Gather Victim Identity Information (T1589)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Reconnaissance

Reconnaissance (TA0043)

The adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.

View on ATT&CK

Procedure Examples

Description Source(s)
Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved September 16, 2024. OPM Leak
Detectify. (2016, April 28). Slack bot token leakage exposing business critical information. Retrieved October 19, 2020. Detectify Slack Tokens
Dylan Ayrey. (2016, December 31). truffleHog. Retrieved October 19, 2020. GitHub truffleHog
GrimHacker. (2017, July 24). Office365 ActiveSync Username Enumeration. Retrieved December 9, 2021. GrimBlog UsernameEnum
McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020. Register Uber
Michael Henriksen. (2018, June 9). Gitrob: Putting the Open Source in OSINT. Retrieved October 19, 2020. GitHub Gitrob
Ng, A. (2019, January 17). Massive breach leaks 773 million email addresses, 21 million passwords. Retrieved October 20, 2020. CNET Leaks
Noah Corradin and Shuyang Wang. (2023, August 1). Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD. Retrieved March 28, 2024. Obsidian SSPR Abuse 2023
Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020. Forbes GitHub Creds
Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020. Register Deloitte