TA0040ImpactImage Added |
PurposeThe adversary is trying to manipulate, interrupt, or destroy your systems and data. Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach. | Included contentT1485: Data Destruction T1486: Data Encrypted for Impact T1489: Service Stop T1490: Inhibit System Recovery T1496: Resource Hijacking T1531: Account Access Removal T1565: Data Manipulation
| Prerequisites |
TA0042Resource DevelopmentImage Added |
PurposeThe adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion. | Included contentT1585: Establish Accounts T1587: Develop Capabilities T1588: Obtain Capabilities T1608: Stage Capabilities
| Prerequisites |
TA0043ReconnaissanceImage Modified |
PurposeThe adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts. | Included contentT1589: Gather Victim Identity Information T1590: Gather Victim Network Information T1592: Gather Victim Host Information T1595: Active Scanning
| Prerequisites |