T1036.012 Browser Fingerprint
Adversaries may attempt to blend in with legitimate traffic by spoofing browser and system attributes like operating system, system language, platform, user-agent string, resolution, time zone, etc. The HTTP User-Agent request header is a string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.1
Adversaries may gather this information through System Information Discovery or by users navigating to adversary-controlled websites, and then use that information to craft their web traffic to evade defenses.2
| Item | Value |
|---|---|
| ID | T1036.012 |
| Sub-techniques | T1036.001, T1036.002, T1036.003, T1036.004, T1036.005, T1036.006, T1036.007, T1036.008, T1036.009, T1036.010, T1036.011, T1036.012 |
| Tactics | TA0005 |
| Platforms | Linux, Windows, macOS |
| Version | 1.0 |
| Created | 22 September 2025 |
| Last Modified | 19 October 2025 |
Procedure Examples
| ID | Name | Description |
|---|---|---|
| S0512 | FatDuke | FatDuke has attempted to mimic a compromised user’s traffic by using the same user agent as the installed browser.4 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1047 | Audit | Review and limit the fingerprinting surface to only necessary information on each browser to make the browser less unique. For example, the available fonts may be limited to a standard font list. 3 |
References
-
MDN contributors. (2025, July 4). User-Agent header. Retrieved October 19, 2025. ↩
-
Zengrui Liu, Prakash Shrestha, and Nitesh Saxena. (2021, October 19). Retrieved September 22, 2025. ↩
-
W3C. (2025, September 12). Mitigating Browser Fingerprinting in Web Specifications. Retrieved September 22, 2025. ↩
-
Faou, M., Tartare, M., Dupuy, T. (2019, October). OPERATION GHOST. Retrieved September 23, 2020. ↩