Search Open Technical Databases (T1596)
Tactic: Reconnaissance · Platforms: PRE
The interactive view maps 1 detection strategy, 1 mitigation, 2 threat groups to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may search freely available technical databases for information about victims that can be used during targeting. Information about victims may be available in online databases and repositories, such as registrations of domains/certificates as well as public collections of network data/artifacts gathered from traffic and/or scans.
Adversaries may search in different open databases depending on what information they seek to gather. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Websites/Domains), establishing operational resources (ex: Acquire Infrastructure or Compromise Infrastructure), and/or initial access (ex: External Remote Services or Trusted Relationship).
Sub-techniques
- DNS/Passive DNS (T1596.001)
- WHOIS (T1596.002)
- Digital Certificates (T1596.003)
- CDNs (T1596.004)
- Scan Databases (T1596.005)