Show in Graph
Common Information
Type Value
Value 
Threat Intel Vendors - T1597.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may search private data from threat intelligence vendors for information that can be used during targeting. Threat intelligence vendors may offer paid feeds or portals that offer more data than what is publicly reported. Although sensitive details (such as customer names and other identifiers) may be redacted, this information may contain trends regarding breaches such as target industries, attribution claims, and successful TTPs/countermeasures.(Citation: D3Secutrity CTI Feeds) Adversaries may search in private threat intelligence vendor data to gather actionable information. Threat actors may seek information/indicators gathered about their own campaigns, as well as those conducted by other adversaries that may align with their target industries, capabilities/objectives, or other operational concerns. Information reported by vendors may also reveal opportunities other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593)), establishing operational resources (ex: [Develop Capabilities](https://attack.mitre.org/techniques/T1587) or [Obtain Capabilities](https://attack.mitre.org/techniques/T1588)), and/or initial access (ex: [Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190) or [External Remote Services](https://attack.mitre.org/techniques/T1133)).
Details Published Attributes CTI Title
Details Website 2024-09-17 0 Tackling the Visibility Challenges in the SOC
Details Website 2024-09-17 2 Tackling the Visibility Challenges in the SOC
Details Website 2023-05-17 4 Trust Unearned? Evaluating CA Trustworthiness Across 5 Billion Certificates
Details Website 2023-03-23 0 5 Ideas for Creating Threat-Informed Defense Content in Tidal Community Edition