MATRICES
Enterprise
Cloud
Mobile
  1. Home
  2. Matrices
  3. PRE-ATT&CK

PRE-ATT&CK Matrix

Below are the tactics and techniques representing the MITRE PRE-ATT&CK Matrix.

About the PRE-ATT&CK domain
Version Permalink
Priority Definition Planning Priority Definition Direction Target Selection Technical Information Gathering People Information Gathering Organizational Information Gathering Technical Weakness Identification People Weakness Identification Organizational Weakness Identification Adversary OPSEC Establish & Maintain Infrastructure Persona Development Build Capabilities Test Capabilities Stage Capabilities
13 techniques 4 techniques 5 techniques 20 techniques 11 techniques 11 techniques 9 techniques 3 techniques 6 techniques 20 techniques 16 techniques 6 techniques 11 techniques 7 techniques 6 techniques
Assess current holdings, needs, and wants
Assess KITs/KIQs benefits
Assess leadership areas of interest
Assign KITs/KIQs into categories
Conduct cost/benefit analysis
Create implementation plan
Create strategic plan
Derive intelligence requirements
Develop KITs/KIQs
Generate analyst intelligence requirements
Identify analyst level gaps
Identify gap areas
Receive operator KITs/KIQs tasking
Assign KITs, KIQs, and/or intelligence requirements
Receive KITs/KIQs and determine requirements
Submit KITs, KIQs, and intelligence requirements
Task requirements
Determine approach/attack vector
Determine highest level tactical element
Determine operational element
Determine secondary level tactical element
Determine strategic target
Acquire OSINT data sets and information
Conduct active scanning
Conduct passive scanning
Conduct social engineering
Determine 3rd party infrastructure services
Determine domain and IP address space
Determine external network trust dependencies
Determine firmware version
Discover target logon/email address format
Enumerate client configurations
Enumerate externally facing software applications technologies, languages, and dependencies
Identify job postings and needs/gaps
Identify security defensive capabilities
Identify supply chains
Identify technology usage patterns
Identify web defensive services
Map network topology
Mine technical blogs/forums
Obtain domain/IP registration information
Spearphishing for Information
Acquire OSINT data sets and information
Aggregate individual's digital footprint
Conduct social engineering
Identify business relationships
Identify groups/roles
Identify job postings and needs/gaps
Identify people of interest
Identify personnel with an authority/privilege
Identify sensitive personnel information
Identify supply chains
Mine social media
Acquire OSINT data sets and information
Conduct social engineering
Determine 3rd party infrastructure services
Determine centralization of IT management
Determine physical locations
Dumpster dive
Identify business processes/tempo
Identify business relationships
Identify job postings and needs/gaps
Identify supply chains
Obtain templates/branding materials
Analyze application security posture
Analyze architecture and configuration posture
Analyze data collected
Analyze hardware/software security defensive capabilities
Analyze organizational skillsets and deficiencies
Identify vulnerabilities in third-party software libraries
Research relevant vulnerabilities/CVEs
Research visibility gap of security vendors
Test signature detection
Analyze organizational skillsets and deficiencies
Analyze social and business relationships, interests, and affiliations
Assess targeting options
Analyze business processes
Analyze organizational skillsets and deficiencies
Analyze presence of outsourced capabilities
Assess opportunities created by business deals
Assess security posture of physical locations
Assess vulnerability of 3rd party vendors
Acquire and/or use 3rd party infrastructure services
Acquire and/or use 3rd party software services
Acquire or compromise 3rd party signing certificates
Anonymity services
Common, high volume protocols and software
Compromise 3rd party infrastructure to support delivery
Data Hiding
Dynamic DNS
Host-based hiding techniques
Misattributable credentials
Network-based hiding techniques
Non-traditional or less attributable payment options
Obfuscate infrastructure
Obfuscate operational infrastructure
Obfuscate or encrypt code
Obfuscation or cryptography
OS-vendor provided communication channels
Private whois services
Proxy/protocol relays
Secure and protect infrastructure
Acquire and/or use 3rd party infrastructure services
Acquire and/or use 3rd party software services
Acquire or compromise 3rd party signing certificates
Buy domain name
Compromise 3rd party infrastructure to support delivery
Create backup infrastructure
Domain registration hijacking
Dynamic DNS
Install and configure hardware, network, and systems
Obfuscate infrastructure
Obtain booter/stressor subscription
Procure required equipment and software
Shadow DNS
SSL certificate acquisition for domain
SSL certificate acquisition for trust breaking
Use multiple DNS infrastructures
Build social network persona
Choose pre-compromised mobile app developer account credentials or signing keys
Choose pre-compromised persona and affiliated accounts
Develop social network persona digital footprint
Friend/Follow/Connect to targets of interest
Obtain Apple iOS enterprise distribution key pair and certificate
Build and configure delivery systems
Build or acquire exploits
C2 protocol development
Compromise 3rd party or closed-source vulnerability/exploit information
Create custom payloads
Create infected removable media
Discover new exploits and monitor exploit-provider forums
Identify resources required to build capabilities
Obtain/re-use payloads
Post compromise tool development
Remote access tool development
Review logs and residual traces
Test ability to evade automated mobile application security analysis performed by app stores
Test callback functionality
Test malware in various execution environments
Test malware to evade detection
Test physical access
Test signature detection for file upload/email filters
Disseminate removable media
Distribute malicious software development tools
Friend/Follow/Connect to targets of interest
Hardware or software supply chain implant
Port redirector
Upload, install, and configure software/tools
Last modified: 04 November 2019