T1602.001 SNMP (MIB Dump) Mappings

Adversaries may target the Management Information Base (MIB) to collect and/or mine valuable information in a network managed using Simple Network Management Protocol (SNMP).

The MIB is a configuration repository that stores variable information accessible via SNMP in the form of object identifiers (OID). Each OID identifies a variable that can be read or set and permits active management tasks, such as configuration changes, through remote modification of these variables. SNMP can give administrators great insight in their systems, such as, system information, description of hardware, physical location, and software packages(Citation: SANS Information Security Reading Room Securing SNMP Securing SNMP). The MIB may also contain device operational information, including running configuration, routing table, and interface details.

Adversaries may use SNMP queries to collect MIB content directly from SNMP-managed devices in order to collect network information that allows the adversary to build network maps and facilitate future targeted exploitation.(Citation: US-CERT-TA18-106A)(Citation: Cisco Blog Legacy Device Attacks)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems Protects T1602.001 SNMP (MIB Dump)
AC-3 Access Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-4 Information Flow Enforcement Protects T1602.001 SNMP (MIB Dump)
CA-7 Continuous Monitoring Protects T1602.001 SNMP (MIB Dump)
CM-2 Baseline Configuration Protects T1602.001 SNMP (MIB Dump)
CM-6 Configuration Settings Protects T1602.001 SNMP (MIB Dump)
CM-7 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-8 System Component Inventory Protects T1602.001 SNMP (MIB Dump)
IA-3 Device Identification and Authentication Protects T1602.001 SNMP (MIB Dump)
IA-4 Identifier Management Protects T1602.001 SNMP (MIB Dump)
SC-28 Protection of Information at Rest Protects T1602.001 SNMP (MIB Dump)
SC-3 Security Function Isolation Protects T1602.001 SNMP (MIB Dump)
SC-4 Information in Shared System Resources Protects T1602.001 SNMP (MIB Dump)
SC-7 Boundary Protection Protects T1602.001 SNMP (MIB Dump)
SC-8 Transmission Confidentiality and Integrity Protects T1602.001 SNMP (MIB Dump)
SI-10 Information Input Validation Protects T1602.001 SNMP (MIB Dump)
SI-12 Information Management and Retention Protects T1602.001 SNMP (MIB Dump)
SI-15 Information Output Filtering Protects T1602.001 SNMP (MIB Dump)
SI-3 Malicious Code Protection Protects T1602.001 SNMP (MIB Dump)
SI-4 System Monitoring Protects T1602.001 SNMP (MIB Dump)
SI-7 Software, Firmware, and Information Integrity Protects T1602.001 SNMP (MIB Dump)
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1602.001 Data from Configuration Repository: SNMP (MIB Dump)
amazon_virtual_private_cloud Amazon Virtual Private Cloud technique_scores T1602.001 SNMP (MIB Dump)