T1592.004 Client Configurations Mappings

Adversaries may gather information about the victim's client configurations that can be used during targeting. Information about client configurations may include a variety of details and settings, including operating system/version, virtualization, architecture (ex: 32 or 64 bit), language, and/or time zone.

Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: listening ports, server banners, user agent strings) or Phishing for Information. Adversaries may also compromise sites then include malicious content designed to collect host information from visitors.(Citation: ATT ScanBox) Information about the client configurations may also be exposed to adversaries via online or other accessible data sets (ex: job postings, network maps, assessment reports, resumes, or purchase invoices). Gathering this information may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Search Open Technical Databases), establishing operational resources (ex: Develop Capabilities or Obtain Capabilities), and/or initial access (ex: Supply Chain Compromise or External Remote Services).



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1592.004 Gather Victim Host Information: Client Configurations
value_chain.targeting.variety.Organizational Information Information on an organization such as org chart, technologies in use, financial assets, etc, used to pick them as a target related-to T1592.004 Gather Victim Host Information: Client Configurations
aws_security_hub AWS Security Hub technique_scores T1592.004 Client Configurations