Document toolboxDocument toolbox

Mitre content packs TA0040-0049

[ 1 TA0040 ] [ 2 TA0042 ] [ 3 TA0043 ]

TA0040

Impact

Purpose

The adversary is trying to manipulate, interrupt, or destroy your systems and data.

Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.

Included content

mitre alert packs

  1. T1485: Data Destruction

  2. T1486: Data Encrypted for Impact

  3. T1489: Service Stop

  4. T1490: Inhibit System Recovery

  5. T1496: Resource Hijacking

  6. T1531: Account Access Removal

  7. T1565: Data Manipulation

Prerequisites

LOOKUPS

TA0042

Resource Development

Purpose

The adversary is trying to establish resources they can use to support operations.

Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.

Included content

mitre alert packs

  1. T1585: Establish Accounts

  2. T1587: Develop Capabilities

  3. T1588: Obtain Capabilities

  4. T1608: Stage Capabilities

Prerequisites

LOOKUPS

TA0043

Reconnaissance

Purpose

The adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.

Included content

mitre alert packs

  1. T1589: Gather Victim Identity Information

  2. T1590: Gather Victim Network Information

  3. T1592: Gather Victim Host Information

  4. T1595: Active Scanning

Prerequisites

LOOKUPS

Â