TA0007ATT&CK 14.1
TA0007Discovery
Description
The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
Techniques in this tactic· 29
T1007
System Service Discovery
T1010
Application Window Discovery
T1012
Query Registry
T1016
System Network Configuration Discovery
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1040
Network Sniffing
T1046
Network Service Discovery
T1049
System Network Connections Discovery
T1057
Process Discovery
T1069
Permission Groups Discovery
T1082
System Information Discovery
T1083
File and Directory Discovery
T1087
Account Discovery
T1120
Peripheral Device Discovery
T1124
System Time Discovery
T1135
Network Share Discovery
T1201
Password Policy Discovery
T1217
Browser Information Discovery
T1482
Domain Trust Discovery
T1497
Virtualization/Sandbox Evasion
T1518
Software Discovery
T1526
Cloud Service Discovery
T1538
Cloud Service Dashboard
T1580
Cloud Infrastructure Discovery
T1613
Container and Resource Discovery
T1614
System Location Discovery
T1615
Group Policy Discovery
T1619
Cloud Storage Object Discovery
Sub-techniques in this tactic· 14
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.