction can be accomplished by removing or disabling some resources, while adding or enabling others. The defender can add lures or otherwise manipulate the environment to attempt to elicit specific responses from the adversary. Additionally, the defender can tighten some security controls while leaving others overly permissive or weakened. Finally, the defender can physically move the adversary by moving threats from their intended environment and into a safe engagement environment.  For example, a suspicious email attachment can be moved from the intended target to an engagement environment for analysis. No matter how the direction is achieved, the defender hopes to force the adversary to take unintended actions or stop intended actions.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 disrupt-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Disrupt</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0005</h5>
                        <p>Impair an adversary’s ability to conduct their operation as intended.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 disrupt-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Disruption activities are used to stop or discourage an adversary from conducting part or all of their mission. This disruption may increase the time, skills, or resources needed for the adversary to accomplish a specific task. For example, a defender may degrade network speeds as the adversary attempts to exfiltrate large blocks of data. As a second example, the defender may manipulate the output of commonly used discovery commands to show targets that do not exist or to hide real targets. In either case, the adversary may waste resources acting on partial or falsified data.  Disruptions may also include planting misinformation designed to influence the adversary’s decision-makers to make the wrong decisions or to waste resources.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 reassure-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Reassure</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0006</h5>
                        <p>Add authenticity to deceptive components to convince an adversary that an environment is real.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 reassure-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Reassurance activities are used to add authenticity to deceptive components to reduce adversary suspicion about the legitimacy of the environment. Activities include adding realistic user accounts, files, system activity, and any other content that an adversary might expect to find on the system. These activities may add new artifacts, such as peripherals and pocket litter, while concealing others, such as how recently an environment was stood up. If done correctly, reassuring an adversary may help to make them  feel more comfortable upon landing in a new environment. This initial level of comfort can help anchor the adversary in the environment, increasing their tolerance to faults or weaknesses discovered later.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 motivate-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Motivate</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EAP0007</h5>
                        <p>Encourage an adversary to conduct part or all of their mission.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 motivate-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Motivating activities is used to encourage an adversary to conduct part or all of their mission by providing a target-rich environment. To do this, the defender can use unpatched versions of operating systems and software, remove end-point detection software, and use weak passwords. Additionally, the defender can open firewall ports, add proxy capabilities, or introduce elements that an adversary can easily leverage to bypass an obstacle in their operations. Finally, the defender can include enticing data to the environment to encourage the adversary to steal the data.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 expose-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Expose</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EGO0001</h5>
                        <p>Reveal the presence of ongoing adversary operations.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 expose-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Expose is about discovering previously undetected adversaries engaging in one of two behaviors. First, the adversary may be attempting to gain access to the networks. Second, the adversary may be currently operating on the networks. Both categories of adversary behavior contain vulnerabilities that can be advantageous for a defender seeking to expose the adversary. </p>
                            <p>As an example of such a vulnerability, when an adversary interacts with network or system resources, they are vulnerable to trigger tripwires. The defender can make and leak fake credentials both inside and outside of the network. The defender can then monitor for the use of these credentials. Then, when an adversary uses a fake credential, the defender will receive a high-fidelity alert. In addition, if the credentials are unique, a defender may be able to detect how and when an adversary collected the credentials. Whenever a defender seeks to engage with an adversary, operational safety is paramount. To maintain this safety, it is a best practice to monitor adversaries as they operate in an engagement environment. Additionally, the defender must be able to observe the adversary. Therefore, collection and detection activities can often be utilized even when a defender may have other strategic goals in mind. </p>
                            <p>Engage defines two approaches to make progress towards the Expose goal.</p>
                            <p>Collection allows the defender to capture and review data that the adversary produces during their operations.</p>
                            <p>Detection takes this collected data and turns it into an alert that the defender can use to their advantage.</p>
                            <p>In many cases, the activities that support such Collection and Detection approaches are also good cybersecurity practices. However, in Engage, these activities will focus exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Expose the adversary.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 affect-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Affect</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EGO0002</h5>
                        <p>Negatively impact the adversaries operations.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 affect-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Affect is ultimately about changing the cost-value proposition in cyber operations for the adversary. The defender may want to increase the adversary’s cost to operate or drive down the value they derive from their operations. For example, the defender can negatively impact the adversary’s on-network operations to drive up the resource cost of doing operations by slowing down or selectively resetting connections to impact exfiltration. This type of activity increases the adversary’s time on target and wastes their resources. To drive down the value of stolen data, a defender could provide an adversary deliberately conflicting information. Providing such information requires an adversary to either choose to believe one piece of data over another, disregard both, collect more data, or continue with uncertainty. </p>
                            <p>All these options increase operational costs and decrease the value of collected data. Engage defines three approaches to make progress towards the Affect goal.</p>
                            <p>Prevent, focuses on setting up mitigations that stop some portion of an adversary’s operation’s from even starting.</p>
                            <p>Direct, attempts to maneuver an adversary into a better position for the defender.</p>
                            <p>Disrupt, seeks to cause problems in an adversary’s operations.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 elicit-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Elicit</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: EGO0003</h5>
                        <p>Learn about adversaries tactics, techniques, and procedures (TTPs).</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 elicit-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Elicit encourages adversaries to reveal additional or more advanced TTPs and goals while operating in defender-controlled engagement environments. These high-fidelity, synthetic engagement environments are uniquely tailored to engage with specific adversaries. They may contain a combination of documents, browser artifacts, etc. to reassure an adversary and reduce suspicion. Further, they may offer enticing data and exploitable vulnerabilities to motivate an adversary to operate in the defender’s environment. </p>
                            <p>These environments can either be left as a dangle, i.e., honeypot. Other times, the defender may self-infect with malware. In either case, observing an adversary as they operate can provide organizations with actionable cyber threat intelligence and potential understanding of the adversary’s goals. </p>
                            <p>Engage defines two approaches to make progress towards the Elicit goal.</p>
                            <p>Reassurance focuses on providing an environment that reduces adversary suspicion by meeting expectations and creating an artifact rich environment.</p>
                            <p>Motivation seeks to create a target rich environment that encourages the adversary to engage in new TTPs.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 operational-objective-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Operational Objective</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0001</h5>
                        <p>Define the objective of the desired end-state of your adversary engagement operations.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 operational-objective-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>The Operational Objective is  the goal(s) that drive all of the approaches and activities used in an adversary engagement operation. Articulating the operational objective allows the defender to align their actions to reach the desired end-state. There are three high-level Engagement Goals in adversary engagement operations: to Expose adversaries on the network, to Affect adversaries on the network, or to Elicit new information about adversaries.  These larger themes should help the defender create more focused operational objectives. For example, realistic operational objectives include: protecting a specific high-value technology or person by exposing adversaries targeting that technology or person, protecting against insider threats by affecting the adversary’s ability to steal sensitive data, or increasing the defender’s understanding of the threat landscape by eliciting new adversary TTPs, etc. Every action taken in the planning, execution, and analysis of an operation should be aligned with the operational objective. It is important to define this objective early on. Input from any involved stakeholders should be considered when choosing the operational objectives.  </p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 operational-objective-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://arxiv.org/pdf/2104.03594.pdf" target="_blank" rel="noopener">Three Decades Of Deception Techniques In Active Cyber Defense-Retrospect And Outlook</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 persona-creation-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Persona Creation</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0002</h5>
                        <p>Plan and create a fictitious human user through a combination of planted data and revealed behavior patterns.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 persona-creation-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Persona Creation is the process of planning for and creating the personas required to support the engagement narrative. This process should be informed by the previously generated threat model for the defender’s target adversary. For example, if the adversary targets a specific industry, the persona might be created to look like someone who works in that industry. The persona outline should include basic information about the persona itself such as their name, their relationship to the environment, and geographic location. Often, and especially for a short-term engagement operation, these persona traits can be broad.  For example, it is unlikely that a persona used in a short-term ransomware detonation operation would require a lot of details to be effective. However, for a longer-term insider threat protection operation, the defender may need to create a persona with the online presence of a corporate employee, including name, birthday, address, etc. Many factors should be considered when determining how in-depth a persona should be, including adversary sophistication, defender resources, and engagement narrative.  Once the persona traits have been decided, the planning process should determine how these traits will manifest in the environment. Persona creation is important to running an operation, as personas are often the predominant means through which the defender can engage with the adversary or change the environment during the operation. Careful planning is important as personas can be resource intensive to create and maintain and can reveal the ruse if discovered as fake by the adversary. </p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 storyboarding-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Storyboarding</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0003</h5>
                        <p>Plan and create the deception story.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 storyboarding-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Storyboarding is the process of creating the deception story through a sequence of events, interactions, the persona’s pattern of life, etc. A large part of Storyboarding is creating this pattern of life for the persona(s) using the system(s). The pattern of life can include behaviors such as using email or chat software, browsing the Internet, using system software, or physically moving the device (particularly important for mobile devices and laptops).  The defender must determine how the Persona’s behavior and other events in the environment will be generated. Personas may be generated automatically with tooling, manually with human operators, or some combination of both. The availability of defender resources may greatly impact the frequency of manually executing behaviors.  Not every action taken in the environment needs to be planned in advance. However, the defender should have a general idea of what actions will be taken. Setting up a storyboard early in the planning process will allow the operation to run smoothly, efficiently, and most importantly, consistently, regardless of operator, so as not to reveal the ruse.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 storyboarding-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://repository.lib.ncsu.edu/bitstream/handle/1840.16/5648/etd.pdf" target="_blank" rel="noopener">Defensive Computer-Security Deception Operations: Processes, Principles And Techniques</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://apps.dtic.mil/sti/pdfs/ADA527328.pdf" target="_blank" rel="noopener">Duping The Soviets: The Farewell Dossier</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 cyber-threat-intelligence-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Cyber Threat Intelligence</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0004</h5>
                        <p>The process of analyzing actionable knowledge about adversaries and their malicious activities, enabling defenders and their organizations to reduce harm through better security decision-making</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 cyber-threat-intelligence-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Cyber Threat Intelligence (CTI) allows an organization to understand the threat landscape. CTI data can be informed by a combination of open and closed source research. Additionally, it can be supplemented with internal and external threat intelligence feeds, including information gleaned from previous engagement operations.  The understanding gained through CTI data allows the defender to identify and understand the target adversary for a given operation. For example, if the defender’s intended operational outcome is to expose adversaries on the network, the defender should prioritize adversaries that historically target their organization or similar organizations and/or have displayed TTPs that are likely to evade current defenses. Additionally, storyboarding should look at CTI data for the target adversary to make informed estimations on what the adversary may do in the environment and how they might react to what they find.  Once one or more adversaries have been selected as the target adversary, the relevant CTI data should guide the creation of the engagement environment and storyboard including hardware and software requirements, the required level of realism for lures and pocket Litter, and acceptable operational risk. This definition was based on the work presented by MITRE ATT&amp;CK as seen here.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 cyber-threat-intelligence-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.106.7476&amp;rep=rep1&amp;type=pdf" target="_blank" rel="noopener">Deceived: Under Target Online</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://vx-underground.org/archive/other/VxHeavenPdfs/A boosting ensemble for the recognition of code sharing in malware.pdf" target="_blank" rel="noopener">A Boosting Ensemble For The Recognition Of Code Sharing In Malware</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.academia.edu/download/66108290/CTI_Mavroeidis.pdf" target="_blank" rel="noopener">Cyber Threat Intelligence Model: An Evaluation Of Taxonomies, Sharing Standards, And Ontologies Within Cyber Threat Intelligence</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 gating-criteria-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Gating Criteria</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0005</h5>
                        <p>Define the set of events that would lead to the unnegotiable pause or conclusion to the operation.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 gating-criteria-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Gating Criteria are the event or sequence of events that are agreed to be the unnegotiable immediate pause or end to the operation. Sometimes, these events include the successful completion of the agreed upon operational objectives. Other times, these events may signify the operation has reached a hard stop. This stop is often necessary because future operational safety cannot be guaranteed. Alternatively, the operation may need to end because events have occurred that outweigh the agreed upon acceptable risk. Finally, it may just be that if the adversary operates any longer, they may learn something the defender doesn’t want them to know.  Multiple parties from the technical operations, threat intel, legal, and management perspectives should be included when defining Gating Criteria. For example, if an adversary begins to use the engagement environment as a platform to operate against other targets, stakeholders may decide that the operation must be suspended until the unacceptable traffic can be blocked. Defining the operational Gating Criteria is an essential step to ensure operational safety.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 after-action-review-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">After-Action Review</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0006</h5>
                        <p>Review of operational activities.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 after-action-review-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>The After Action Review (AAR) is the opportunity for the team to review the events of the operation to ensure progress towards strategic outcomes. This retrospective can include a review of the entire operational process from planning, implementation, execution, and impact. In addition to the operation itself, the AAR is an important time to assess the communication and teamwork of the operations team and all contributing stakeholders. While an AAR should always occur at the end of an operation, periodic reviews during long-running operations are vital to ensure alignment and progress towards the operational objectives.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 after-action-review-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="http://understandingrequirements.com/resources/7.4  Strategies for Learning from Failure.pdf" target="_blank" rel="noopener">Strategies For Learning From Failure</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 threat-model-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Threat Model</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0009</h5>
                        <p>A risk assessment that models organizational strengths and weaknesses   </p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 threat-model-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Among other things, threat models require that the defender assesses the strengths, weaknesses, and importance of the their own organization, including trusted partners, infrastructure, and critical cyber assets. This understanding will inform operational objectives by outlining the defender’s attack surface and highlighting areas that may be of particular interest to a given adversary. The organization’s threat model should be understood at the onset of an operation to drive operational objective development and revisited at the conclusion of an operation to ensure operational outcomes are captured. These process of defining and informing the organization’s threat model should enable better security decision-making both in future operations and elsewhere in the organization.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 engagement-environment-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Engagement Environment</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAC0012</h5>
                        <p>Design the systems and network for the operation.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 engagement-environment-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>The Engagement Environment is the set of carefully tailored, highly instrumented systems designed on an engagement-by-engagement basis as the backdrop to the engagement narrative. It is the actual environment that the adversary will operate in. It is important to ensure that the Engagement Environment complements, rather than competes with, the engagement narrative. Additionally, these systems should provide conduits to allow the target adversary necessary movement throughout the environment, as needed to meet operational outcomes. </p>
                            <p>While not strictly part of the Engagement Environment, the collection system is the set of systems used to gather artifacts and other data from an operation to monitor the engagement to ensure operational safety. It is important to consider the collection system while designing the engagement environment. By designing these environments in lockstep, the defender guarantees that all aspects of the engagement environment can be monitored. This is essential to ensure operations remain within the guardrails set by the Rules of Engagement. For example, available resources, capabilities, or skills may limit the type of assets in, or size of, the engagement environment.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 engagement-environment-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.researchgate.net/profile/Nicolas-Sklavos/publication/328430317_Approaches_for_Preventing_Honeypot_Detection_and_Compromise/links/5bd874da299bf1124fae1d52/Approaches-for-Preventing-Honeypot-Detection-and-Compromise.pdf" target="_blank" rel="noopener">Approaches For Preventing Honeypot Detection And Compromise</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 plan-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Plan</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAP0001</h5>
                        <p>Identify and align an operation with a desired end-state.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 plan-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Planning is used to identify and align an operation within the context of strategic goals. By helping the defender to first identify their goals, Planning ensures that all engagement activities are focused and driving forward progress. Additionally, planning ensures that the defender can integrate the inputs of the various stakeholders at the beginning of an operation to ensure that the operation is efficient, effective, and safe. Finally, Planning activities ensure that each operation is informed by the successes and learns from the failures of past operations.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 plan-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.nspw.org/papers/2014/nspw2014-almeshekah.pdf" target="_blank" rel="noopener">Planning And Integrating Deception Into Computer Security Defenses</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://apps.dtic.mil/sti/pdfs/ADA624910.pdf" target="_blank" rel="noopener">Cyber Exercise Playbook</a>
                                            </td>
                                        </tr>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://arxiv.org/pdf/2007.14497" target="_blank" rel="noopener">Cyber Deception For Computer And Network Security: Survey And Challenges</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 analyze-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Analyze</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SAP0002</h5>
                        <p>Retrospective review of information gained from an operation .</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 analyze-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Analysis is used to aggregate, examine, and evaluate the results of an operation. Analysis is useful for improving the defender’s security posture through the synthesis of operational data. Additionally, analysis can be used to turn data into actionable intelligence about an adversary’s motivators, behaviors, tactics, and techniques.  Defenders can use analysis to gain insight into adversary activity and thus inform detection and analytics refinements. Reviewing the execution of an operation also provides feedback for the team to improve the quality of future operations. Finally, Analysis activities ensure that each operation is informed by the successes and learns from the failures of past operations.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
            <div class="et_pb_module et_pb_blurb et_pb_blurb_2 analyze-references et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
                <div class="et_pb_blurb_content" style="max-width: 100% !important">
                    <div class="et_pb_blurb_container">
                        <div class="et_pb_blurb_description">
                            <br class="clearfix" />
                            <table class="ttable table table-bordered table-hover" style="height: 260px;border-spacing: 0px" cellpadding="0">
                                <thead>
                                    <tr style="height: 23px">
                                        <th style="height: 23px;width: 249.016px;text-align: left">
                                            Reference Links
                                        </th>
                                    </tr>
                                </thead>
                                <tbody>
                                        <tr style="height: 95px">
                                            <td style="height: 95px;width: 249.016px">
                                                <a href="https://www.ialeia.org/docs/Psychology_of_Intelligence_Analysis.pdf" target="_blank" rel="noopener">Psychology Of Intelligence Analysis</a>
                                            </td>
                                        </tr>
                                </tbody>
                            </table>
                            <br class="clearfix" />
                        </div>
                    </div>
                </div>
            </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 prepare-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Prepare</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SGO0001</h5>
                        <p>Help the defender think about what they want to accomplish with operations.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 prepare-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Prepare is used to ensure the defender drives progress during adversary engagement operations towards a desired end-state or Strategic Goal. To support this aim, the defender must first generate a clear picture of their organization and the threat landscape. This understanding should include their current security posture, including known strengths and weaknesses, and an inventory of priority cyber assets, including key intellectual property. The defender should then examine and update the threat models for any identified adversaries. </p>
                            <p>These various assessments and models should enable the defender to identify their strategic goal. At this point, all activities should be aligned with this goal. Once a goal has been selected, the defender must work to plan for the operation by identifying a target adversary, creating the necessary Personas, generating an operational storyboard, etc. Finally, the key stakeholders should be called on to establish rules for operational safety and acceptable risk. At each step in the planning process, the defender should incorporate intelligence gained from previous operations to ensure that future operations can run more effectively and efficiently. </p>
                            <p>Engage defines a single approach to make progress towards the Prepare goal.</p>
                            <p>Planning focuses collecting the various existing sources of intelligence together to inform the selection of a strategic goal and then to drive progress towards that goal.</p>
                            <p>Unlike the Engagement Goals, Prepare has only a single approach. This laser focus is intentional for the first release of Engage.</p>
                            <p>Engage seeks to highlight that denial, deception, and adversary engagement activities cannot be viewed as “fire and forget”. Unlike many defensive technologies, these activities must be viewed only in context of how they inform and drive progress towards larger strategic goals. To this end, Prepare is essential to ensure that every action taken in an engagement operation drives progress towards a unified goal.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="et_pb_row et_pb_row_2 understand-detail matrix-details et_pb_gutters1 et_had_animation" style="display: none;">
    <div class="et_pb_column et_pb_column_4_4 et_pb_column_5 et_pb_css_mix_blend_mode_passthrough et-last-child">
        <div class="et_pb_module et_pb_blurb et_pb_blurb_0 et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <h4 class="et_pb_module_header">
                        <span style="font-size: 20px !important;line-height: 1 !important;font-weight: 600 !important">Understand</span>
                    </h4>
                    <div class="et_pb_blurb_description">
                        <h5>ID: SGO0002</h5>
                        <p>Make sure that the defender is capturing, utilizing, and refining knowledge learned to improve the defender’s posture.</p>
                    </div>
                </div>
            </div>
        </div>
        <div class="et_pb_module et_pb_blurb et_pb_blurb_1 understand-long-description et_pb_text_align_left et_pb_blurb_position_top et_pb_bg_layout_light">
            <div class="et_pb_blurb_content" style="max-width: 100% !important">
                <div class="et_pb_blurb_container">
                    <div class="et_pb_blurb_description">
                        <br class="clearfix" />
                            <p>Understand frames how raw operational outputs can be collected, synthesized, and used to inform future operations and defensive strategies. The Understand goal helps the defender to assess their progress towards Strategic Goals. At its core, the Understand goal ensures that operational outputs can connect to and inform a larger strategy. To do this, the defender must turn the raw outputs from an operation into useful and actionable intelligence. These outputs may be in the form of collected PCAP, logs, qualitative defender observations, etc. Applying analytics to raw data can help the defender to map this data to adversary behavior. Now the behavior can be analyzed to contextualize the intelligence and inform the existing threat model.  For example, the defender may look at raw PCAP data and identify a new IP address that the adversary uses for exfiltration. This IOC can be added to the existing threat model. After applying behavioral analytics to the data, the defender might see that the adversary used a new Defense Evasion technique. In that case, the defender should update the threat model to include this new intelligence. At this point, the defender should assess if this new intelligence will affect any ongoing operations. For example, the defender should ensure that current collection efforts will detect this new TTP. Other opportunities to increase the defender’s understanding post-operation include efforts to refine and update individual engagement activities based on qualitative and quantitative outputs. The defender can reflect on how the overall engagement went and refine future activities to maximize the usefulness.  Finally, the defenders should assess their own coordination and communication. Teamwork is essential during an operation. The defender should seek to improve coordination and skills with each operation. Engage defines a single approach to make progress towards the Understand goal.</p>
                            <p>Analysis, focuses on turning raw outputs into useful intelligence that drives future progress.</p>
                            <p>Unlike the Engagement Goals, Understand has only a single approach. This laser focus is intentional for the first release of Engage.  Engage seeks to highlight that denial, deception, and adversary engagement activities cannot be viewed as ““fire and forget”“. Unlike many defensive technologies, these activities must be viewed only in context of how they inform and drive progress towards larger strategic goals. To this end, Analysis is essential to turn the raw operational outputs into intelligence that drives progress towards these strategic goals.</p>
                        <br class="clearfix" />
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>

{"API Monitoring": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0008", "TA0011", "TA0027", "TA0028", "TA0029", "TA0030", "TA0031", "TA0032", "TA0033", "TA0034", "TA0035", "TA0037", "TA0040", "TA0041", "TA0100", "TA0102", "TA0103", "TA0104", "TA0105", "TA0106", "TA0107", "TA0109", "TA0110", "TA0111"], "techniques": ["T0809", "T0813", "T0814", "T0815", "T0821", "T0823", "T0826", "T0827", "T0829", "T0834", "T0836", "T0837", "T0838", "T0840", "T0843", "T0845", "T0858", "T0871", "T0872", "T0874", "T0880", "T0888", "T0889", "T1007", "T1016", "T1033", "T1049", "T1070", "T1082", "T1083", "T1091", "T1106", "T1132", "T1134", "T1202", "T1216", "T1218", "T1220", "T1404", "T1414", "T1418", "T1420", "T1421", "T1422", "T1426", "T1429", "T1458", "T1485", "T1496", "T1512", "T1513", "T1516", "T1533", "T1541", "T1553", "T1556", "T1559", "T1564", "T1569", "T1575", "T1582", "T1604", "T1614", "T1616", "T1617", "T1623", "T1628", "T1630", "T1632"]}, "After-Action Review": {"tactics": [], "techniques": []}, "Application Diversity": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0008", "TA0009", "TA0011", "TA0028", "TA0029", "TA0030", "TA0031", "TA0032", "TA0033", "TA0034", "TA0035", "TA0040", "TA0108", "TA0109", "TA0111"], "techniques": ["T0866", "T0886", "T0890", "T1010", "T1021", "T1056", "T1068", "T1072", "T1137", "T1190", "T1203", "T1210", "T1211", "T1212", "T1219", "T1404", "T1409", "T1417", "T1418", "T1424", "T1428", "T1496", "T1505", "T1518", "T1525", "T1531", "T1532", "T1533", "T1553", "T1554", "T1560", "T1562", "T1577", "T1578", "T1613", "T1629", "T1632", "T1634", "T1640", "T1645"]}, "Artifact Diversity": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0009", "TA0030", "TA0032", "TA0034", "TA0035", "TA0040", "TA0041", "TA0043", "TA0100", "TA0107", "TA0109", "TA0110"], "techniques": ["T0811", "T0812", "T0859", "T0877", "T0881", "T1057", "T1059", "T1069", "T1078", "T1083", "T1087", "T1120", "T1176", "T1221", "T1222", "T1420", "T1424", "T1471", "T1482", "T1486", "T1489", "T1526", "T1529", "T1552", "T1564", "T1592", "T1601", "T1602", "T1606", "T1623", "T1628", "T1636", "T1640"]}, "Attack Vector Migration": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0008", "TA0011", "TA0027", "TA0028", "TA0033", "TA0104", "TA0108"], "techniques": ["T0847", "T0853", "T0862", "T0863", "T0864", "T0865", "T1091", "T1092", "T1104", "T1195", "T1204", "T1458", "T1474", "T1554", "T1566", "T1645"]}, "Baseline": {"tactics": ["TA0003", "TA0004", "TA0005", "TA0028", "TA0030", "TA0040", "TA0103", "TA0107"], "techniques": ["T0851", "T1014", "T1037", "T1112", "T1136", "T1137", "T1176", "T1398", "T1480", "T1490", "T1505", "T1543", "T1546", "T1547", "T1561", "T1577", "T1601", "T1624", "T1627"]}, "Burn-In": {"tactics": ["TA0001", "TA0003", "TA0004", "TA0005", "TA0007", "TA0009", "TA0032", "TA0035", "TA0043", "TA0102", "TA0108", "TA0109", "TA0110"], "techniques": ["T0812", "T0859", "T0883", "T0888", "T1005", "T1012", "T1016", "T1049", "T1057", "T1078", "T1082", "T1114", "T1133", "T1185", "T1421", "T1422", "T1423", "T1424", "T1426", "T1530", "T1533", "T1592", "T1602"]}, "Cyber Threat Intelligence": {"tactics": [], "techniques": []}, "Email Manipulation": {"tactics": ["TA0001", "TA0009"], "techniques": ["T1114", "T1119", "T1566"]}, "Engagement Environment": {"tactics": [], "techniques": []}, "Gating Criteria": {"tactics": [], "techniques": []}, "Hardware Manipulation": {"tactics": ["TA0009", "TA0028", "TA0035", "TA0100"], "techniques": ["T0852", "T1113", "T1123", "T1125", "T1398", "T1429", "T1512", "T1513"]}, "Information Manipulation": {"tactics": ["TA0002", "TA0005", "TA0007", "TA0008", "TA0009", "TA0010", "TA0011", "TA0030", "TA0031", "TA0032", "TA0034", "TA0035", "TA0036", "TA0037", "TA0040", "TA0043", "TA0100", "TA0102", "TA0104", "TA0105", "TA0106", "TA0107", "TA0108"], "techniques": ["T0800", "T0801", "T0802", "T0806", "T0807", "T0809", "T0811", "T0852", "T0861", "T0863", "T0864", "T0868", "T0877", "T0882", "T0888", "T1001", "T1005", "T1007", "T1010", "T1011", "T1016", "T1020", "T1025", "T1027", "T1029", "T1030", "T1039", "T1041", "T1047", "T1048", "T1049", "T1052", "T1080", "T1082", "T1083", "T1087", "T1113", "T1114", "T1115", "T1119", "T1123", "T1124", "T1125", "T1132", "T1135", "T1201", "T1204", "T1213", "T1217", "T1406", "T1409", "T1414", "T1420", "T1421", "T1422", "T1426", "T1429", "T1430", "T1471", "T1480", "T1482", "T1485", "T1486", "T1491", "T1497", "T1512", "T1513", "T1516", "T1517", "T1530", "T1533", "T1537", "T1538", "T1561", "T1565", "T1567", "T1582", "T1593", "T1594", "T1596", "T1597", "T1598", "T1600", "T1602", "T1614", "T1616", "T1627", "T1633", "T1634", "T1636", "T1639", "T1641", "T1646"]}, "Introduced Vulnerabilities": {"tactics": ["TA0002", "TA0004", "TA0006", "TA0007", "TA0008", "TA0029", "TA0103", "TA0105", "TA0108", "TA0109", "TA0111"], "techniques": ["T0812", "T0819", "T0820", "T0826", "T0827", "T0829", "T0837", "T0864", "T0866", "T0880", "T0890", "T1040", "T1046", "T1068", "T1072", "T1404"]}, "Isolation": {"tactics": ["TA0001", "TA0002", "TA0008", "TA0011", "TA0027", "TA0033", "TA0037", "TA0104", "TA0108", "TA0110"], "techniques": ["T0847", "T0862", "T0863", "T0864", "T0873", "T1091", "T1092", "T1105", "T1195", "T1200", "T1204", "T1458", "T1474", "T1544", "T1644"]}, "Lures": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0008", "TA0009", "TA0010", "TA0011", "TA0027", "TA0028", "TA0029", "TA0030", "TA0031", "TA0032", "TA0033", "TA0034", "TA0035", "TA0036", "TA0037", "TA0040", "TA0043", "TA0100", "TA0102", "TA0103", "TA0104", "TA0105", "TA0106", "TA0107", "TA0108", "TA0109", "TA0110", "TA0111"], "techniques": ["T0800", "T0801", "T0802", "T0803", "T0804", "T0805", "T0806", "T0809", "T0811", "T0812", "T0817", "T0819", "T0820", "T0830", "T0831", "T0839", "T0840", "T0842", "T0846", "T0855", "T0856", "T0857", "T0859", "T0860", "T0861", "T0862", "T0864", "T0866", "T0868", "T0871", "T0873", "T0877", "T0878", "T0882", "T0883", "T0886", "T0887", "T0890", "T0891", "T1003", "T1005", "T1007", "T1011", "T1012", "T1016", "T1018", "T1020", "T1021", "T1025", "T1027", "T1029", "T1030", "T1033", "T1039", "T1040", "T1041", "T1046", "T1047", "T1048", "T1049", "T1052", "T1053", "T1056", "T1057", "T1068", "T1069", "T1072", "T1074", "T1078", "T1080", "T1083", "T1087", "T1098", "T1102", "T1110", "T1111", "T1114", "T1119", "T1123", "T1125", "T1132", "T1133", "T1135", "T1137", "T1176", "T1185", "T1187", "T1189", "T1190", "T1199", "T1203", "T1210", "T1211", "T1212", "T1213", "T1219", "T1220", "T1221", "T1404", "T1406", "T1409", "T1417", "T1418", "T1420", "T1421", "T1422", "T1424", "T1428", "T1429", "T1456", "T1480", "T1481", "T1485", "T1491", "T1512", "T1517", "T1518", "T1526", "T1528", "T1529", "T1530", "T1531", "T1532", "T1533", "T1535", "T1537", "T1538", "T1539", "T1550", "T1552", "T1554", "T1555", "T1557", "T1558", "T1560", "T1563", "T1567", "T1577", "T1578", "T1580", "T1589", "T1590", "T1591", "T1592", "T1594", "T1595", "T1601", "T1602", "T1606", "T1613", "T1627", "T1634", "T1635", "T1638", "T1639", "T1640", "T1643", "T1645", "T1646"]}, "Malware Detonation": {"tactics": ["TA0002", "TA0005", "TA0011", "TA0030", "TA0034", "TA0040", "TA0104", "TA0108", "TA0110"], "techniques": ["T0853", "T0863", "T0865", "T0873", "T1027", "T1047", "T1092", "T1204", "T1216", "T1218", "T1219", "T1220", "T1221", "T1406", "T1407", "T1561", "T1569", "T1604", "T1643"]}, "Network Analysis": {"tactics": ["TA0009", "TA0010", "TA0011", "TA0030", "TA0032", "TA0033", "TA0036", "TA0037"], "techniques": ["T1001", "T1011", "T1020", "T1029", "T1041", "T1048", "T1052", "T1074", "T1132", "T1407", "T1423", "T1428", "T1521", "T1537", "T1567", "T1573", "T1639", "T1644", "T1646"]}, "Network Diversity": {"tactics": ["TA0001", "TA0003", "TA0006", "TA0007", "TA0009", "TA0030", "TA0034", "TA0040", "TA0043", "TA0100", "TA0102", "TA0108"], "techniques": ["T0842", "T0846", "T0860", "T0883", "T0887", "T1018", "T1040", "T1046", "T1133", "T1135", "T1499", "T1530", "T1538", "T1580", "T1595", "T1604", "T1642"]}, "Network Manipulation": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0005", "TA0006", "TA0007", "TA0008", "TA0009", "TA0010", "TA0011", "TA0030", "TA0032", "TA0033", "TA0034", "TA0035", "TA0036", "TA0037", "TA0040", "TA0043", "TA0100", "TA0101", "TA0102", "TA0103", "TA0104", "TA0105", "TA0106", "TA0107", "TA0108", "TA0109", "TA0110"], "techniques": ["T0800", "T0802", "T0804", "T0806", "T0813", "T0814", "T0815", "T0821", "T0826", "T0827", "T0829", "T0837", "T0838", "T0839", "T0840", "T0842", "T0845", "T0846", "T0855", "T0856", "T0857", "T0858", "T0860", "T0867", "T0869", "T0878", "T0880", "T0882", "T0884", "T0885", "T0886", "T0889", "T1008", "T1011", "T1018", "T1020", "T1021", "T1029", "T1030", "T1039", "T1040", "T1041", "T1046", "T1048", "T1052", "T1071", "T1080", "T1090", "T1095", "T1102", "T1104", "T1105", "T1111", "T1119", "T1123", "T1125", "T1132", "T1135", "T1187", "T1200", "T1205", "T1219", "T1407", "T1421", "T1422", "T1423", "T1428", "T1437", "T1464", "T1481", "T1498", "T1499", "T1512", "T1521", "T1530", "T1537", "T1544", "T1563", "T1567", "T1568", "T1570", "T1571", "T1572", "T1573", "T1580", "T1582", "T1595", "T1599", "T1604", "T1610", "T1616", "T1637", "T1639", "T1642", "T1643", "T1644", "T1646"]}, "Network Monitoring": {"tactics": ["TA0003", "TA0005", "TA0006", "TA0008", "TA0009", "TA0010", "TA0011", "TA0030", "TA0032", "TA0033", "TA0034", "TA0035", "TA0036", "TA0037", "TA0040", "TA0100", "TA0101", "TA0103", "TA0104", "TA0105", "TA0106", "TA0107", "TA0110"], "techniques": ["T0801", "T0802", "T0806", "T0807", "T0813", "T0814", "T0815", "T0820", "T0821", "T0826", "T0827", "T0829", "T0837", "T0838", "T0855", "T0856", "T0858", "T0868", "T0869", "T0871", "T0880", "T0881", "T0882", "T0885", "T0889", "T1008", "T1011", "T1020", "T1021", "T1029", "T1030", "T1041", "T1048", "T1052", "T1071", "T1090", "T1095", "T1102", "T1105", "T1132", "T1205", "T1421", "T1422", "T1423", "T1428", "T1437", "T1464", "T1481", "T1498", "T1509", "T1537", "T1544", "T1557", "T1567", "T1570", "T1571", "T1572", "T1582", "T1599", "T1600", "T1604", "T1638", "T1639", "T1643", "T1644", "T1646"]}, "Operational Objective": {"tactics": [], "techniques": []}, "Peripheral Management": {"tactics": ["TA0001", "TA0007", "TA0008", "TA0009", "TA0010", "TA0011", "TA0027", "TA0033", "TA0035", "TA0108"], "techniques": ["T0847", "T0864", "T1025", "T1052", "T1091", "T1092", "T1120", "T1123", "T1125", "T1135", "T1429", "T1458", "T1512"]}, "Persona Creation": {"tactics": [], "techniques": []}, "Personas": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0009", "TA0011", "TA0027", "TA0031", "TA0032", "TA0034", "TA0035", "TA0037", "TA0040", "TA0043", "TA0100", "TA0104", "TA0108", "TA0109", "TA0110"], "techniques": ["T0802", "T0811", "T0812", "T0822", "T0852", "T0859", "T0863", "T0891", "T1033", "T1069", "T1078", "T1083", "T1087", "T1092", "T1098", "T1113", "T1119", "T1125", "T1199", "T1204", "T1212", "T1217", "T1219", "T1420", "T1461", "T1512", "T1513", "T1517", "T1531", "T1555", "T1566", "T1582", "T1589", "T1593", "T1594", "T1598", "T1616", "T1634", "T1636", "T1640"]}, "Pocket Litter": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0008", "TA0009", "TA0010", "TA0011", "TA0030", "TA0031", "TA0032", "TA0034", "TA0035", "TA0040", "TA0043", "TA0100", "TA0102", "TA0103", "TA0105", "TA0107", "TA0108", "TA0109", "TA0110"], "techniques": ["T0800", "T0801", "T0802", "T0809", "T0811", "T0812", "T0820", "T0826", "T0827", "T0829", "T0830", "T0842", "T0846", "T0852", "T0859", "T0860", "T0868", "T0877", "T0880", "T0883", "T0888", "T1003", "T1005", "T1007", "T1010", "T1012", "T1016", "T1018", "T1020", "T1025", "T1033", "T1039", "T1040", "T1046", "T1047", "T1049", "T1056", "T1057", "T1069", "T1078", "T1082", "T1083", "T1087", "T1113", "T1114", "T1115", "T1119", "T1120", "T1123", "T1124", "T1125", "T1133", "T1135", "T1185", "T1213", "T1217", "T1219", "T1409", "T1414", "T1417", "T1418", "T1420", "T1421", "T1422", "T1423", "T1424", "T1426", "T1429", "T1485", "T1497", "T1512", "T1513", "T1518", "T1526", "T1530", "T1533", "T1538", "T1555", "T1557", "T1563", "T1565", "T1566", "T1580", "T1589", "T1590", "T1591", "T1592", "T1595", "T1598", "T1600", "T1602", "T1613", "T1614", "T1633", "T1636", "T1638", "T1641"]}, "Security Controls": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0008", "TA0009", "TA0010", "TA0011", "TA0027", "TA0028", "TA0029", "TA0030", "TA0031", "TA0033", "TA0034", "TA0035", "TA0036", "TA0037", "TA0040", "TA0041", "TA0100", "TA0103", "TA0104", "TA0105", "TA0106", "TA0107", "TA0108", "TA0109", "TA0110", "TA0111"], "techniques": ["T0800", "T0807", "T0809", "T0810", "T0811", "T0821", "T0822", "T0826", "T0827", "T0829", "T0838", "T0839", "T0843", "T0845", "T0847", "T0851", "T0855", "T0856", "T0857", "T0858", "T0866", "T0871", "T0872", "T0880", "T0881", "T0882", "T0889", "T0890", "T1005", "T1008", "T1011", "T1014", "T1020", "T1029", "T1030", "T1039", "T1041", "T1047", "T1048", "T1052", "T1055", "T1059", "T1068", "T1070", "T1072", "T1080", "T1091", "T1092", "T1098", "T1110", "T1111", "T1112", "T1134", "T1135", "T1136", "T1187", "T1197", "T1199", "T1200", "T1203", "T1207", "T1210", "T1211", "T1212", "T1213", "T1222", "T1404", "T1407", "T1428", "T1458", "T1489", "T1516", "T1525", "T1528", "T1530", "T1531", "T1533", "T1535", "T1537", "T1539", "T1542", "T1543", "T1546", "T1548", "T1550", "T1553", "T1556", "T1558", "T1562", "T1563", "T1567", "T1574", "T1577", "T1582", "T1599", "T1600", "T1601", "T1602", "T1604", "T1606", "T1609", "T1611", "T1612", "T1616", "T1617", "T1623", "T1624", "T1625", "T1626", "T1629", "T1630", "T1631", "T1632", "T1634", "T1635", "T1639", "T1640", "T1643", "T1644", "T1646"]}, "Software Manipulation": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0007", "TA0008", "TA0009", "TA0011", "TA0027", "TA0028", "TA0029", "TA0030", "TA0031", "TA0032", "TA0033", "TA0034", "TA0035", "TA0037", "TA0040", "TA0041", "TA0100", "TA0102", "TA0103", "TA0104", "TA0106", "TA0107", "TA0108", "TA0109", "TA0110", "TA0111"], "techniques": ["T0800", "T0802", "T0803", "T0804", "T0805", "T0806", "T0807", "T0809", "T0821", "T0822", "T0823", "T0834", "T0835", "T0836", "T0838", "T0839", "T0840", "T0842", "T0843", "T0845", "T0846", "T0855", "T0856", "T0857", "T0860", "T0867", "T0874", "T0878", "T0887", "T0888", "T0889", "T1001", "T1005", "T1006", "T1007", "T1012", "T1016", "T1018", "T1027", "T1033", "T1040", "T1046", "T1047", "T1049", "T1053", "T1057", "T1059", "T1069", "T1072", "T1082", "T1083", "T1087", "T1091", "T1106", "T1110", "T1119", "T1120", "T1124", "T1129", "T1134", "T1135", "T1140", "T1197", "T1201", "T1202", "T1216", "T1217", "T1218", "T1220", "T1398", "T1404", "T1406", "T1409", "T1418", "T1420", "T1421", "T1422", "T1423", "T1424", "T1426", "T1430", "T1458", "T1471", "T1485", "T1486", "T1496", "T1516", "T1518", "T1521", "T1531", "T1532", "T1533", "T1554", "T1559", "T1560", "T1561", "T1564", "T1569", "T1573", "T1575", "T1577", "T1578", "T1582", "T1603", "T1613", "T1614", "T1616", "T1623", "T1628", "T1635", "T1640", "T1645"]}, "Storyboarding": {"tactics": [], "techniques": []}, "System Activity Monitoring": {"tactics": ["TA0001", "TA0002", "TA0003", "TA0004", "TA0005", "TA0006", "TA0008", "TA0011", "TA0027", "TA0028", "TA0030", "TA0033", "TA0034", "TA0035", "TA0040", "TA0041", "TA0105", "TA0107", "TA0109", "TA0110"], "techniques": ["T0812", "T0829", "T0832", "T0859", "T0878", "T1003", "T1036", "T1053", "T1070", "T1078", "T1080", "T1091", "T1092", "T1098", "T1110", "T1112", "T1133", "T1136", "T1137", "T1207", "T1429", "T1458", "T1490", "T1495", "T1516", "T1531", "T1541", "T1552", "T1555", "T1562", "T1566", "T1603", "T1617", "T1629", "T1630", "T1636", "T1640"]}, "Threat Model": {"tactics": [], "techniques": []}}
{"G0001": ["T1003", "T1005", "T1078", "T1189", "T1190", "T1203", "T1553", "T1560", "T1566"], "G0002": [], "G0003": [], "G0004": ["T1005", "T1007", "T1016", "T1018", "T1020", "T1027", "T1033", "T1041", "T1049", "T1057", "T1059", "T1078", "T1082", "T1083", "T1105", "T1119", "T1133", "T1140", "T1190", "T1560"], "G0005": ["T1203"], "G0006": ["T1005", "T1007", "T1016", "T1049", "T1057", "T1119", "T1135"], "G0007": ["T1003", "T1005", "T1014", "T1025", "T1027", "T1030", "T1036", "T1039", "T1040", "T1057", "T1068", "T1078", "T1083", "T1091", "T1092", "T1105", "T1110", "T1113", "T1119", "T1120", "T1133", "T1140", "T1189", "T1190", "T1199", "T1203", "T1210", "T1211", "T1213", "T1221", "T1498", "T1528", "T1560", "T1567", "T1598"], "G0008": ["T1078", "T1219"], "G0009": ["T1018", "T1047", "T1057"], "G0010": ["T1005", "T1007", "T1012", "T1016", "T1018", "T1025", "T1049", "T1055", "T1057", "T1068", "T1082", "T1083", "T1090", "T1102", "T1105", "T1106", "T1110", "T1112", "T1120", "T1124", "T1140", "T1189", "T1201", "T1213", "T1570", "T1615"], "G0011": ["T1078"], "G0012": ["T1016", "T1027", "T1057", "T1080", "T1082", "T1083", "T1091", "T1105", "T1124", "T1140", "T1189", "T1203", "T1497"], "G0013": [], "G0016": ["T1005", "T1037", "T1047", "T1068", "T1078", "T1105", "T1133", "T1190", "T1199", "T1203", "T1568", "T1573", "T1621", "T1649", "T1651"], "G0017": [], "G0018": ["T1007", "T1016", "T1049", "T1082", "T1083", "T1203"], "G0019": ["T1016", "T1018", "T1046", "T1047"], "G0020": ["T1120"], "G0021": ["T1027", "T1057", "T1105", "T1140"], "G0022": ["T1005", "T1016", "T1018", "T1027", "T1033", "T1041", "T1049", "T1057", "T1069", "T1082", "T1083", "T1095", "T1098", "T1104", "T1105", "T1203"], "G0023": [], "G0024": ["T1027"], "G0025": ["T1585"], "G0026": ["T1027", "T1078", "T1082", "T1083", "T1105", "T1133"], "G0027": ["T1005", "T1012", "T1016", "T1018", "T1027", "T1030", "T1033", "T1046", "T1047", "T1049", "T1068", "T1078", "T1105", "T1112", "T1119", "T1133", "T1140", "T1189", "T1190", "T1199", "T1203", "T1210"], "G0028": ["T1072"], "G0029": [], "G0030": [], "G0032": ["T0865", "T1005", "T1008", "T1010", "T1012", "T1016", "T1027", "T1033", "T1041", "T1046", "T1047", "T1049", "T1057", "T1070", "T1078", "T1082", "T1083", "T1098", "T1104", "T1105", "T1106", "T1124", "T1140", "T1189", "T1202", "T1203", "T1218", "T1485", "T1489", "T1529", "T1560", "T1571", "T1591", "T1620"], "G0033": ["T1003", "T1007", "T1049", "T1057"], "G0034": ["T0807", "T0819", "T0884", "T1005", "T1018", "T1027", "T1033", "T1040", "T1041", "T1047", "T1049", "T1072", "T1078", "T1082", "T1083", "T1090", "T1105", "T1133", "T1140", "T1199", "T1203", "T1219", "T1485", "T1486", "T1499", "T1570", "T1571", "T1593", "T1594"], "G0035": ["T0817", "T0862", "T1005", "T1012", "T1016", "T1018", "T1033", "T1036", "T1059", "T1078", "T1083", "T1098", "T1105", "T1110", "T1112", "T1113", "T1133", "T1135", "T1187", "T1189", "T1190", "T1203", "T1210", "T1221", "T1560"], "G0036": [], "G0037": ["T1005", "T1018", "T1046", "T1047", "T1059", "T1068", "T1078", "T1095", "T1102", "T1119", "T1134", "T1213", "T1555", "T1560", "T1572"], "G0038": ["T1005", "T1012", "T1016", "T1033", "T1041", "T1047", "T1057", "T1059", "T1082", "T1555"], "G0039": ["T1003", "T1046", "T1078"], "G0040": ["T1005", "T1033", "T1082", "T1083", "T1105", "T1112", "T1119", "T1189", "T1197", "T1203", "T1560"], "G0041": [], "G0043": ["T1027", "T1113"], "G0044": ["T1014", "T1057", "T1083", "T1105"], "G0045": ["T1005", "T1016", "T1018", "T1027", "T1036", "T1039", "T1046", "T1047", "T1049", "T1078", "T1083", "T1105", "T1106", "T1119", "T1140", "T1190", "T1199", "T1210", "T1560"], "G0046": ["T1005", "T1008", "T1033", "T1047", "T1059", "T1078", "T1091", "T1105", "T1113", "T1125", "T1210", "T1219", "T1486", "T1571"], "G0047": ["T1005", "T1020", "T1025", "T1027", "T1033", "T1039", "T1041", "T1047", "T1057", "T1080", "T1082", "T1083", "T1102", "T1105", "T1106", "T1112", "T1113", "T1119", "T1120", "T1137", "T1140", "T1221", "T1485", "T1534", "T1568"], "G0048": ["T1189", "T1219"], "G0049": ["T0817", "T0853", "T0859", "T0865", "T0869", "T1007", "T1008", "T1012", "T1016", "T1027", "T1033", "T1036", "T1046", "T1047", "T1049", "T1057", "T1059", "T1078", "T1082", "T1105", "T1110", "T1113", "T1119", "T1120", "T1133", "T1140", "T1201", "T1555", "T1572"], "G0050": ["T1003", "T1012", "T1016", "T1018", "T1027", "T1033", "T1036", "T1041", "T1046", "T1047", "T1049", "T1055", "T1059", "T1068", "T1072", "T1082", "T1083", "T1102", "T1105", "T1112", "T1135", "T1137", "T1189", "T1203", "T1560", "T1570", "T1571", "T1589"], "G0051": ["T1033", "T1078", "T1570"], "G0052": ["T1090"], "G0053": ["T1018", "T1059", "T1078", "T1110", "T1119", "T1133"], "G0054": ["T1003", "T1039", "T1082", "T1083", "T1135"], "G0055": [], "G0056": ["T1189"], "G0059": ["T1005", "T1016", "T1018", "T1027", "T1033", "T1046", "T1047", "T1049", "T1057", "T1071", "T1082", "T1083", "T1090", "T1098", "T1105", "T1112", "T1113", "T1114", "T1189", "T1190", "T1482", "T1486", "T1562", "T1567", "T1570", "T1571", "T1572", "T1573", "T1589"], "G0060": ["T1005", "T1007", "T1018", "T1036", "T1039", "T1080", "T1083", "T1105", "T1113", "T1124", "T1140", "T1189", "T1203", "T1518"], "G0061": ["T1018", "T1033", "T1047", "T1068", "T1078", "T1082", "T1102", "T1105", "T1112", "T1482", "T1486"], "G0062": ["T1203"], "G0063": ["T1027"], "G0064": ["T0852", "T0853", "T0865", "T1027", "T1040", "T1068", "T1078", "T1105", "T1203", "T1555", "T1571"], "G0065": ["T1003", "T1027", "T1041", "T1047", "T1078", "T1105", "T1133", "T1140", "T1189", "T1197", "T1203", "T1534", "T1560", "T1572"], "G0066": ["T1027", "T1105", "T1189", "T1203"], "G0067": ["T1005", "T1027", "T1033", "T1055", "T1057", "T1059", "T1082", "T1105", "T1106", "T1120", "T1123", "T1189", "T1203", "T1529"], "G0068": ["T1036", "T1055", "T1068", "T1095", "T1105", "T1189"], "G0069": ["T1016", "T1033", "T1041", "T1047", "T1049", "T1057", "T1082", "T1083", "T1104", "T1105", "T1113", "T1140", "T1190", "T1203", "T1210", "T1219", "T1518", "T1555"], "G0070": ["T1005", "T1027", "T1083", "T1113", "T1189"], "G0071": [], "G0073": ["T1016", "T1027", "T1033", "T1059", "T1082", "T1112", "T1140", "T1189"], "G0075": ["T1105"], "G0076": ["T1219"], "G0077": ["T1018", "T1046", "T1083", "T1189", "T1555"], "G0078": ["T1105", "T1106", "T1112", "T1140"], "G0079": ["T1187", "T1221"], "G0080": ["T1046", "T1055", "T1068", "T1105", "T1203", "T1219", "T1220", "T1572"], "G0081": ["T1016", "T1020", "T1027", "T1033", "T1046", "T1049", "T1057", "T1082", "T1083", "T1091", "T1105", "T1106", "T1119", "T1135", "T1140", "T1203", "T1221", "T1518", "T1573"], "G0082": ["T1005", "T1033", "T1049", "T1057", "T1082", "T1083", "T1105", "T1106", "T1110", "T1112", "T1115", "T1135", "T1189", "T1217", "T1485", "T1486", "T1529"], "G0083": ["T1657"], "G0084": ["T1027"], "G0085": ["T1078"], "G0087": ["T1003", "T1005", "T1012", "T1018", "T1027", "T1033", "T1041", "T1046", "T1056", "T1059", "T1078", "T1083", "T1105", "T1110", "T1113", "T1115", "T1135", "T1140", "T1190", "T1197", "T1555"], "G0088": ["T0817", "T0859", "T0862", "T0886", "T1078", "T1133", "T1571"], "G0089": ["T1124", "T1203"], "G0090": ["T1105", "T1140", "T1571"], "G0091": ["T1018", "T1055", "T1072", "T1078", "T1105", "T1106", "T1112", "T1113", "T1125", "T1571"], "G0092": ["T1027", "T1069", "T1105", "T1106", "T1112", "T1140", "T1486"], "G0093": ["T1005", "T1016", "T1018", "T1027", "T1033", "T1041", "T1047", "T1049", "T1078", "T1105", "T1133", "T1190", "T1570"], "G0094": ["T1005", "T1007", "T1012", "T1016", "T1027", "T1036", "T1040", "T1041", "T1055", "T1057", "T1082", "T1083", "T1098", "T1105", "T1111", "T1112", "T1133", "T1140", "T1176", "T1190", "T1219", "T1534", "T1557", "T1587", "T1591", "T1594"], "G0095": ["T1189"], "G0096": ["T1005", "T1008", "T1014", "T1016", "T1027", "T1033", "T1046", "T1047", "T1049", "T1055", "T1078", "T1083", "T1090", "T1098", "T1104", "T1105", "T1112", "T1133", "T1135", "T1190", "T1197", "T1203", "T1486", "T1496"], "G0097": [], "G0098": ["T1046", "T1106", "T1190", "T1203"], "G0099": ["T1027", "T1105", "T1571"], "G0100": ["T1005", "T1027", "T1057", "T1082", "T1083", "T1102", "T1203", "T1221", "T1518"], "G0102": ["T1005", "T1016", "T1018", "T1021", "T1033", "T1041", "T1047", "T1055", "T1074", "T1078", "T1082", "T1105", "T1112", "T1133", "T1135", "T1197", "T1210", "T1489", "T1490", "T1518", "T1570"], "G0103": ["T1027"], "G0105": ["T1040", "T1046", "T1110", "T1135", "T1200", "T1219", "T1571"], "G0106": ["T1014", "T1018", "T1027", "T1037", "T1046", "T1057", "T1071", "T1082", "T1102", "T1105", "T1140", "T1190", "T1496", "T1571"], "G0107": ["T1027", "T1059", "T1068", "T1105"], "G0108": ["T1027", "T1047", "T1082", "T1090", "T1112", "T1134", "T1190", "T1496"], "G0112": ["T1027", "T1033", "T1036", "T1047", "T1057", "T1082", "T1105", "T1189", "T1406", "T1407", "T1420", "T1426", "T1429", "T1430", "T1512", "T1518", "T1533"], "G0114": ["T1007", "T1012", "T1016", "T1018", "T1033", "T1039", "T1041", "T1046", "T1047", "T1049", "T1057", "T1078", "T1082", "T1083", "T1105", "T1106", "T1111", "T1119", "T1124", "T1133", "T1135", "T1201", "T1217", "T1482", "T1570", "T1572"], "G0115": ["T1113", "T1133", "T1190", "T1199", "T1219", "T1566"], "G0117": ["T1005", "T1012", "T1018", "T1027", "T1039", "T1046", "T1059", "T1078", "T1083", "T1090", "T1102", "T1105", "T1110", "T1190", "T1210", "T1213", "T1217", "T1530", "T1572", "T1585"], "G0119": ["T1007", "T1018", "T1047", "T1105", "T1136", "T1486", "T1489"], "G0120": ["T1105", "T1219", "T1539", "T1555"], "G0121": ["T1016", "T1020", "T1027", "T1033", "T1057", "T1082", "T1083", "T1105", "T1119", "T1124", "T1203", "T1518"], "G0122": ["T1078", "T1114", "T1594"], "G0123": ["T1105", "T1190"], "G0124": ["T1005", "T1059", "T1082", "T1083", "T1090", "T1189", "T1518"], "G0125": ["T1005", "T1016", "T1018", "T1033", "T1057", "T1083", "T1095", "T1098", "T1105", "T1190", "T1590"], "G0126": ["T1016", "T1027", "T1029", "T1041", "T1057", "T1082", "T1106", "T1124", "T1140", "T1203", "T1220"], "G0127": ["T1036", "T1105"], "G0128": ["T1012", "T1016", "T1033", "T1036", "T1041", "T1068", "T1082", "T1105", "T1124", "T1140", "T1598"], "G0129": ["T1016", "T1027", "T1047", "T1049", "T1057", "T1082", "T1083", "T1091", "T1102", "T1105", "T1119", "T1203", "T1219", "T1518", "T1608"], "G0130": ["T1105"], "G0131": ["T1003", "T1068", "T1105", "T1135", "T1203", "T1210"], "G0133": ["T1036", "T1105"], "G0134": ["T1027", "T1189", "T1203", "T1568"], "G0135": ["T1027", "T1046", "T1049", "T1095", "T1105", "T1120", "T1190"], "G0136": ["T1105"], "G0137": [], "G0138": ["T1005", "T1049", "T1057", "T1105", "T1189", "T1203"], "G0139": ["T1007", "T1014", "T1016", "T1027", "T1036", "T1046", "T1048", "T1049", "T1057", "T1071", "T1082", "T1083", "T1102", "T1105", "T1120", "T1133", "T1140", "T1219", "T1496", "T1569", "T1609", "T1610", "T1611", "T1613"], "G0140": ["T1036", "T1102", "T1105"], "G0142": ["T1041", "T1082", "T1083", "T1105", "T1119", "T1203", "T1221"], "G0143": ["T1007", "T1082", "T1105"], "G1000": ["T0817", "T0852", "T0859", "T0865"], "G1001": ["T1010", "T1016", "T1018", "T1033", "T1049", "T1057", "T1082", "T1105", "T1110", "T1518", "T1534", "T1555", "T1589"], "G1002": ["T1027", "T1068", "T1095", "T1105", "T1203", "T1568", "T1573"], "G1003": ["T1027", "T1102", "T1105", "T1112", "T1203"], "G1004": ["T1005", "T1068", "T1078", "T1090", "T1111", "T1133", "T1199", "T1204", "T1213", "T1485", "T1489", "T1531", "T1589", "T1621", "T1656"], "G1005": ["T1078", "T1090", "T1199"], "G1006": ["T1007", "T1016", "T1018", "T1027", "T1033", "T1047", "T1049", "T1053", "T1057", "T1090", "T1112", "T1140", "T1189", "T1190", "T1210", "T1482"], "G1007": ["T1083", "T1091", "T1203", "T1570"], "G1008": ["T1016", "T1082", "T1105", "T1106", "T1518", "T1614"], "G1009": ["T1016", "T1027", "T1082", "T1105", "T1190"], "G1011": ["T1102", "T1203", "T1594", "T1597"], "G1012": ["T1005"], "G1013": ["T1027", "T1095", "T1105"], "G1014": ["T1005", "T1030", "T1033", "T1041", "T1083", "T1091", "T1105", "T1112", "T1539", "T1560"], "G1015": ["T1068", "T1133", "T1598", "T1621"], "G1016": ["T1005", "T1016", "T1036", "T1046", "T1047", "T1049", "T1069", "T1082", "T1083", "T1087", "T1098", "T1105", "T1133", "T1135", "T1140", "T1190", "T1556", "T1565", "T1572", "T1589", "T1657"], "G1017": ["T1005", "T1012", "T1016", "T1018", "T1033", "T1047", "T1049", "T1057", "T1074", "T1082", "T1090", "T1190", "T1518", "T1555", "T1570", "T1654"], "G1018": ["T1027", "T1047", "T1055", "T1082", "T1105", "T1568"], "G1019": ["T1068", "T1090", "T1113", "T1659"]}
{"enterprise": {"groups": ["admin@338 (G0018)", "Ajax Security Team (G0130)", "Andariel (G0138)", "Aoqin Dragon (G1007)", "APT-C-36 (G0099)", "APT1 (G0006)", "APT12 (G0005)", "APT16 (G0023)", "APT17 (G0025)", "APT18 (G0026)", "APT19 (G0073)", "APT28 (G0007)", "APT29 (G0016)", "APT3 (G0022)", "APT30 (G0013)", "APT32 (G0050)", "APT33 (G0064)", "APT37 (G0067)", "APT38 (G0082)", "APT39 (G0087)", "APT41 (G0096)", "Aquatic Panda (G0143)", "Axiom (G0001)", "BackdoorDiplomacy (G0135)", "BITTER (G1002)", "BlackOasis (G0063)", "BlackTech (G0098)", "Blue Mockingbird (G0108)", "Bouncing Golf (G0097)", "BRONZE BUTLER (G0060)", "Carbanak (G0008)", "Chimera (G0114)", "Cleaver (G0003)", "Cobalt Group (G0080)", "Confucius (G0142)", "CopyKittens (G0052)", "CURIUM (G1012)", "Dark Caracal (G0070)", "Darkhotel (G0012)", "DarkHydrus (G0079)", "DarkVishnya (G0105)", "Deep Panda (G0009)", "Dragonfly (G0035)", "DragonOK (G0017)", "Earth Lusca (G1006)", "Elderwood (G0066)", "Ember Bear (G1003)", "Equation (G0020)", "Evilnum (G0120)", "EXOTIC LILY (G1011)", "Ferocious Kitten (G0137)", "FIN10 (G0051)", "FIN13 (G1016)", "FIN4 (G0085)", "FIN5 (G0053)", "FIN6 (G0037)", "FIN7 (G0046)", "FIN8 (G0061)", "Fox Kitten (G0117)", "GALLIUM (G0093)", "Gallmaker (G0084)", "Gamaredon Group (G0047)", "GCMAN (G0036)", "GOLD SOUTHFIELD (G0115)", "Gorgon Group (G0078)", "Group5 (G0043)", "HAFNIUM (G0125)", "HEXANE (G1001)", "Higaisa (G0126)", "Inception (G0100)", "IndigoZebra (G0136)", "Indrik Spider (G0119)", "Ke3chang (G0004)", "Kimsuky (G0094)", "LAPSUS$ (G1004)", "Lazarus Group (G0032)", "LazyScripter (G0140)", "Leafminer (G0077)", "Leviathan (G0065)", "Lotus Blossom (G0030)", "LuminousMoth (G1014)", "Machete (G0095)", "Magic Hound (G0059)", "menuPass (G0045)", "Metador (G1013)", "Moafee (G0002)", "Mofang (G0103)", "Molerats (G0021)", "Moses Staff (G1009)", "MoustachedBouncer (G1019)", "MuddyWater (G0069)", "Mustang Panda (G0129)", "Naikon (G0019)", "NEODYMIUM (G0055)", "Nomadic Octopus (G0133)", "OilRig (G0049)", "Orangeworm (G0071)", "Patchwork (G0040)", "PittyTiger (G0011)", "PLATINUM (G0068)", "POLONIUM (G1005)", "Poseidon Group (G0033)", "PROMETHIUM (G0056)", "Putter Panda (G0024)", "Rancor (G0075)", "Rocke (G0106)", "RTM (G0048)", "Sandworm Team (G0034)", "Scarlet Mimic (G0029)", "Scattered Spider (G1015)", "SideCopy (G1008)", "Sidewinder (G0121)", "Silence (G0091)", "Silent Librarian (G0122)", "SilverTerrier (G0083)", "Sowbug (G0054)", "Stealth Falcon (G0038)", "Strider (G0041)", "Suckfly (G0039)", "TA2541 (G1018)", "TA459 (G0062)", "TA505 (G0092)", "TA551 (G0127)", "TeamTNT (G0139)", "TEMP.Veles (G0088)", "The White Company (G0089)", "Threat Group-1314 (G0028)", "Threat Group-3390 (G0027)", "Thrip (G0076)", "Tonto Team (G0131)", "Transparent Tribe (G0134)", "Tropic Trooper (G0081)", "Turla (G0010)", "Volatile Cedar (G0123)", "Volt Typhoon (G1017)", "Whitefly (G0107)", "Windigo (G0124)", "Windshift (G0112)", "Winnti Group (G0044)", "WIRTE (G0090)", "Wizard Spider (G0102)", "ZIRCONIUM (G0128)"], "tactics": ["Collection (TA0009)", "Command and Control (TA0011)", "Credential Access (TA0006)", "Defense Evasion (TA0005)", "Discovery (TA0007)", "Execution (TA0002)", "Exfiltration (TA0010)", "Impact (TA0040)", "Initial Access (TA0001)", "Lateral Movement (TA0008)", "Persistence (TA0003)", "Privilege Escalation (TA0004)", "Reconnaissance (TA0043)", "Resource Development (TA0042)"], "techniques": ["Abuse Elevation Control Mechanism (T1548)", "Access Token Manipulation (T1134)", "Account Access Removal (T1531)", "Account Discovery (T1087)", "Account Manipulation (T1098)", "Acquire Access (T1650)", "Acquire Infrastructure (T1583)", "Active Scanning (T1595)", "Adversary-in-the-Middle (T1557)", "Application Layer Protocol (T1071)", "Application Window Discovery (T1010)", "Archive Collected Data (T1560)", "Audio Capture (T1123)", "Automated Collection (T1119)", "Automated Exfiltration (T1020)", "BITS Jobs (T1197)", "Boot or Logon Autostart Execution (T1547)", "Boot or Logon Initialization Scripts (T1037)", "Browser Extensions (T1176)", "Browser Information Discovery (T1217)", "Browser Session Hijacking (T1185)", "Brute Force (T1110)", "Build Image on Host (T1612)", "Clipboard Data (T1115)", "Cloud Administration Command (T1651)", "Cloud Infrastructure Discovery (T1580)", "Cloud Service Dashboard (T1538)", "Cloud Service Discovery (T1526)", "Cloud Storage Object Discovery (T1619)", "Command and Scripting Interpreter (T1059)", "Communication Through Removable Media (T1092)", "Compromise Accounts (T1586)", "Compromise Client Software Binary (T1554)", "Compromise Infrastructure (T1584)", "Container Administration Command (T1609)", "Container and Resource Discovery (T1613)", "Content Injection (T1659)", "Create Account (T1136)", "Create or Modify System Process (T1543)", "Credentials from Password Stores (T1555)", "Data Destruction (T1485)", "Data Encoding (T1132)", "Data Encrypted for Impact (T1486)", "Data from Cloud Storage (T1530)", "Data from Configuration Repository (T1602)", "Data from Information Repositories (T1213)", "Data from Local System (T1005)", "Data from Network Shared Drive (T1039)", "Data from Removable Media (T1025)", "Data Manipulation (T1565)", "Data Obfuscation (T1001)", "Data Staged (T1074)", "Data Transfer Size Limits (T1030)", "Debugger Evasion (T1622)", "Defacement (T1491)", "Deobfuscate/Decode Files or Information (T1140)", "Deploy Container (T1610)", "Develop Capabilities (T1587)", "Device Driver Discovery (T1652)", "Direct Volume Access (T1006)", "Disk Wipe (T1561)", "Domain Policy Modification (T1484)", "Domain Trust Discovery (T1482)", "Drive-by Compromise (T1189)", "Dynamic Resolution (T1568)", "Email Collection (T1114)", "Encrypted Channel (T1573)", "Endpoint Denial of Service (T1499)", "Escape to Host (T1611)", "Establish Accounts (T1585)", "Event Triggered Execution (T1546)", "Execution Guardrails (T1480)", "Exfiltration Over Alternative Protocol (T1048)", "Exfiltration Over C2 Channel (T1041)", "Exfiltration Over Other Network Medium (T1011)", "Exfiltration Over Physical Medium (T1052)", "Exfiltration Over Web Service (T1567)", "Exploit Public-Facing Application (T1190)", "Exploitation for Client Execution (T1203)", "Exploitation for Credential Access (T1212)", "Exploitation for Defense Evasion (T1211)", "Exploitation for Privilege Escalation (T1068)", "Exploitation of Remote Services (T1210)", "External Remote Services (T1133)", "Fallback Channels (T1008)", "File and Directory Discovery (T1083)", "File and Directory Permissions Modification (T1222)", "Financial Theft (T1657)", "Firmware Corruption (T1495)", "Forced Authentication (T1187)", "Forge Web Credentials (T1606)", "Gather Victim Host Information (T1592)", "Gather Victim Identity Information (T1589)", "Gather Victim Network Information (T1590)", "Gather Victim Org Information (T1591)", "Group Policy Discovery (T1615)", "Hardware Additions (T1200)", "Hide Artifacts (T1564)", "Hijack Execution Flow (T1574)", "Impair Defenses (T1562)", "Impersonation (T1656)", "Implant Internal Image (T1525)", "Indicator Removal (T1070)", "Indirect Command Execution (T1202)", "Ingress Tool Transfer (T1105)", "Inhibit System Recovery (T1490)", "Input Capture (T1056)", "Inter-Process Communication (T1559)", "Internal Spearphishing (T1534)", "Lateral Tool Transfer (T1570)", "Log Enumeration (T1654)", "Masquerading (T1036)", "Modify Authentication Process (T1556)", "Modify Cloud Compute Infrastructure (T1578)", "Modify Registry (T1112)", "Modify System Image (T1601)", "Multi-Factor Authentication Interception (T1111)", "Multi-Factor Authentication Request Generation (T1621)", "Multi-Stage Channels (T1104)", "Native API (T1106)", "Network Boundary Bridging (T1599)", "Network Denial of Service (T1498)", "Network Service Discovery (T1046)", "Network Share Discovery (T1135)", "Network Sniffing (T1040)", "Non-Application Layer Protocol (T1095)", "Non-Standard Port (T1571)", "Obfuscated Files or Information (T1027)", "Obtain Capabilities (T1588)", "Office Application Startup (T1137)", "OS Credential Dumping (T1003)", "Password Policy Discovery (T1201)", "Peripheral Device Discovery (T1120)", "Permission Groups Discovery (T1069)", "Phishing (T1566)", "Phishing for Information (T1598)", "Plist File Modification (T1647)", "Power Settings (T1653)", "Pre-OS Boot (T1542)", "Process Discovery (T1057)", "Process Injection (T1055)", "Protocol Tunneling (T1572)", "Proxy (T1090)", "Query Registry (T1012)", "Reflective Code Loading (T1620)", "Remote Access Software (T1219)", "Remote Service Session Hijacking (T1563)", "Remote Services (T1021)", "Remote System Discovery (T1018)", "Replication Through Removable Media (T1091)", "Resource Hijacking (T1496)", "Rogue Domain Controller (T1207)", "Rootkit (T1014)", "Scheduled Task/Job (T1053)", "Scheduled Transfer (T1029)", "Screen Capture (T1113)", "Search Closed Sources (T1597)", "Search Open Technical Databases (T1596)", "Search Open Websites/Domains (T1593)", "Search Victim-Owned Websites (T1594)", "Server Software Component (T1505)", "Serverless Execution (T1648)", "Service Stop (T1489)", "Shared Modules (T1129)", "Software Deployment Tools (T1072)", "Software Discovery (T1518)", "Stage Capabilities (T1608)", "Steal Application Access Token (T1528)", "Steal or Forge Authentication Certificates (T1649)", "Steal or Forge Kerberos Tickets (T1558)", "Steal Web Session Cookie (T1539)", "Subvert Trust Controls (T1553)", "Supply Chain Compromise (T1195)", "System Binary Proxy Execution (T1218)", "System Information Discovery (T1082)", "System Location Discovery (T1614)", "System Network Configuration Discovery (T1016)", "System Network Connections Discovery (T1049)", "System Owner/User Discovery (T1033)", "System Script Proxy Execution (T1216)", "System Service Discovery (T1007)", "System Services (T1569)", "System Shutdown/Reboot (T1529)", "System Time Discovery (T1124)", "Taint Shared Content (T1080)", "Template Injection (T1221)", "Traffic Signaling (T1205)", "Transfer Data to Cloud Account (T1537)", "Trusted Developer Utilities Proxy Execution (T1127)", "Trusted Relationship (T1199)", "Unsecured Credentials (T1552)", "Unused/Unsupported Cloud Regions (T1535)", "Use Alternate Authentication Material (T1550)", "User Execution (T1204)", "Valid Accounts (T1078)", "Video Capture (T1125)", "Virtualization/Sandbox Evasion (T1497)", "Weaken Encryption (T1600)", "Web Service (T1102)", "Windows Management Instrumentation (T1047)", "XSL Script Processing (T1220)"]}, "mobile": {"groups": ["APT28 (G0007)", "Bouncing Golf (G0097)", "Confucius (G0142)", "Dark Caracal (G0070)", "Earth Lusca (G1006)", "MoustachedBouncer (G1019)", "Sandworm Team (G0034)", "Windshift (G0112)"], "tactics": ["Collection (TA0035)", "Command and Control (TA0037)", "Credential Access (TA0031)", "Defense Evasion (TA0030)", "Discovery (TA0032)", "Execution (TA0041)", "Exfiltration (TA0036)", "Impact (TA0034)", "Initial Access (TA0027)", "Lateral Movement (TA0033)", "Persistence (TA0028)", "Privilege Escalation (TA0029)"], "techniques": ["Abuse Elevation Control Mechanism (T1626)", "Access Notifications (T1517)", "Account Access Removal (T1640)", "Adversary-in-the-Middle (T1638)", "Application Layer Protocol (T1437)", "Application Versioning (T1661)", "Archive Collected Data (T1532)", "Audio Capture (T1429)", "Boot or Logon Initialization Scripts (T1398)", "Call Control (T1616)", "Clipboard Data (T1414)", "Command and Scripting Interpreter (T1623)", "Compromise Application Executable (T1577)", "Compromise Client Software Binary (T1645)", "Credentials from Password Store (T1634)", "Data Destruction (T1662)", "Data Encrypted for Impact (T1471)", "Data from Local System (T1533)", "Data Manipulation (T1641)", "Download New Code at Runtime (T1407)", "Drive-By Compromise (T1456)", "Dynamic Resolution (T1637)", "Encrypted Channel (T1521)", "Endpoint Denial of Service (T1642)", "Event Triggered Execution (T1624)", "Execution Guardrails (T1627)", "Exfiltration Over Alternative Protocol (T1639)", "Exfiltration Over C2 Channel (T1646)", "Exploitation for Client Execution (T1658)", "Exploitation for Privilege Escalation (T1404)", "Exploitation of Remote Services (T1428)", "File and Directory Discovery (T1420)", "Foreground Persistence (T1541)", "Generate Traffic from Victim (T1643)", "Hide Artifacts (T1628)", "Hijack Execution Flow (T1625)", "Hooking (T1617)", "Impair Defenses (T1629)", "Indicator Removal on Host (T1630)", "Ingress Tool Transfer (T1544)", "Input Capture (T1417)", "Input Injection (T1516)", "Location Tracking (T1430)", "Lockscreen Bypass (T1461)", "Masquerading (T1655)", "Native API (T1575)", "Network Denial of Service (T1464)", "Network Service Scanning (T1423)", "Non-Standard Port (T1509)", "Obfuscated Files or Information (T1406)", "Out of Band Data (T1644)", "Phishing (T1660)", "Process Discovery (T1424)", "Process Injection (T1631)", "Protected User Data (T1636)", "Proxy Through Victim (T1604)", "Remote Access Software (T1663)", "Replication Through Removable Media (T1458)", "Scheduled Task/Job (T1603)", "Screen Capture (T1513)", "SMS Control (T1582)", "Software Discovery (T1418)", "Steal Application Access Token (T1635)", "Stored Application Data (T1409)", "Subvert Trust Controls (T1632)", "Supply Chain Compromise (T1474)", "System Information Discovery (T1426)", "System Network Configuration Discovery (T1422)", "System Network Connections Discovery (T1421)", "Video Capture (T1512)", "Virtualization/Sandbox Evasion (T1633)", "Web Service (T1481)"]}, "ics": {"groups": ["ALLANITE (G1000)", "APT33 (G0064)", "APT38 (G0082)", "Dragonfly (G0035)", "FIN6 (G0037)", "FIN7 (G0046)", "GOLD SOUTHFIELD (G0115)", "HEXANE (G1001)", "Lazarus Group (G0032)", "Leafminer (G0077)", "OilRig (G0049)", "Sandworm Team (G0034)", "TEMP.Veles (G0088)", "Wizard Spider (G0102)"], "tactics": ["Collection (TA0100)", "Command and Control (TA0101)", "Discovery (TA0102)", "Evasion (TA0103)", "Execution (TA0104)", "Impact (TA0105)", "Impair Process Control (TA0106)", "Inhibit Response Function (TA0107)", "Initial Access (TA0108)", "Lateral Movement (TA0109)", "Persistence (TA0110)", "Privilege Escalation (TA0111)"], "techniques": ["Activate Firmware Update Mode (T0800)", "Adversary-in-the-Middle (T0830)", "Alarm Suppression (T0878)", "Automated Collection (T0802)", "Block Command Message (T0803)", "Block Reporting Message (T0804)", "Block Serial COM (T0805)", "Brute Force I/O (T0806)", "Change Credential (T0892)", "Change Operating Mode (T0858)", "Command-Line Interface (T0807)", "Commonly Used Port (T0885)", "Connection Proxy (T0884)", "Damage to Property (T0879)", "Data Destruction (T0809)", "Data from Information Repositories (T0811)", "Data from Local System (T0893)", "Default Credentials (T0812)", "Denial of Control (T0813)", "Denial of Service (T0814)", "Denial of View (T0815)", "Detect Operating Mode (T0868)", "Device Restart/Shutdown (T0816)", "Drive-by Compromise (T0817)", "Execution through API (T0871)", "Exploit Public-Facing Application (T0819)", "Exploitation for Evasion (T0820)", "Exploitation for Privilege Escalation (T0890)", "Exploitation of Remote Services (T0866)", "External Remote Services (T0822)", "Graphical User Interface (T0823)", "Hardcoded Credentials (T0891)", "Hooking (T0874)", "I/O Image (T0877)", "Indicator Removal on Host (T0872)", "Internet Accessible Device (T0883)", "Lateral Tool Transfer (T0867)", "Loss of Availability (T0826)", "Loss of Control (T0827)", "Loss of Productivity and Revenue (T0828)", "Loss of Protection (T0837)", "Loss of Safety (T0880)", "Loss of View (T0829)", "Manipulate I/O Image (T0835)", "Manipulation of Control (T0831)", "Manipulation of View (T0832)", "Masquerading (T0849)", "Modify Alarm Settings (T0838)", "Modify Controller Tasking (T0821)", "Modify Parameter (T0836)", "Modify Program (T0889)", "Module Firmware (T0839)", "Monitor Process State (T0801)", "Native API (T0834)", "Network Connection Enumeration (T0840)", "Network Sniffing (T0842)", "Point & Tag Identification (T0861)", "Program Download (T0843)", "Program Upload (T0845)", "Project File Infection (T0873)", "Remote Services (T0886)", "Remote System Discovery (T0846)", "Remote System Information Discovery (T0888)", "Replication Through Removable Media (T0847)", "Rogue Master (T0848)", "Rootkit (T0851)", "Screen Capture (T0852)", "Scripting (T0853)", "Service Stop (T0881)", "Spearphishing Attachment (T0865)", "Spoof Reporting Message (T0856)", "Standard Application Layer Protocol (T0869)", "Supply Chain Compromise (T0862)", "System Firmware (T0857)", "Theft of Operational Information (T0882)", "Transient Cyber Asset (T0864)", "Unauthorized Command Message (T0855)", "User Execution (T0863)", "Valid Accounts (T0859)", "Wireless Compromise (T0860)", "Wireless Sniffing (T0887)"]}}
The Engage Matrix is an adversary engagement matrix that consists of three levels: goal, approach, and activity. These three levels are present at each phase of the adversary engagement process: prepare, operate, and understand.

Click image to expand

Copyright © 2022 The MITRE Corporation. All Rights Reserved.