Determine approach/attack vector

The approach or attack vector outlines the specifics behind how the adversary would like to attack the target. As additional information is known through the other phases of PRE-ATT&CK, an adversary may update the approach or attack vector. [1] [2] [3] [4] [5]

ID: T1245
Sub-techniques:  No sub-techniques
Tactic: Target Selection
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Normally, defender is unable to detect. May change for special use cases or adversary and defender overlays.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: This is the normal adversary targeting cycle where they utilize our poor OPSEC practices to their advantage.


  1. Elizabeth Van Ruitenbeek, Ken Keefe, William H. Sanders, and Carol Muehrcke. (2010). Characterizing the Behavior of Cyber Adversaries: The Means, Motive, and Opportunity of Cyberattacks. Retrieved March 5, 2017.
  2. Jonathan Wrolstad and Barry Vengerik. (2015, November). Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims. Retrieved March 5, 2017.
  3. Joint Chiefs of Staff. (2013, January 31). Joint Targeting. Retrieved May 19, 2017.
  1. Joint Chiefs of Staff. (2013, February 5). Cyberspace Operations. Retrieved May 19, 2017.
  2. Department of Defense. (2015, April). The Department of Defense Cyber Strategy. Retrieved May 19, 2017.