TA0043ATT&CK 14.1
TA0043Reconnaissance
Description
The adversary is trying to gather information they can use to plan future operations.
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.
Techniques in this tactic· 10
T1589
Gather Victim Identity Information
T1590
Gather Victim Network Information
T1591
Gather Victim Org Information
T1592
Gather Victim Host Information
T1593
Search Open Websites/Domains
T1594
Search Victim-Owned Websites
T1595
Active Scanning
T1596
Search Open Technical Databases
T1597
Search Closed Sources
T1598
Phishing for Information
Sub-techniques in this tactic· 34
T1589.001T1589.002T1589.003T1590.001T1590.002T1590.003T1590.004T1590.005T1590.006T1591.001T1591.002T1591.003T1591.004T1592.001T1592.002T1592.003T1592.004T1593.001T1593.002T1593.003T1595.001T1595.002T1595.003T1596.001T1596.002T1596.003T1596.004T1596.005T1597.001T1597.002T1598.001T1598.002T1598.003T1598.004
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.