Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
clear tags
658 threats — page 13 of 14
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Search Open Technical Databases: CDNs | Reconnaissance | Adversaries may search content delivery network (CDN) data about victims that can be used during tar… | Edit | |
| Search Open Technical Databases: DNS/Passive DNS | Reconnaissance | Adversaries may search DNS data for information about victims that can be used during targeting. DNS… | Edit | |
| Search Open Technical Databases: Digital Certificates | Reconnaissance | Adversaries may search public digital certificate data for information about victims that can be use… | Edit | |
| Search Open Technical Databases: Scan Databases | Reconnaissance | Adversaries may search within public scan databases for information about victims that can be used d… | Edit | |
| Search Open Technical Databases: WHOIS | Reconnaissance | Adversaries may search public WHOIS data for information about victims that can be used during targe… | Edit | |
| Search Open Websites/Domains | Reconnaissance | Adversaries may search freely available websites and/or domains for information about victims that c… | Edit | |
| Search Open Websites/Domains: Code Repositories | Reconnaissance | Adversaries may search public code repositories for information about victims that can be used durin… | Edit | |
| Search Open Websites/Domains: Search Engines | Reconnaissance | Adversaries may use search engines to collect information about victims that can be used during targ… | Edit | |
| Search Open Websites/Domains: Social Media | Reconnaissance | Adversaries may search social media for information about victims that can be used during targeting.… | Edit | |
| Search Threat Vendor Data | Reconnaissance | Threat actors may seek information/indicators from closed or open threat intelligence sources gather… | Edit | |
| Search Victim-Owned Websites | Reconnaissance | Adversaries may search websites owned by the victim for information that can be used during targetin… | Edit | |
| Acquire Access | Resource Development | Adversaries may purchase or otherwise acquire an existing access to a target system or network. A va… | Edit | |
| Acquire Infrastructure | Resource Development | Adversaries may buy, lease, rent, or obtain infrastructure that can be used during targeting. A wide… | Edit | |
| Acquire Infrastructure: Botnet | Resource Development | Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeti… | Edit | |
| Acquire Infrastructure: DNS Server | Resource Development | Adversaries may set up their own Domain Name System (DNS) servers that can be used during targeting.… | Edit | |
| Acquire Infrastructure: Domains | Resource Development | Adversaries may acquire domains that can be used during targeting. Domain names are the human readab… | Edit | |
| Acquire Infrastructure: Malvertising | Resource Development | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. … | Edit | |
| Acquire Infrastructure: Server | Resource Development | Adversaries may buy, lease, rent, or obtain physical servers that can be used during targeting. Use … | Edit | |
| Acquire Infrastructure: Serverless | Resource Development | Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers, … | Edit | |
| Acquire Infrastructure: Virtual Private Server | Resource Development | Adversaries may rent Virtual Private Servers (VPSs) that can be used during targeting. There exist a… | Edit | |
| Acquire Infrastructure: Web Services | Resource Development | Adversaries may register for web services that can be used during targeting. A variety of popular we… | Edit | |
| Compromise Accounts | Resource Development | Adversaries may compromise accounts with services that can be used during targeting. For operations … | Edit | |
| Compromise Accounts: Cloud Accounts | Resource Development | Adversaries may compromise cloud accounts that can be used during targeting. Adversaries can use com… | Edit | |
| Compromise Accounts: Email Accounts | Resource Development | Adversaries may compromise email accounts that can be used during targeting. Adversaries can use com… | Edit | |
| Compromise Accounts: Social Media Accounts | Resource Development | Adversaries may compromise social media accounts that can be used during targeting. For operations i… | Edit | |
| Compromise Infrastructure | Resource Development | Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastruct… | Edit | |
| Compromise Infrastructure: Botnet | Resource Development | Adversaries may compromise numerous third-party systems to form a botnet that can be used during tar… | Edit | |
| Compromise Infrastructure: DNS Server | Resource Development | Adversaries may compromise third-party DNS servers that can be used during targeting. During post-co… | Edit | |
| Compromise Infrastructure: Domains | Resource Development | Adversaries may hijack domains and/or subdomains that can be used during targeting. Domain registrat… | Edit | |
| Compromise Infrastructure: Network Devices | Resource Development | Adversaries may compromise third-party network devices that can be used during targeting. Network de… | Edit | |
| Compromise Infrastructure: Server | Resource Development | Adversaries may compromise third-party servers that can be used during targeting. Use of servers all… | Edit | |
| Compromise Infrastructure: Serverless | Resource Development | Adversaries may compromise serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda f… | Edit | |
| Compromise Infrastructure: Virtual Private Server | Resource Development | Adversaries may compromise third-party Virtual Private Servers (VPSs) that can be used during target… | Edit | |
| Compromise Infrastructure: Web Services | Resource Development | Adversaries may compromise access to third-party web services that can be used during targeting. A v… | Edit | |
| Develop Capabilities | Resource Development | Adversaries may build capabilities that can be used during targeting. Rather than purchasing, freely… | Edit | |
| Develop Capabilities: Code Signing Certificates | Resource Development | Adversaries may create self-signed code signing certificates that can be used during targeting. Code… | Edit | |
| Develop Capabilities: Digital Certificates | Resource Development | Adversaries may create self-signed SSL/TLS certificates that can be used during targeting. SSL/TLS c… | Edit | |
| Develop Capabilities: Exploits | Resource Development | Adversaries may develop exploits that can be used during targeting. An exploit takes advantage of a … | Edit | |
| Develop Capabilities: Malware | Resource Development | Adversaries may develop malware and malware components that can be used during targeting. Building m… | Edit | |
| Establish Accounts | Resource Development | Adversaries may create and cultivate accounts with services that can be used during targeting. Adver… | Edit | |
| Establish Accounts: Cloud Accounts | Resource Development | Adversaries may create accounts with cloud providers that can be used during targeting. Adversaries … | Edit | |
| Establish Accounts: Email Accounts | Resource Development | Adversaries may create email accounts that can be used during targeting. Adversaries can use account… | Edit | |
| Establish Accounts: Social Media Accounts | Resource Development | Adversaries may create and cultivate social media accounts that can be used during targeting. Advers… | Edit | |
| Obtain Capabilities | Resource Development | Adversaries may buy and/or steal capabilities that can be used during targeting. Rather than develop… | Edit | |
| Obtain Capabilities: Artificial Intelligence | Resource Development | Adversaries may obtain access to generative artificial intelligence tools, such as large language mo… | Edit | |
| Obtain Capabilities: Code Signing Certificates | Resource Development | Adversaries may buy and/or steal code signing certificates that can be used during targeting. Code s… | Edit | |
| Obtain Capabilities: Digital Certificates | Resource Development | Adversaries may buy and/or steal SSL/TLS certificates that can be used during targeting. SSL/TLS cer… | Edit | |
| Obtain Capabilities: Exploits | Resource Development | Adversaries may buy, steal, or download exploits that can be used during targeting. An exploit takes… | Edit | |
| Obtain Capabilities: Malware | Resource Development | Adversaries may buy, steal, or download malware that can be used during targeting. Malicious softwar… | Edit | |
| Obtain Capabilities: Tool | Resource Development | Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can … | Edit |