T1036.012SubTechniquestealth

T1036.012Browser Fingerprint

Sub-technique of T1036

Platforms: Linux · macOS · Windows

ATT&CK version: v19.1

What it is

Adversaries may attempt to blend in with legitimate traffic by spoofing browser and system attributes like operating system, system language, platform, user-agent string, resolution, time zone, etc. The HTTP User-Agent request header is a string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.(Citation: Mozilla User Agent) Adversaries may gather this information through [System Information Discovery](https://attack.mitre.org/techniques/T1082) or by users navigating to adversary-controlled websites, and then use that information to craft their web traffic to evade defenses.(Citation: Gummy Browsers Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques)

ATT&CK tactics· 1

Stealth

References

  1. https://attack.mitre.org/techniques/T1036/012
  2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent
  3. https://arxiv.org/pdf/2110.10129
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.
T1036.012: Browser Fingerprint | SQUR Knowledge Base