PurposeThe adversary is trying to manipulate, interrupt, or destroy your systems and data. Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach. | Included contentT1485: Data Destruction T1486: Data Encrypted for Impact T1489: Service Stop T1490: Inhibit System Recovery T1531: Account Access Removal T1565: Data Manipulation
| Prerequisites |
PurposeThe adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts. | Included contentT1589: Gather Victim Identity Information T1590: Gather Victim Network Information T1592: Gather Victim Host Information T1595: Active Scanning
| Prerequisites |
