Reconnaissance#
The adversary is trying to gather information they can use to plan future operations.
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.
| ID | Name | Description | |
|---|---|---|---|
| AZT101 | Port Mapping | By viewing certain Azure resources, it is possible to view the open ports on a resource. | |
| AZT102 | IP Discovery | By viewing certain Azure resources, it is possible to view the private and public IP addresses assigned to a resource. | |
| AZT103 | Public Accessible Resource | A resource within Azure is accessible from the public internet. | |
| AZT104 | Gather User Information | An adversary may obtain information about a user within Azure Active Directory. | |
| AZT105 | Gather Application Information | An adversary may obtain information about an application within Azure Active Directory. | |
| AZT106 | Gather Role Information | An adversary may obtain information about a role. | |
| .001 | Gather AAD Role Information | An adversary may obtain information about a role within Azure Active Directory. | |
| .002 | Gather Application Role Information | An adversary may obtain information about an application role within Azure Active Directory. | |
| .003 | Gather Azure Resources Role Assignments | An adversary may gather role assignments for a specific Azure Resource, Resource Group, or Subscription. | |
| AZT107 | Gather Resource Data | An adversary may obtain information and data within a resource. | |
| AZT108 | Gather Victim Data | An adversary may access a user's personal data if their account is compromised |