T1593 Search Open Websites/Domains
Adversaries may search freely available websites and/or domains for information about victims that can be used during targeting. Information about victims may be available in various online sites, such as social media, new sites, or those hosting information about business operations such as hiring or requested/rewarded contracts.213
Adversaries may search in different online sites depending on what information they seek to gather. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Technical Databases), establishing operational resources (ex: Establish Accounts or Compromise Accounts), and/or initial access (ex: External Remote Services or Phishing).
| Item | Value |
|---|---|
| ID | T1593 |
| Sub-techniques | T1593.001, T1593.002, T1593.003 |
| Tactics | TA0043 |
| Platforms | PRE |
| Version | 1.1 |
| Created | 02 October 2020 |
| Last Modified | 18 October 2022 |
Procedure Examples
| ID | Name | Description |
|---|---|---|
| G0034 | Sandworm Team | Sandworm Team researched Ukraine’s unique legal entity identifier (called an “EDRPOU” number), including running queries on the EDRPOU website, in preparation for the NotPetya attack. Sandworm Team has also researched third-party websites to help it craft credible spearphishing emails.4 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1013 | Application Developer Guidance | Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys. |
| M1047 | Audit | Scan public code repositories for exposed credentials or other sensitive information before making commits. Ensure that any leaked credentials are removed from the commit history, not just the current latest version of the code. |
References
-
Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved October 20, 2020. ↩
-
Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020. ↩
-
Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020. ↩
-
Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020. ↩