[ { "technique_id": "T1531", "technique": "Account Access Removal", "url": "https://attack.mitre.org/techniques/T1531", "tactic": [ "Impact" ] }, { "technique_id": "T1506", "technique": "Web Session Cookie", "url": "https://attack.mitre.org/techniques/T1506", "tactic": [ "Defense Evasion", "Lateral Movement" ] }, { "technique_id": "T1539", "technique": "Steal Web Session Cookie", "url": "https://attack.mitre.org/techniques/T1539", "tactic": [ "Credential Access" ] }, { "technique_id": "T1529", "technique": "System Shutdown/Reboot", "url": "https://attack.mitre.org/techniques/T1529", "tactic": [ "Impact" ] }, { "technique_id": "T1519", "technique": "Emond", "url": "https://attack.mitre.org/techniques/T1519", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1518", "technique": "Software Discovery", "url": "https://attack.mitre.org/techniques/T1518", "tactic": [ "Discovery" ] }, { "technique_id": "T1534", "technique": "Internal Spearphishing", "url": "https://attack.mitre.org/techniques/T1534", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1528", "technique": "Steal Application Access Token", "url": "https://attack.mitre.org/techniques/T1528", "tactic": [ "Credential Access" ] }, { "technique_id": "T1522", "technique": "Cloud Instance Metadata API", "url": "https://attack.mitre.org/techniques/T1522", "tactic": [ "Credential Access" ] }, { "technique_id": "T1536", "technique": "Revert Cloud Instance", "url": "https://attack.mitre.org/techniques/T1536", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1535", "technique": "Unused/Unsupported Cloud Regions", "url": "https://attack.mitre.org/techniques/T1535", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1525", "technique": "Implant Container Image", "url": "https://attack.mitre.org/techniques/T1525", "tactic": [ "Persistence" ] }, { "technique_id": "T1538", "technique": "Cloud Service Dashboard", "url": "https://attack.mitre.org/techniques/T1538", "tactic": [ "Discovery" ] }, { "technique_id": "T1530", "technique": "Data from Cloud Storage Object", "url": "https://attack.mitre.org/techniques/T1530", "tactic": [ "Collection" ] }, { "technique_id": "T1537", "technique": "Transfer Data to Cloud Account", "url": "https://attack.mitre.org/techniques/T1537", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1526", "technique": "Cloud Service Discovery", "url": "https://attack.mitre.org/techniques/T1526", "tactic": [ "Discovery" ] }, { "technique_id": "T1527", "technique": "Application Access Token", "url": "https://attack.mitre.org/techniques/T1527", "tactic": [ "Defense Evasion", "Lateral Movement" ] }, { "technique_id": "T1514", "technique": "Elevated Execution with Prompt", "url": "https://attack.mitre.org/techniques/T1514", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1505", "technique": "Server Software Component", "url": "https://attack.mitre.org/techniques/T1505", "tactic": [ "Persistence" ] }, { "technique_id": "T1503", "technique": "Credentials from Web Browsers", "url": "https://attack.mitre.org/techniques/T1503", "tactic": [ "Credential Access" ] }, { "technique_id": "T1504", "technique": "PowerShell Profile", "url": "https://attack.mitre.org/techniques/T1504", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1502", "technique": "Parent PID Spoofing", "url": "https://attack.mitre.org/techniques/T1502", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1500", "technique": "Compile After Delivery", "url": "https://attack.mitre.org/techniques/T1500", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1501", "technique": "Systemd Service", "url": "https://attack.mitre.org/techniques/T1501", "tactic": [ "Persistence" ] }, { "technique_id": "T1499", "technique": "Endpoint Denial of Service", "url": "https://attack.mitre.org/techniques/T1499", "tactic": [ "Impact" ] }, { "technique_id": "T1497", "technique": "Virtualization/Sandbox Evasion", "url": "https://attack.mitre.org/techniques/T1497", "tactic": [ "Defense Evasion", "Discovery" ] }, { "technique_id": "T1498", "technique": "Network Denial of Service", "url": "https://attack.mitre.org/techniques/T1498", "tactic": [ "Impact" ] }, { "technique_id": "T1496", "technique": "Resource Hijacking", "url": "https://attack.mitre.org/techniques/T1496", "tactic": [ "Impact" ] }, { "technique_id": "T1495", "technique": "Firmware Corruption", "url": "https://attack.mitre.org/techniques/T1495", "tactic": [ "Impact" ] }, { "technique_id": "T1494", "technique": "Runtime Data Manipulation", "url": "https://attack.mitre.org/techniques/T1494", "tactic": [ "Impact" ] }, { "technique_id": "T1493", "technique": "Transmitted Data Manipulation", "url": "https://attack.mitre.org/techniques/T1493", "tactic": [ "Impact" ] }, { "technique_id": "T1492", "technique": "Stored Data Manipulation", "url": "https://attack.mitre.org/techniques/T1492", "tactic": [ "Impact" ] }, { "technique_id": "T1491", "technique": "Defacement", "url": "https://attack.mitre.org/techniques/T1491", "tactic": [ "Impact" ] }, { "technique_id": "T1490", "technique": "Inhibit System Recovery", "url": "https://attack.mitre.org/techniques/T1490", "tactic": [ "Impact" ] }, { "technique_id": "T1489", "technique": "Service Stop", "url": "https://attack.mitre.org/techniques/T1489", "tactic": [ "Impact" ] }, { "technique_id": "T1488", "technique": "Disk Content Wipe", "url": "https://attack.mitre.org/techniques/T1488", "tactic": [ "Impact" ] }, { "technique_id": "T1487", "technique": "Disk Structure Wipe", "url": "https://attack.mitre.org/techniques/T1487", "tactic": [ "Impact" ] }, { "technique_id": "T1486", "technique": "Data Encrypted for Impact", "url": "https://attack.mitre.org/techniques/T1486", "tactic": [ "Impact" ] }, { "technique_id": "T1485", "technique": "Data Destruction", "url": "https://attack.mitre.org/techniques/T1485", "tactic": [ "Impact" ] }, { "technique_id": "T1484", "technique": "Group Policy Modification", "url": "https://attack.mitre.org/techniques/T1484", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1483", "technique": "Domain Generation Algorithms", "url": "https://attack.mitre.org/techniques/T1483", "tactic": [ "Command And Control" ] }, { "technique_id": "T1482", "technique": "Domain Trust Discovery", "url": "https://attack.mitre.org/techniques/T1482", "tactic": [ "Discovery" ] }, { "technique_id": "T1480", "technique": "Execution Guardrails", "url": "https://attack.mitre.org/techniques/T1480", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1222", "technique": "File and Directory Permissions Modification", "url": "https://attack.mitre.org/techniques/T1222", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1223", "technique": "Compiled HTML File", "url": "https://attack.mitre.org/techniques/T1223", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1221", "technique": "Template Injection", "url": "https://attack.mitre.org/techniques/T1221", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1220", "technique": "XSL Script Processing", "url": "https://attack.mitre.org/techniques/T1220", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1217", "technique": "Browser Bookmark Discovery", "url": "https://attack.mitre.org/techniques/T1217", "tactic": [ "Discovery" ] }, { "technique_id": "T1213", "technique": "Data from Information Repositories", "url": "https://attack.mitre.org/techniques/T1213", "tactic": [ "Collection" ] }, { "technique_id": "T1190", "technique": "Exploit Public-Facing Application", "url": "https://attack.mitre.org/techniques/T1190", "tactic": [ "Initial Access" ] }, { "technique_id": "T1210", "technique": "Exploitation of Remote Services", "url": "https://attack.mitre.org/techniques/T1210", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1200", "technique": "Hardware Additions", "url": "https://attack.mitre.org/techniques/T1200", "tactic": [ "Initial Access" ] }, { "technique_id": "T1202", "technique": "Indirect Command Execution", "url": "https://attack.mitre.org/techniques/T1202", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1194", "technique": "Spearphishing via Service", "url": "https://attack.mitre.org/techniques/T1194", "tactic": [ "Initial Access" ] }, { "technique_id": "T1209", "technique": "Time Providers", "url": "https://attack.mitre.org/techniques/T1209", "tactic": [ "Persistence" ] }, { "technique_id": "T1199", "technique": "Trusted Relationship", "url": "https://attack.mitre.org/techniques/T1199", "tactic": [ "Initial Access" ] }, { "technique_id": "T1191", "technique": "CMSTP", "url": "https://attack.mitre.org/techniques/T1191", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1207", "technique": "DCShadow", "url": "https://attack.mitre.org/techniques/T1207", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1189", "technique": "Drive-by Compromise", "url": "https://attack.mitre.org/techniques/T1189", "tactic": [ "Initial Access" ] }, { "technique_id": "T1211", "technique": "Exploitation for Defense Evasion", "url": "https://attack.mitre.org/techniques/T1211", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1218", "technique": "Signed Binary Proxy Execution", "url": "https://attack.mitre.org/techniques/T1218", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1193", "technique": "Spearphishing Attachment", "url": "https://attack.mitre.org/techniques/T1193", "tactic": [ "Initial Access" ] }, { "technique_id": "T1195", "technique": "Supply Chain Compromise", "url": "https://attack.mitre.org/techniques/T1195", "tactic": [ "Initial Access" ] }, { "technique_id": "T1204", "technique": "User Execution", "url": "https://attack.mitre.org/techniques/T1204", "tactic": [ "Execution" ] }, { "technique_id": "T1196", "technique": "Control Panel Items", "url": "https://attack.mitre.org/techniques/T1196", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1212", "technique": "Exploitation for Credential Access", "url": "https://attack.mitre.org/techniques/T1212", "tactic": [ "Credential Access" ] }, { "technique_id": "T1215", "technique": "Kernel Modules and Extensions", "url": "https://attack.mitre.org/techniques/T1215", "tactic": [ "Persistence" ] }, { "technique_id": "T1197", "technique": "BITS Jobs", "url": "https://attack.mitre.org/techniques/T1197", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1214", "technique": "Credentials in Registry", "url": "https://attack.mitre.org/techniques/T1214", "tactic": [ "Credential Access" ] }, { "technique_id": "T1216", "technique": "Signed Script Proxy Execution", "url": "https://attack.mitre.org/techniques/T1216", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1192", "technique": "Spearphishing Link", "url": "https://attack.mitre.org/techniques/T1192", "tactic": [ "Initial Access" ] }, { "technique_id": "T1198", "technique": "SIP and Trust Provider Hijacking", "url": "https://attack.mitre.org/techniques/T1198", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1206", "technique": "Sudo Caching", "url": "https://attack.mitre.org/techniques/T1206", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1203", "technique": "Exploitation for Client Execution", "url": "https://attack.mitre.org/techniques/T1203", "tactic": [ "Execution" ] }, { "technique_id": "T1208", "technique": "Kerberoasting", "url": "https://attack.mitre.org/techniques/T1208", "tactic": [ "Credential Access" ] }, { "technique_id": "T1201", "technique": "Password Policy Discovery", "url": "https://attack.mitre.org/techniques/T1201", "tactic": [ "Discovery" ] }, { "technique_id": "T1205", "technique": "Port Knocking", "url": "https://attack.mitre.org/techniques/T1205", "tactic": [ "Defense Evasion", "Persistence", "Command And Control" ] }, { "technique_id": "T1219", "technique": "Remote Access Tools", "url": "https://attack.mitre.org/techniques/T1219", "tactic": [ "Command And Control" ] }, { "technique_id": "T1172", "technique": "Domain Fronting", "url": "https://attack.mitre.org/techniques/T1172", "tactic": [ "Command And Control" ] }, { "technique_id": "T1173", "technique": "Dynamic Data Exchange", "url": "https://attack.mitre.org/techniques/T1173", "tactic": [ "Execution" ] }, { "technique_id": "T1187", "technique": "Forced Authentication", "url": "https://attack.mitre.org/techniques/T1187", "tactic": [ "Credential Access" ] }, { "technique_id": "T1188", "technique": "Multi-hop Proxy", "url": "https://attack.mitre.org/techniques/T1188", "tactic": [ "Command And Control" ] }, { "technique_id": "T1174", "technique": "Password Filter DLL", "url": "https://attack.mitre.org/techniques/T1174", "tactic": [ "Credential Access" ] }, { "technique_id": "T1175", "technique": "Component Object Model and Distributed COM", "url": "https://attack.mitre.org/techniques/T1175", "tactic": [ "Lateral Movement", "Execution" ] }, { "technique_id": "T1170", "technique": "Mshta", "url": "https://attack.mitre.org/techniques/T1170", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1179", "technique": "Hooking", "url": "https://attack.mitre.org/techniques/T1179", "tactic": [ "Persistence", "Privilege Escalation", "Credential Access" ] }, { "technique_id": "T1184", "technique": "SSH Hijacking", "url": "https://attack.mitre.org/techniques/T1184", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1181", "technique": "Extra Window Memory Injection", "url": "https://attack.mitre.org/techniques/T1181", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1177", "technique": "LSASS Driver", "url": "https://attack.mitre.org/techniques/T1177", "tactic": [ "Execution", "Persistence" ] }, { "technique_id": "T1182", "technique": "AppCert DLLs", "url": "https://attack.mitre.org/techniques/T1182", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1176", "technique": "Browser Extensions", "url": "https://attack.mitre.org/techniques/T1176", "tactic": [ "Persistence" ] }, { "technique_id": "T1185", "technique": "Man in the Browser", "url": "https://attack.mitre.org/techniques/T1185", "tactic": [ "Collection" ] }, { "technique_id": "T1180", "technique": "Screensaver", "url": "https://attack.mitre.org/techniques/T1180", "tactic": [ "Persistence" ] }, { "technique_id": "T1183", "technique": "Image File Execution Options Injection", "url": "https://attack.mitre.org/techniques/T1183", "tactic": [ "Privilege Escalation", "Persistence", "Defense Evasion" ] }, { "technique_id": "T1171", "technique": "LLMNR/NBT-NS Poisoning and Relay", "url": "https://attack.mitre.org/techniques/T1171", "tactic": [ "Credential Access" ] }, { "technique_id": "T1186", "technique": "Process Doppelg\\u00e4nging", "url": "https://attack.mitre.org/techniques/T1186", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1178", "technique": "SID-History Injection", "url": "https://attack.mitre.org/techniques/T1178", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1138", "technique": "Application Shimming", "url": "https://attack.mitre.org/techniques/T1138", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1140", "technique": "Deobfuscate/Decode Files or Information", "url": "https://attack.mitre.org/techniques/T1140", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1149", "technique": "LC_MAIN Hijacking", "url": "https://attack.mitre.org/techniques/T1149", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1152", "technique": "Launchctl", "url": "https://attack.mitre.org/techniques/T1152", "tactic": [ "Defense Evasion", "Execution", "Persistence" ] }, { "technique_id": "T1150", "technique": "Plist Modification", "url": "https://attack.mitre.org/techniques/T1150", "tactic": [ "Defense Evasion", "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1163", "technique": "Rc.common", "url": "https://attack.mitre.org/techniques/T1163", "tactic": [ "Persistence" ] }, { "technique_id": "T1166", "technique": "Setuid and Setgid", "url": "https://attack.mitre.org/techniques/T1166", "tactic": [ "Privilege Escalation", "Persistence" ] }, { "technique_id": "T1157", "technique": "Dylib Hijacking", "url": "https://attack.mitre.org/techniques/T1157", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1155", "technique": "AppleScript", "url": "https://attack.mitre.org/techniques/T1155", "tactic": [ "Execution", "Lateral Movement" ] }, { "technique_id": "T1136", "technique": "Create Account", "url": "https://attack.mitre.org/techniques/T1136", "tactic": [ "Persistence" ] }, { "technique_id": "T1143", "technique": "Hidden Window", "url": "https://attack.mitre.org/techniques/T1143", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1141", "technique": "Input Prompt", "url": "https://attack.mitre.org/techniques/T1141", "tactic": [ "Credential Access" ] }, { "technique_id": "T1142", "technique": "Keychain", "url": "https://attack.mitre.org/techniques/T1142", "tactic": [ "Credential Access" ] }, { "technique_id": "T1159", "technique": "Launch Agent", "url": "https://attack.mitre.org/techniques/T1159", "tactic": [ "Persistence" ] }, { "technique_id": "T1135", "technique": "Network Share Discovery", "url": "https://attack.mitre.org/techniques/T1135", "tactic": [ "Discovery" ] }, { "technique_id": "T1148", "technique": "HISTCONTROL", "url": "https://attack.mitre.org/techniques/T1148", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1161", "technique": "LC_LOAD_DYLIB Addition", "url": "https://attack.mitre.org/techniques/T1161", "tactic": [ "Persistence" ] }, { "technique_id": "T1154", "technique": "Trap", "url": "https://attack.mitre.org/techniques/T1154", "tactic": [ "Execution", "Persistence" ] }, { "technique_id": "T1134", "technique": "Access Token Manipulation", "url": "https://attack.mitre.org/techniques/T1134", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1139", "technique": "Bash History", "url": "https://attack.mitre.org/techniques/T1139", "tactic": [ "Credential Access" ] }, { "technique_id": "T1147", "technique": "Hidden Users", "url": "https://attack.mitre.org/techniques/T1147", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1156", "technique": ".bash_profile and .bashrc", "url": "https://attack.mitre.org/techniques/T1156", "tactic": [ "Persistence" ] }, { "technique_id": "T1146", "technique": "Clear Command History", "url": "https://attack.mitre.org/techniques/T1146", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1160", "technique": "Launch Daemon", "url": "https://attack.mitre.org/techniques/T1160", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1145", "technique": "Private Keys", "url": "https://attack.mitre.org/techniques/T1145", "tactic": [ "Credential Access" ] }, { "technique_id": "T1165", "technique": "Startup Items", "url": "https://attack.mitre.org/techniques/T1165", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1162", "technique": "Login Item", "url": "https://attack.mitre.org/techniques/T1162", "tactic": [ "Persistence" ] }, { "technique_id": "T1137", "technique": "Office Application Startup", "url": "https://attack.mitre.org/techniques/T1137", "tactic": [ "Persistence" ] }, { "technique_id": "T1151", "technique": "Space after Filename", "url": "https://attack.mitre.org/techniques/T1151", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1144", "technique": "Gatekeeper Bypass", "url": "https://attack.mitre.org/techniques/T1144", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1158", "technique": "Hidden Files and Directories", "url": "https://attack.mitre.org/techniques/T1158", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1168", "technique": "Local Job Scheduling", "url": "https://attack.mitre.org/techniques/T1168", "tactic": [ "Persistence", "Execution" ] }, { "technique_id": "T1164", "technique": "Re-opened Applications", "url": "https://attack.mitre.org/techniques/T1164", "tactic": [ "Persistence" ] }, { "technique_id": "T1167", "technique": "Securityd Memory", "url": "https://attack.mitre.org/techniques/T1167", "tactic": [ "Credential Access" ] }, { "technique_id": "T1153", "technique": "Source", "url": "https://attack.mitre.org/techniques/T1153", "tactic": [ "Execution" ] }, { "technique_id": "T1169", "technique": "Sudo", "url": "https://attack.mitre.org/techniques/T1169", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1133", "technique": "External Remote Services", "url": "https://attack.mitre.org/techniques/T1133", "tactic": [ "Persistence", "Initial Access" ] }, { "technique_id": "T1132", "technique": "Data Encoding", "url": "https://attack.mitre.org/techniques/T1132", "tactic": [ "Command And Control" ] }, { "technique_id": "T1131", "technique": "Authentication Package", "url": "https://attack.mitre.org/techniques/T1131", "tactic": [ "Persistence" ] }, { "technique_id": "T1130", "technique": "Install Root Certificate", "url": "https://attack.mitre.org/techniques/T1130", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1129", "technique": "Execution through Module Load", "url": "https://attack.mitre.org/techniques/T1129", "tactic": [ "Execution" ] }, { "technique_id": "T1128", "technique": "Netsh Helper DLL", "url": "https://attack.mitre.org/techniques/T1128", "tactic": [ "Persistence" ] }, { "technique_id": "T1127", "technique": "Trusted Developer Utilities", "url": "https://attack.mitre.org/techniques/T1127", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1126", "technique": "Network Share Connection Removal", "url": "https://attack.mitre.org/techniques/T1126", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1125", "technique": "Video Capture", "url": "https://attack.mitre.org/techniques/T1125", "tactic": [ "Collection" ] }, { "technique_id": "T1124", "technique": "System Time Discovery", "url": "https://attack.mitre.org/techniques/T1124", "tactic": [ "Discovery" ] }, { "technique_id": "T1123", "technique": "Audio Capture", "url": "https://attack.mitre.org/techniques/T1123", "tactic": [ "Collection" ] }, { "technique_id": "T1122", "technique": "Component Object Model Hijacking", "url": "https://attack.mitre.org/techniques/T1122", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1121", "technique": "Regsvcs/Regasm", "url": "https://attack.mitre.org/techniques/T1121", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1120", "technique": "Peripheral Device Discovery", "url": "https://attack.mitre.org/techniques/T1120", "tactic": [ "Discovery" ] }, { "technique_id": "T1119", "technique": "Automated Collection", "url": "https://attack.mitre.org/techniques/T1119", "tactic": [ "Collection" ] }, { "technique_id": "T1118", "technique": "InstallUtil", "url": "https://attack.mitre.org/techniques/T1118", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1117", "technique": "Regsvr32", "url": "https://attack.mitre.org/techniques/T1117", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1116", "technique": "Code Signing", "url": "https://attack.mitre.org/techniques/T1116", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1115", "technique": "Clipboard Data", "url": "https://attack.mitre.org/techniques/T1115", "tactic": [ "Collection" ] }, { "technique_id": "T1114", "technique": "Email Collection", "url": "https://attack.mitre.org/techniques/T1114", "tactic": [ "Collection" ] }, { "technique_id": "T1113", "technique": "Screen Capture", "url": "https://attack.mitre.org/techniques/T1113", "tactic": [ "Collection" ] }, { "technique_id": "T1112", "technique": "Modify Registry", "url": "https://attack.mitre.org/techniques/T1112", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1111", "technique": "Two-Factor Authentication Interception", "url": "https://attack.mitre.org/techniques/T1111", "tactic": [ "Credential Access" ] }, { "technique_id": "T1110", "technique": "Brute Force", "url": "https://attack.mitre.org/techniques/T1110", "tactic": [ "Credential Access" ] }, { "technique_id": "T1109", "technique": "Component Firmware", "url": "https://attack.mitre.org/techniques/T1109", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1108", "technique": "Redundant Access", "url": "https://attack.mitre.org/techniques/T1108", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1107", "technique": "File Deletion", "url": "https://attack.mitre.org/techniques/T1107", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1106", "technique": "Execution through API", "url": "https://attack.mitre.org/techniques/T1106", "tactic": [ "Execution" ] }, { "technique_id": "T1105", "technique": "Remote File Copy", "url": "https://attack.mitre.org/techniques/T1105", "tactic": [ "Command And Control", "Lateral Movement" ] }, { "technique_id": "T1104", "technique": "Multi-Stage Channels", "url": "https://attack.mitre.org/techniques/T1104", "tactic": [ "Command And Control" ] }, { "technique_id": "T1103", "technique": "AppInit DLLs", "url": "https://attack.mitre.org/techniques/T1103", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1102", "technique": "Web Service", "url": "https://attack.mitre.org/techniques/T1102", "tactic": [ "Command And Control", "Defense Evasion" ] }, { "technique_id": "T1101", "technique": "Security Support Provider", "url": "https://attack.mitre.org/techniques/T1101", "tactic": [ "Persistence" ] }, { "technique_id": "T1100", "technique": "Web Shell", "url": "https://attack.mitre.org/techniques/T1100", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1099", "technique": "Timestomp", "url": "https://attack.mitre.org/techniques/T1099", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1098", "technique": "Account Manipulation", "url": "https://attack.mitre.org/techniques/T1098", "tactic": [ "Credential Access", "Persistence" ] }, { "technique_id": "T1097", "technique": "Pass the Ticket", "url": "https://attack.mitre.org/techniques/T1097", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1096", "technique": "NTFS File Attributes", "url": "https://attack.mitre.org/techniques/T1096", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1095", "technique": "Standard Non-Application Layer Protocol", "url": "https://attack.mitre.org/techniques/T1095", "tactic": [ "Command And Control" ] }, { "technique_id": "T1094", "technique": "Custom Command and Control Protocol", "url": "https://attack.mitre.org/techniques/T1094", "tactic": [ "Command And Control" ] }, { "technique_id": "T1093", "technique": "Process Hollowing", "url": "https://attack.mitre.org/techniques/T1093", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1092", "technique": "Communication Through Removable Media", "url": "https://attack.mitre.org/techniques/T1092", "tactic": [ "Command And Control" ] }, { "technique_id": "T1091", "technique": "Replication Through Removable Media", "url": "https://attack.mitre.org/techniques/T1091", "tactic": [ "Lateral Movement", "Initial Access" ] }, { "technique_id": "T1090", "technique": "Connection Proxy", "url": "https://attack.mitre.org/techniques/T1090", "tactic": [ "Command And Control", "Defense Evasion" ] }, { "technique_id": "T1089", "technique": "Disabling Security Tools", "url": "https://attack.mitre.org/techniques/T1089", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1088", "technique": "Bypass User Account Control", "url": "https://attack.mitre.org/techniques/T1088", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1087", "technique": "Account Discovery", "url": "https://attack.mitre.org/techniques/T1087", "tactic": [ "Discovery" ] }, { "technique_id": "T1086", "technique": "PowerShell", "url": "https://attack.mitre.org/techniques/T1086", "tactic": [ "Execution" ] }, { "technique_id": "T1085", "technique": "Rundll32", "url": "https://attack.mitre.org/techniques/T1085", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1084", "technique": "Windows Management Instrumentation Event Subscription", "url": "https://attack.mitre.org/techniques/T1084", "tactic": [ "Persistence" ] }, { "technique_id": "T1083", "technique": "File and Directory Discovery", "url": "https://attack.mitre.org/techniques/T1083", "tactic": [ "Discovery" ] }, { "technique_id": "T1082", "technique": "System Information Discovery", "url": "https://attack.mitre.org/techniques/T1082", "tactic": [ "Discovery" ] }, { "technique_id": "T1081", "technique": "Credentials in Files", "url": "https://attack.mitre.org/techniques/T1081", "tactic": [ "Credential Access" ] }, { "technique_id": "T1080", "technique": "Taint Shared Content", "url": "https://attack.mitre.org/techniques/T1080", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1079", "technique": "Multilayer Encryption", "url": "https://attack.mitre.org/techniques/T1079", "tactic": [ "Command And Control" ] }, { "technique_id": "T1078", "technique": "Valid Accounts", "url": "https://attack.mitre.org/techniques/T1078", "tactic": [ "Defense Evasion", "Persistence", "Privilege Escalation", "Initial Access" ] }, { "technique_id": "T1077", "technique": "Windows Admin Shares", "url": "https://attack.mitre.org/techniques/T1077", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1076", "technique": "Remote Desktop Protocol", "url": "https://attack.mitre.org/techniques/T1076", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1075", "technique": "Pass the Hash", "url": "https://attack.mitre.org/techniques/T1075", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1074", "technique": "Data Staged", "url": "https://attack.mitre.org/techniques/T1074", "tactic": [ "Collection" ] }, { "technique_id": "T1073", "technique": "DLL Side-Loading", "url": "https://attack.mitre.org/techniques/T1073", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1072", "technique": "Third-party Software", "url": "https://attack.mitre.org/techniques/T1072", "tactic": [ "Execution", "Lateral Movement" ] }, { "technique_id": "T1071", "technique": "Standard Application Layer Protocol", "url": "https://attack.mitre.org/techniques/T1071", "tactic": [ "Command And Control" ] }, { "technique_id": "T1070", "technique": "Indicator Removal on Host", "url": "https://attack.mitre.org/techniques/T1070", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1069", "technique": "Permission Groups Discovery", "url": "https://attack.mitre.org/techniques/T1069", "tactic": [ "Discovery" ] }, { "technique_id": "T1068", "technique": "Exploitation for Privilege Escalation", "url": "https://attack.mitre.org/techniques/T1068", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1067", "technique": "Bootkit", "url": "https://attack.mitre.org/techniques/T1067", "tactic": [ "Persistence" ] }, { "technique_id": "T1066", "technique": "Indicator Removal from Tools", "url": "https://attack.mitre.org/techniques/T1066", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1065", "technique": "Uncommonly Used Port", "url": "https://attack.mitre.org/techniques/T1065", "tactic": [ "Command And Control" ] }, { "technique_id": "T1064", "technique": "Scripting", "url": "https://attack.mitre.org/techniques/T1064", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1063", "technique": "Security Software Discovery", "url": "https://attack.mitre.org/techniques/T1063", "tactic": [ "Discovery" ] }, { "technique_id": "T1062", "technique": "Hypervisor", "url": "https://attack.mitre.org/techniques/T1062", "tactic": [ "Persistence" ] }, { "technique_id": "T1061", "technique": "Graphical User Interface", "url": "https://attack.mitre.org/techniques/T1061", "tactic": [ "Execution" ] }, { "technique_id": "T1060", "technique": "Registry Run Keys / Startup Folder", "url": "https://attack.mitre.org/techniques/T1060", "tactic": [ "Persistence" ] }, { "technique_id": "T1059", "technique": "Command-Line Interface", "url": "https://attack.mitre.org/techniques/T1059", "tactic": [ "Execution" ] }, { "technique_id": "T1058", "technique": "Service Registry Permissions Weakness", "url": "https://attack.mitre.org/techniques/T1058", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1057", "technique": "Process Discovery", "url": "https://attack.mitre.org/techniques/T1057", "tactic": [ "Discovery" ] }, { "technique_id": "T1056", "technique": "Input Capture", "url": "https://attack.mitre.org/techniques/T1056", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1055", "technique": "Process Injection", "url": "https://attack.mitre.org/techniques/T1055", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1054", "technique": "Indicator Blocking", "url": "https://attack.mitre.org/techniques/T1054", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1053", "technique": "Scheduled Task", "url": "https://attack.mitre.org/techniques/T1053", "tactic": [ "Execution", "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1052", "technique": "Exfiltration Over Physical Medium", "url": "https://attack.mitre.org/techniques/T1052", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1051", "technique": "Shared Webroot", "url": "https://attack.mitre.org/techniques/T1051", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1050", "technique": "New Service", "url": "https://attack.mitre.org/techniques/T1050", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1049", "technique": "System Network Connections Discovery", "url": "https://attack.mitre.org/techniques/T1049", "tactic": [ "Discovery" ] }, { "technique_id": "T1048", "technique": "Exfiltration Over Alternative Protocol", "url": "https://attack.mitre.org/techniques/T1048", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1047", "technique": "Windows Management Instrumentation", "url": "https://attack.mitre.org/techniques/T1047", "tactic": [ "Execution" ] }, { "technique_id": "T1046", "technique": "Network Service Scanning", "url": "https://attack.mitre.org/techniques/T1046", "tactic": [ "Discovery" ] }, { "technique_id": "T1045", "technique": "Software Packing", "url": "https://attack.mitre.org/techniques/T1045", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1044", "technique": "File System Permissions Weakness", "url": "https://attack.mitre.org/techniques/T1044", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1043", "technique": "Commonly Used Port", "url": "https://attack.mitre.org/techniques/T1043", "tactic": [ "Command And Control" ] }, { "technique_id": "T1042", "technique": "Change Default File Association", "url": "https://attack.mitre.org/techniques/T1042", "tactic": [ "Persistence" ] }, { "technique_id": "T1041", "technique": "Exfiltration Over Command and Control Channel", "url": "https://attack.mitre.org/techniques/T1041", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1040", "technique": "Network Sniffing", "url": "https://attack.mitre.org/techniques/T1040", "tactic": [ "Credential Access", "Discovery" ] }, { "technique_id": "T1039", "technique": "Data from Network Shared Drive", "url": "https://attack.mitre.org/techniques/T1039", "tactic": [ "Collection" ] }, { "technique_id": "T1038", "technique": "DLL Search Order Hijacking", "url": "https://attack.mitre.org/techniques/T1038", "tactic": [ "Persistence", "Privilege Escalation", "Defense Evasion" ] }, { "technique_id": "T1037", "technique": "Logon Scripts", "url": "https://attack.mitre.org/techniques/T1037", "tactic": [ "Lateral Movement", "Persistence" ] }, { "technique_id": "T1036", "technique": "Masquerading", "url": "https://attack.mitre.org/techniques/T1036", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1035", "technique": "Service Execution", "url": "https://attack.mitre.org/techniques/T1035", "tactic": [ "Execution" ] }, { "technique_id": "T1034", "technique": "Path Interception", "url": "https://attack.mitre.org/techniques/T1034", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1033", "technique": "System Owner/User Discovery", "url": "https://attack.mitre.org/techniques/T1033", "tactic": [ "Discovery" ] }, { "technique_id": "T1032", "technique": "Standard Cryptographic Protocol", "url": "https://attack.mitre.org/techniques/T1032", "tactic": [ "Command And Control" ] }, { "technique_id": "T1031", "technique": "Modify Existing Service", "url": "https://attack.mitre.org/techniques/T1031", "tactic": [ "Persistence" ] }, { "technique_id": "T1030", "technique": "Data Transfer Size Limits", "url": "https://attack.mitre.org/techniques/T1030", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1029", "technique": "Scheduled Transfer", "url": "https://attack.mitre.org/techniques/T1029", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1028", "technique": "Windows Remote Management", "url": "https://attack.mitre.org/techniques/T1028", "tactic": [ "Execution", "Lateral Movement" ] }, { "technique_id": "T1027", "technique": "Obfuscated Files or Information", "url": "https://attack.mitre.org/techniques/T1027", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1026", "technique": "Multiband Communication", "url": "https://attack.mitre.org/techniques/T1026", "tactic": [ "Command And Control" ] }, { "technique_id": "T1025", "technique": "Data from Removable Media", "url": "https://attack.mitre.org/techniques/T1025", "tactic": [ "Collection" ] }, { "technique_id": "T1024", "technique": "Custom Cryptographic Protocol", "url": "https://attack.mitre.org/techniques/T1024", "tactic": [ "Command And Control" ] }, { "technique_id": "T1023", "technique": "Shortcut Modification", "url": "https://attack.mitre.org/techniques/T1023", "tactic": [ "Persistence" ] }, { "technique_id": "T1022", "technique": "Data Encrypted", "url": "https://attack.mitre.org/techniques/T1022", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1021", "technique": "Remote Services", "url": "https://attack.mitre.org/techniques/T1021", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1020", "technique": "Automated Exfiltration", "url": "https://attack.mitre.org/techniques/T1020", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1019", "technique": "System Firmware", "url": "https://attack.mitre.org/techniques/T1019", "tactic": [ "Persistence" ] }, { "technique_id": "T1018", "technique": "Remote System Discovery", "url": "https://attack.mitre.org/techniques/T1018", "tactic": [ "Discovery" ] }, { "technique_id": "T1017", "technique": "Application Deployment Software", "url": "https://attack.mitre.org/techniques/T1017", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1016", "technique": "System Network Configuration Discovery", "url": "https://attack.mitre.org/techniques/T1016", "tactic": [ "Discovery" ] }, { "technique_id": "T1015", "technique": "Accessibility Features", "url": "https://attack.mitre.org/techniques/T1015", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1014", "technique": "Rootkit", "url": "https://attack.mitre.org/techniques/T1014", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1013", "technique": "Port Monitors", "url": "https://attack.mitre.org/techniques/T1013", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1012", "technique": "Query Registry", "url": "https://attack.mitre.org/techniques/T1012", "tactic": [ "Discovery" ] }, { "technique_id": "T1011", "technique": "Exfiltration Over Other Network Medium", "url": "https://attack.mitre.org/techniques/T1011", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1010", "technique": "Application Window Discovery", "url": "https://attack.mitre.org/techniques/T1010", "tactic": [ "Discovery" ] }, { "technique_id": "T1009", "technique": "Binary Padding", "url": "https://attack.mitre.org/techniques/T1009", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1008", "technique": "Fallback Channels", "url": "https://attack.mitre.org/techniques/T1008", "tactic": [ "Command And Control" ] }, { "technique_id": "T1007", "technique": "System Service Discovery", "url": "https://attack.mitre.org/techniques/T1007", "tactic": [ "Discovery" ] }, { "technique_id": "T1006", "technique": "File System Logical Offsets", "url": "https://attack.mitre.org/techniques/T1006", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1005", "technique": "Data from Local System", "url": "https://attack.mitre.org/techniques/T1005", "tactic": [ "Collection" ] }, { "technique_id": "T1004", "technique": "Winlogon Helper DLL", "url": "https://attack.mitre.org/techniques/T1004", "tactic": [ "Persistence" ] }, { "technique_id": "T1003", "technique": "Credential Dumping", "url": "https://attack.mitre.org/techniques/T1003", "tactic": [ "Credential Access" ] }, { "technique_id": "T1002", "technique": "Data Compressed", "url": "https://attack.mitre.org/techniques/T1002", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1001", "technique": "Data Obfuscation", "url": "https://attack.mitre.org/techniques/T1001", "tactic": [ "Command And Control" ] }, { "technique_id": "T1397", "technique": "Spearphishing for Information", "url": "https://attack.mitre.org/techniques/T1397", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1307", "technique": "Acquire and/or use 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1307", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1275", "technique": "Aggregate individual's digital footprint", "url": "https://attack.mitre.org/techniques/T1275", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1294", "technique": "Analyze hardware/software security defensive capabilities", "url": "https://attack.mitre.org/techniques/T1294", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1295", "technique": "Analyze social and business relationships, interests, and affiliations", "url": "https://attack.mitre.org/techniques/T1295", "tactic": [ "People Weakness Identification" ] }, { "technique_id": "T1299", "technique": "Assess opportunities created by business deals", "url": "https://attack.mitre.org/techniques/T1299", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1228", "technique": "Assign KITs/KIQs into categories", "url": "https://attack.mitre.org/techniques/T1228", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1349", "technique": "Build or acquire exploits", "url": "https://attack.mitre.org/techniques/T1349", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1343", "technique": "Choose pre-compromised persona and affiliated accounts", "url": "https://attack.mitre.org/techniques/T1343", "tactic": [ "Persona Development" ] }, { "technique_id": "T1388", "technique": "Compromise of externally facing system", "url": "https://attack.mitre.org/techniques/T1388", "tactic": [ "Compromise" ] }, { "technique_id": "T1268", "technique": "Conduct social engineering", "url": "https://attack.mitre.org/techniques/T1268", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1345", "technique": "Create custom payloads", "url": "https://attack.mitre.org/techniques/T1345", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1382", "technique": "DNS poisoning", "url": "https://attack.mitre.org/techniques/T1382", "tactic": [ "Launch" ] }, { "technique_id": "T1284", "technique": "Determine 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1284", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1259", "technique": "Determine external network trust dependencies", "url": "https://attack.mitre.org/techniques/T1259", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1244", "technique": "Determine secondary level tactical element", "url": "https://attack.mitre.org/techniques/T1244", "tactic": [ "Target Selection" ] }, { "technique_id": "T1255", "technique": "Discover target logon/email address format", "url": "https://attack.mitre.org/techniques/T1255", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1286", "technique": "Dumpster dive", "url": "https://attack.mitre.org/techniques/T1286", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1377", "technique": "Exploit public-facing application", "url": "https://attack.mitre.org/techniques/T1377", "tactic": [ "Launch" ] }, { "technique_id": "T1365", "technique": "Hardware or software supply chain implant", "url": "https://attack.mitre.org/techniques/T1365", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1272", "technique": "Identify business relationships", "url": "https://attack.mitre.org/techniques/T1272", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1278", "technique": "Identify job postings and needs/gaps", "url": "https://attack.mitre.org/techniques/T1278", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1263", "technique": "Identify security defensive capabilities", "url": "https://attack.mitre.org/techniques/T1263", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1264", "technique": "Identify technology usage patterns", "url": "https://attack.mitre.org/techniques/T1264", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1252", "technique": "Map network topology", "url": "https://attack.mitre.org/techniques/T1252", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1316", "technique": "Non-traditional or less attributable payment options", "url": "https://attack.mitre.org/techniques/T1316", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1319", "technique": "Obfuscate or encrypt code", "url": "https://attack.mitre.org/techniques/T1319", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1281", "technique": "Obtain templates/branding materials", "url": "https://attack.mitre.org/techniques/T1281", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1335", "technique": "Procure required equipment and software", "url": "https://attack.mitre.org/techniques/T1335", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1351", "technique": "Remote access tool development", "url": "https://attack.mitre.org/techniques/T1351", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1395", "technique": "Runtime code download and execution", "url": "https://attack.mitre.org/techniques/T1395", "tactic": [ "Launch" ] }, { "technique_id": "T1367", "technique": "Spear phishing messages with malicious attachments", "url": "https://attack.mitre.org/techniques/T1367", "tactic": [ "Launch" ] }, { "technique_id": "T1371", "technique": "Targeted client-side exploitation", "url": "https://attack.mitre.org/techniques/T1371", "tactic": [ "Launch" ] }, { "technique_id": "T1357", "technique": "Test malware in various execution environments", "url": "https://attack.mitre.org/techniques/T1357", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1387", "technique": "Unauthorized user introduces compromise delivery mechanism", "url": "https://attack.mitre.org/techniques/T1387", "tactic": [ "Compromise" ] }, { "technique_id": "T1329", "technique": "Acquire and/or use 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1329", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1332", "technique": "Acquire or compromise 3rd party signing certificates", "url": "https://attack.mitre.org/techniques/T1332", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1287", "technique": "Analyze data collected", "url": "https://attack.mitre.org/techniques/T1287", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1303", "technique": "Analyze presence of outsourced capabilities", "url": "https://attack.mitre.org/techniques/T1303", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1224", "technique": "Assess leadership areas of interest", "url": "https://attack.mitre.org/techniques/T1224", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1238", "technique": "Assign KITs, KIQs, and/or intelligence requirements", "url": "https://attack.mitre.org/techniques/T1238", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1347", "technique": "Build and configure delivery systems", "url": "https://attack.mitre.org/techniques/T1347", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1391", "technique": "Choose pre-compromised mobile app developer account credentials or signing keys", "url": "https://attack.mitre.org/techniques/T1391", "tactic": [ "Persona Development" ] }, { "technique_id": "T1354", "technique": "Compromise 3rd party or closed-source vulnerability/exploit information", "url": "https://attack.mitre.org/techniques/T1354", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1279", "technique": "Conduct social engineering", "url": "https://attack.mitre.org/techniques/T1279", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1339", "technique": "Create backup infrastructure", "url": "https://attack.mitre.org/techniques/T1339", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1374", "technique": "Credential pharming", "url": "https://attack.mitre.org/techniques/T1374", "tactic": [ "Launch" ] }, { "technique_id": "T1230", "technique": "Derive intelligence requirements", "url": "https://attack.mitre.org/techniques/T1230", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1250", "technique": "Determine domain and IP address space", "url": "https://attack.mitre.org/techniques/T1250", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1282", "technique": "Determine physical locations", "url": "https://attack.mitre.org/techniques/T1282", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1350", "technique": "Discover new exploits and monitor exploit-provider forums", "url": "https://attack.mitre.org/techniques/T1350", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1326", "technique": "Domain registration hijacking", "url": "https://attack.mitre.org/techniques/T1326", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1261", "technique": "Enumerate externally facing software applications technologies, languages, and dependencies", "url": "https://attack.mitre.org/techniques/T1261", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1234", "technique": "Generate analyst intelligence requirements", "url": "https://attack.mitre.org/techniques/T1234", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1280", "technique": "Identify business processes/tempo", "url": "https://attack.mitre.org/techniques/T1280", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1248", "technique": "Identify job postings and needs/gaps", "url": "https://attack.mitre.org/techniques/T1248", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1348", "technique": "Identify resources required to build capabilities", "url": "https://attack.mitre.org/techniques/T1348", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1265", "technique": "Identify supply chains", "url": "https://attack.mitre.org/techniques/T1265", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1375", "technique": "Leverage compromised 3rd party resources", "url": "https://attack.mitre.org/techniques/T1375", "tactic": [ "Launch" ] }, { "technique_id": "T1315", "technique": "Network-based hiding techniques", "url": "https://attack.mitre.org/techniques/T1315", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1318", "technique": "Obfuscate operational infrastructure", "url": "https://attack.mitre.org/techniques/T1318", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1251", "technique": "Obtain domain/IP registration information", "url": "https://attack.mitre.org/techniques/T1251", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1305", "technique": "Private whois services", "url": "https://attack.mitre.org/techniques/T1305", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1235", "technique": "Receive operator KITs/KIQs tasking", "url": "https://attack.mitre.org/techniques/T1235", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1358", "technique": "Review logs and residual traces", "url": "https://attack.mitre.org/techniques/T1358", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1340", "technique": "Shadow DNS", "url": "https://attack.mitre.org/techniques/T1340", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1237", "technique": "Submit KITs, KIQs, and intelligence requirements", "url": "https://attack.mitre.org/techniques/T1237", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1356", "technique": "Test callback functionality", "url": "https://attack.mitre.org/techniques/T1356", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1361", "technique": "Test signature detection for file upload/email filters", "url": "https://attack.mitre.org/techniques/T1361", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1327", "technique": "Use multiple DNS infrastructures", "url": "https://attack.mitre.org/techniques/T1327", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1277", "technique": "Acquire OSINT data sets and information", "url": "https://attack.mitre.org/techniques/T1277", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1310", "technique": "Acquire or compromise 3rd party signing certificates", "url": "https://attack.mitre.org/techniques/T1310", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1301", "technique": "Analyze business processes", "url": "https://attack.mitre.org/techniques/T1301", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1297", "technique": "Analyze organizational skillsets and deficiencies", "url": "https://attack.mitre.org/techniques/T1297", "tactic": [ "People Weakness Identification" ] }, { "technique_id": "T1236", "technique": "Assess current holdings, needs, and wants", "url": "https://attack.mitre.org/techniques/T1236", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1298", "technique": "Assess vulnerability of 3rd party vendors", "url": "https://attack.mitre.org/techniques/T1298", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1384", "technique": "Automated system performs requested action", "url": "https://attack.mitre.org/techniques/T1384", "tactic": [ "Compromise" ] }, { "technique_id": "T1352", "technique": "C2 protocol development", "url": "https://attack.mitre.org/techniques/T1352", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1334", "technique": "Compromise 3rd party infrastructure to support delivery", "url": "https://attack.mitre.org/techniques/T1334", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1253", "technique": "Conduct passive scanning", "url": "https://attack.mitre.org/techniques/T1253", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1383", "technique": "Confirmation of launched compromise achieved", "url": "https://attack.mitre.org/techniques/T1383", "tactic": [ "Compromise" ] }, { "technique_id": "T1231", "technique": "Create strategic plan", "url": "https://attack.mitre.org/techniques/T1231", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1380", "technique": "Deploy exploit using advertising", "url": "https://attack.mitre.org/techniques/T1380", "tactic": [ "Launch" ] }, { "technique_id": "T1285", "technique": "Determine centralization of IT management", "url": "https://attack.mitre.org/techniques/T1285", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1242", "technique": "Determine operational element", "url": "https://attack.mitre.org/techniques/T1242", "tactic": [ "Target Selection" ] }, { "technique_id": "T1342", "technique": "Develop social network persona digital footprint", "url": "https://attack.mitre.org/techniques/T1342", "tactic": [ "Persona Development" ] }, { "technique_id": "T1323", "technique": "Domain Generation Algorithms (DGA)", "url": "https://attack.mitre.org/techniques/T1323", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1262", "technique": "Enumerate client configurations", "url": "https://attack.mitre.org/techniques/T1262", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1364", "technique": "Friend/Follow/Connect to targets of interest", "url": "https://attack.mitre.org/techniques/T1364", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1233", "technique": "Identify analyst level gaps", "url": "https://attack.mitre.org/techniques/T1233", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1270", "technique": "Identify groups/roles", "url": "https://attack.mitre.org/techniques/T1270", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1271", "technique": "Identify personnel with an authority/privilege", "url": "https://attack.mitre.org/techniques/T1271", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1246", "technique": "Identify supply chains", "url": "https://attack.mitre.org/techniques/T1246", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1336", "technique": "Install and configure hardware, network, and systems", "url": "https://attack.mitre.org/techniques/T1336", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1322", "technique": "Misattributable credentials", "url": "https://attack.mitre.org/techniques/T1322", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1331", "technique": "Obfuscate infrastructure", "url": "https://attack.mitre.org/techniques/T1331", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1396", "technique": "Obtain booter/stressor subscription", "url": "https://attack.mitre.org/techniques/T1396", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1353", "technique": "Post compromise tool development", "url": "https://attack.mitre.org/techniques/T1353", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1239", "technique": "Receive KITs/KIQs and determine requirements", "url": "https://attack.mitre.org/techniques/T1239", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1290", "technique": "Research visibility gap of security vendors", "url": "https://attack.mitre.org/techniques/T1290", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1317", "technique": "Secure and protect infrastructure", "url": "https://attack.mitre.org/techniques/T1317", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1393", "technique": "Test ability to evade automated mobile application security analysis performed by app stores", "url": "https://attack.mitre.org/techniques/T1393", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1292", "technique": "Test signature detection", "url": "https://attack.mitre.org/techniques/T1292", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1362", "technique": "Upload, install, and configure software/tools", "url": "https://attack.mitre.org/techniques/T1362", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1266", "technique": "Acquire OSINT data sets and information", "url": "https://attack.mitre.org/techniques/T1266", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1308", "technique": "Acquire and/or use 3rd party software services", "url": "https://attack.mitre.org/techniques/T1308", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1293", "technique": "Analyze application security posture", "url": "https://attack.mitre.org/techniques/T1293", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1300", "technique": "Analyze organizational skillsets and deficiencies", "url": "https://attack.mitre.org/techniques/T1300", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1306", "technique": "Anonymity services", "url": "https://attack.mitre.org/techniques/T1306", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1302", "technique": "Assess security posture of physical locations", "url": "https://attack.mitre.org/techniques/T1302", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1381", "technique": "Authentication attempt", "url": "https://attack.mitre.org/techniques/T1381", "tactic": [ "Launch" ] }, { "technique_id": "T1341", "technique": "Build social network persona", "url": "https://attack.mitre.org/techniques/T1341", "tactic": [ "Persona Development" ] }, { "technique_id": "T1321", "technique": "Common, high volume protocols and software", "url": "https://attack.mitre.org/techniques/T1321", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1254", "technique": "Conduct active scanning", "url": "https://attack.mitre.org/techniques/T1254", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1249", "technique": "Conduct social engineering", "url": "https://attack.mitre.org/techniques/T1249", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1232", "technique": "Create implementation plan", "url": "https://attack.mitre.org/techniques/T1232", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1324", "technique": "DNSCalc", "url": "https://attack.mitre.org/techniques/T1324", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1260", "technique": "Determine 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1260", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1258", "technique": "Determine firmware version", "url": "https://attack.mitre.org/techniques/T1258", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1241", "technique": "Determine strategic target", "url": "https://attack.mitre.org/techniques/T1241", "tactic": [ "Target Selection" ] }, { "technique_id": "T1379", "technique": "Disseminate removable media", "url": "https://attack.mitre.org/techniques/T1379", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1311", "technique": "Dynamic DNS", "url": "https://attack.mitre.org/techniques/T1311", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1325", "technique": "Fast Flux DNS", "url": "https://attack.mitre.org/techniques/T1325", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1314", "technique": "Host-based hiding techniques", "url": "https://attack.mitre.org/techniques/T1314", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1283", "technique": "Identify business relationships", "url": "https://attack.mitre.org/techniques/T1283", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1267", "technique": "Identify job postings and needs/gaps", "url": "https://attack.mitre.org/techniques/T1267", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1274", "technique": "Identify sensitive personnel information", "url": "https://attack.mitre.org/techniques/T1274", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1389", "technique": "Identify vulnerabilities in third-party software libraries", "url": "https://attack.mitre.org/techniques/T1389", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1273", "technique": "Mine social media", "url": "https://attack.mitre.org/techniques/T1273", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1390", "technique": "OS-vendor provided communication channels", "url": "https://attack.mitre.org/techniques/T1390", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1313", "technique": "Obfuscation or cryptography", "url": "https://attack.mitre.org/techniques/T1313", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1247", "technique": "Acquire OSINT data sets and information", "url": "https://attack.mitre.org/techniques/T1247", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1346", "technique": "Obtain/re-use payloads", "url": "https://attack.mitre.org/techniques/T1346", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1330", "technique": "Acquire and/or use 3rd party software services", "url": "https://attack.mitre.org/techniques/T1330", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1288", "technique": "Analyze architecture and configuration posture", "url": "https://attack.mitre.org/techniques/T1288", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1304", "technique": "Proxy/protocol relays", "url": "https://attack.mitre.org/techniques/T1304", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1289", "technique": "Analyze organizational skillsets and deficiencies", "url": "https://attack.mitre.org/techniques/T1289", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1378", "technique": "Replace legitimate binary with malware", "url": "https://attack.mitre.org/techniques/T1378", "tactic": [ "Launch" ] }, { "technique_id": "T1229", "technique": "Assess KITs/KIQs benefits", "url": "https://attack.mitre.org/techniques/T1229", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1337", "technique": "SSL certificate acquisition for domain", "url": "https://attack.mitre.org/techniques/T1337", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1296", "technique": "Assess targeting options", "url": "https://attack.mitre.org/techniques/T1296", "tactic": [ "People Weakness Identification" ] }, { "technique_id": "T1386", "technique": "Authorized user performs requested cyber action", "url": "https://attack.mitre.org/techniques/T1386", "tactic": [ "Compromise" ] }, { "technique_id": "T1369", "technique": "Spear phishing messages with malicious links", "url": "https://attack.mitre.org/techniques/T1369", "tactic": [ "Launch" ] }, { "technique_id": "T1328", "technique": "Buy domain name", "url": "https://attack.mitre.org/techniques/T1328", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1366", "technique": "Targeted social media phishing", "url": "https://attack.mitre.org/techniques/T1366", "tactic": [ "Launch" ] }, { "technique_id": "T1312", "technique": "Compromise 3rd party infrastructure to support delivery", "url": "https://attack.mitre.org/techniques/T1312", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1359", "technique": "Test malware to evade detection", "url": "https://attack.mitre.org/techniques/T1359", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1226", "technique": "Conduct cost/benefit analysis", "url": "https://attack.mitre.org/techniques/T1226", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1376", "technique": "Conduct social engineering or HUMINT operation", "url": "https://attack.mitre.org/techniques/T1376", "tactic": [ "Launch" ] }, { "technique_id": "T1355", "technique": "Create infected removable media", "url": "https://attack.mitre.org/techniques/T1355", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1320", "technique": "Data Hiding", "url": "https://attack.mitre.org/techniques/T1320", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1245", "technique": "Determine approach/attack vector", "url": "https://attack.mitre.org/techniques/T1245", "tactic": [ "Target Selection" ] }, { "technique_id": "T1243", "technique": "Determine highest level tactical element", "url": "https://attack.mitre.org/techniques/T1243", "tactic": [ "Target Selection" ] }, { "technique_id": "T1227", "technique": "Develop KITs/KIQs", "url": "https://attack.mitre.org/techniques/T1227", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1394", "technique": "Distribute malicious software development tools", "url": "https://attack.mitre.org/techniques/T1394", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1333", "technique": "Dynamic DNS", "url": "https://attack.mitre.org/techniques/T1333", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1344", "technique": "Friend/Follow/Connect to targets of interest", "url": "https://attack.mitre.org/techniques/T1344", "tactic": [ "Persona Development" ] }, { "technique_id": "T1385", "technique": "Human performs requested action of physical nature", "url": "https://attack.mitre.org/techniques/T1385", "tactic": [ "Compromise" ] }, { "technique_id": "T1225", "technique": "Identify gap areas", "url": "https://attack.mitre.org/techniques/T1225", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1269", "technique": "Identify people of interest", "url": "https://attack.mitre.org/techniques/T1269", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1276", "technique": "Identify supply chains", "url": "https://attack.mitre.org/techniques/T1276", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1256", "technique": "Identify web defensive services", "url": "https://attack.mitre.org/techniques/T1256", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1257", "technique": "Mine technical blogs/forums", "url": "https://attack.mitre.org/techniques/T1257", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1309", "technique": "Obfuscate infrastructure", "url": "https://attack.mitre.org/techniques/T1309", "tactic": [ "Adversary Opsec" ] }, { "technique_id": "T1392", "technique": "Obtain Apple iOS enterprise distribution key pair and certificate", "url": "https://attack.mitre.org/techniques/T1392", "tactic": [ "Persona Development" ] }, { "technique_id": "T1363", "technique": "Port redirector", "url": "https://attack.mitre.org/techniques/T1363", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1373", "technique": "Push-notification client-side exploit", "url": "https://attack.mitre.org/techniques/T1373", "tactic": [ "Launch" ] }, { "technique_id": "T1291", "technique": "Research relevant vulnerabilities/CVEs", "url": "https://attack.mitre.org/techniques/T1291", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1338", "technique": "SSL certificate acquisition for trust breaking", "url": "https://attack.mitre.org/techniques/T1338", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1368", "technique": "Spear phishing messages with text only", "url": "https://attack.mitre.org/techniques/T1368", "tactic": [ "Launch" ] }, { "technique_id": "T1240", "technique": "Task requirements", "url": "https://attack.mitre.org/techniques/T1240", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1360", "technique": "Test physical access", "url": "https://attack.mitre.org/techniques/T1360", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1370", "technique": "Untargeted client-side exploitation", "url": "https://attack.mitre.org/techniques/T1370", "tactic": [ "Launch" ] }, { "technique_id": "T1372", "technique": "Unconditional client-side exploitation/Injected Website/Driveby", "url": "https://attack.mitre.org/techniques/T1372", "tactic": [ "Launch" ] }, { "technique_id": "T1533", "technique": "Data from Local System", "url": "https://attack.mitre.org/techniques/T1533", "tactic": [ "Collection" ] }, { "technique_id": "T1532", "technique": "Data Encrypted", "url": "https://attack.mitre.org/techniques/T1532", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1523", "technique": "Evade Analysis Environment", "url": "https://attack.mitre.org/techniques/T1523", "tactic": [ "Defense Evasion", "Discovery" ] }, { "technique_id": "T1521", "technique": "Standard Cryptographic Protocol", "url": "https://attack.mitre.org/techniques/T1521", "tactic": [ "Command And Control" ] }, { "technique_id": "T1520", "technique": "Domain Generation Algorithms", "url": "https://attack.mitre.org/techniques/T1520", "tactic": [ "Command And Control" ] }, { "technique_id": "T1516", "technique": "Input Injection", "url": "https://attack.mitre.org/techniques/T1516", "tactic": [ "Defense Evasion", "Impact" ] }, { "technique_id": "T1517", "technique": "Access Notifications", "url": "https://attack.mitre.org/techniques/T1517", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1512", "technique": "Capture Camera", "url": "https://attack.mitre.org/techniques/T1512", "tactic": [ "Collection" ] }, { "technique_id": "T1513", "technique": "Screen Capture", "url": "https://attack.mitre.org/techniques/T1513", "tactic": [ "Collection" ] }, { "technique_id": "T1509", "technique": "Uncommonly Used Port", "url": "https://attack.mitre.org/techniques/T1509", "tactic": [ "Command And Control" ] }, { "technique_id": "T1510", "technique": "Clipboard Modification", "url": "https://attack.mitre.org/techniques/T1510", "tactic": [ "Impact" ] }, { "technique_id": "T1508", "technique": "Suppress Application Icon", "url": "https://attack.mitre.org/techniques/T1508", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1507", "technique": "Network Information Discovery", "url": "https://attack.mitre.org/techniques/T1507", "tactic": [ "Collection" ] }, { "technique_id": "T1481", "technique": "Web Service", "url": "https://attack.mitre.org/techniques/T1481", "tactic": [ "Command And Control" ] }, { "technique_id": "T1476", "technique": "Deliver Malicious App via Other Means", "url": "https://attack.mitre.org/techniques/T1476", "tactic": [ "Initial Access" ] }, { "technique_id": "T1475", "technique": "Deliver Malicious App via Authorized App Store", "url": "https://attack.mitre.org/techniques/T1475", "tactic": [ "Initial Access" ] }, { "technique_id": "T1474", "technique": "Supply Chain Compromise", "url": "https://attack.mitre.org/techniques/T1474", "tactic": [ "Initial Access" ] }, { "technique_id": "T1477", "technique": "Exploit via Radio Interfaces", "url": "https://attack.mitre.org/techniques/T1477", "tactic": [ "Initial Access" ] }, { "technique_id": "T1478", "technique": "Install Insecure or Malicious Configuration", "url": "https://attack.mitre.org/techniques/T1478", "tactic": [ "Defense Evasion", "Initial Access" ] }, { "technique_id": "T1444", "technique": "Masquerade as Legitimate Application", "url": "https://attack.mitre.org/techniques/T1444", "tactic": [ "Initial Access" ] }, { "technique_id": "T1443", "technique": "Remotely Install Application", "url": "https://attack.mitre.org/techniques/T1443", "tactic": [] }, { "technique_id": "T1411", "technique": "Input Prompt", "url": "https://attack.mitre.org/techniques/T1411", "tactic": [ "Credential Access" ] }, { "technique_id": "T1424", "technique": "Process Discovery", "url": "https://attack.mitre.org/techniques/T1424", "tactic": [ "Discovery" ] }, { "technique_id": "T1421", "technique": "System Network Connections Discovery", "url": "https://attack.mitre.org/techniques/T1421", "tactic": [ "Discovery" ] }, { "technique_id": "T1437", "technique": "Standard Application Layer Protocol", "url": "https://attack.mitre.org/techniques/T1437", "tactic": [ "Command And Control", "Exfiltration" ] }, { "technique_id": "T1422", "technique": "System Network Configuration Discovery", "url": "https://attack.mitre.org/techniques/T1422", "tactic": [ "Discovery" ] }, { "technique_id": "T1406", "technique": "Obfuscated Files or Information", "url": "https://attack.mitre.org/techniques/T1406", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1416", "technique": "Android Intent Hijacking", "url": "https://attack.mitre.org/techniques/T1416", "tactic": [ "Credential Access" ] }, { "technique_id": "T1447", "technique": "Delete Device Data", "url": "https://attack.mitre.org/techniques/T1447", "tactic": [ "Impact" ] }, { "technique_id": "T1398", "technique": "Modify OS Kernel or Boot Partition", "url": "https://attack.mitre.org/techniques/T1398", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1400", "technique": "Modify System Partition", "url": "https://attack.mitre.org/techniques/T1400", "tactic": [ "Defense Evasion", "Persistence", "Impact" ] }, { "technique_id": "T1425", "technique": "Insecure Third-Party Libraries", "url": "https://attack.mitre.org/techniques/T1425", "tactic": [] }, { "technique_id": "T1402", "technique": "App Auto-Start at Device Boot", "url": "https://attack.mitre.org/techniques/T1402", "tactic": [ "Persistence" ] }, { "technique_id": "T1401", "technique": "Abuse Device Administrator Access to Prevent Removal", "url": "https://attack.mitre.org/techniques/T1401", "tactic": [ "Persistence" ] }, { "technique_id": "T1404", "technique": "Exploit OS Vulnerability", "url": "https://attack.mitre.org/techniques/T1404", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1403", "technique": "Modify Cached Executable Code", "url": "https://attack.mitre.org/techniques/T1403", "tactic": [ "Persistence" ] }, { "technique_id": "T1442", "technique": "Fake Developer Accounts", "url": "https://attack.mitre.org/techniques/T1442", "tactic": [] }, { "technique_id": "T1419", "technique": "Device Type Discovery", "url": "https://attack.mitre.org/techniques/T1419", "tactic": [ "Discovery" ] }, { "technique_id": "T1418", "technique": "Application Discovery", "url": "https://attack.mitre.org/techniques/T1418", "tactic": [ "Defense Evasion", "Discovery" ] }, { "technique_id": "T1417", "technique": "Input Capture", "url": "https://attack.mitre.org/techniques/T1417", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1438", "technique": "Alternate Network Mediums", "url": "https://attack.mitre.org/techniques/T1438", "tactic": [ "Command And Control", "Exfiltration" ] }, { "technique_id": "T1423", "technique": "Network Service Scanning", "url": "https://attack.mitre.org/techniques/T1423", "tactic": [ "Discovery" ] }, { "technique_id": "T1440", "technique": "Detect App Analysis Environment", "url": "https://attack.mitre.org/techniques/T1440", "tactic": [] }, { "technique_id": "T1439", "technique": "Eavesdrop on Insecure Network Communication", "url": "https://attack.mitre.org/techniques/T1439", "tactic": [ "Network Effects" ] }, { "technique_id": "T1464", "technique": "Jamming or Denial of Service", "url": "https://attack.mitre.org/techniques/T1464", "tactic": [ "Network Effects" ] }, { "technique_id": "T1463", "technique": "Manipulate Device Communication", "url": "https://attack.mitre.org/techniques/T1463", "tactic": [ "Network Effects" ] }, { "technique_id": "T1462", "technique": "Malicious Software Development Tools", "url": "https://attack.mitre.org/techniques/T1462", "tactic": [] }, { "technique_id": "T1461", "technique": "Lockscreen Bypass", "url": "https://attack.mitre.org/techniques/T1461", "tactic": [ "Initial Access" ] }, { "technique_id": "T1460", "technique": "Biometric Spoofing", "url": "https://attack.mitre.org/techniques/T1460", "tactic": [] }, { "technique_id": "T1459", "technique": "Device Unlock Code Guessing or Brute Force", "url": "https://attack.mitre.org/techniques/T1459", "tactic": [] }, { "technique_id": "T1458", "technique": "Exploit via Charging Station or PC", "url": "https://attack.mitre.org/techniques/T1458", "tactic": [ "Initial Access" ] }, { "technique_id": "T1405", "technique": "Exploit TEE Vulnerability", "url": "https://attack.mitre.org/techniques/T1405", "tactic": [ "Credential Access", "Privilege Escalation" ] }, { "technique_id": "T1467", "technique": "Rogue Cellular Base Station", "url": "https://attack.mitre.org/techniques/T1467", "tactic": [ "Network Effects" ] }, { "technique_id": "T1420", "technique": "File and Directory Discovery", "url": "https://attack.mitre.org/techniques/T1420", "tactic": [ "Discovery" ] }, { "technique_id": "T1466", "technique": "Downgrade to Insecure Protocols", "url": "https://attack.mitre.org/techniques/T1466", "tactic": [ "Network Effects" ] }, { "technique_id": "T1465", "technique": "Rogue Wi-Fi Access Points", "url": "https://attack.mitre.org/techniques/T1465", "tactic": [ "Network Effects" ] }, { "technique_id": "T1468", "technique": "Remotely Track Device Without Authorization", "url": "https://attack.mitre.org/techniques/T1468", "tactic": [ "Remote Service Effects" ] }, { "technique_id": "T1435", "technique": "Access Calendar Entries", "url": "https://attack.mitre.org/techniques/T1435", "tactic": [ "Collection" ] }, { "technique_id": "T1451", "technique": "SIM Card Swap", "url": "https://attack.mitre.org/techniques/T1451", "tactic": [ "Network Effects" ] }, { "technique_id": "T1414", "technique": "Capture Clipboard Data", "url": "https://attack.mitre.org/techniques/T1414", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1457", "technique": "Malicious Media Content", "url": "https://attack.mitre.org/techniques/T1457", "tactic": [] }, { "technique_id": "T1426", "technique": "System Information Discovery", "url": "https://attack.mitre.org/techniques/T1426", "tactic": [ "Discovery" ] }, { "technique_id": "T1472", "technique": "Generate Fraudulent Advertising Revenue", "url": "https://attack.mitre.org/techniques/T1472", "tactic": [ "Impact" ] }, { "technique_id": "T1399", "technique": "Modify Trusted Execution Environment", "url": "https://attack.mitre.org/techniques/T1399", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1470", "technique": "Obtain Device Cloud Backups", "url": "https://attack.mitre.org/techniques/T1470", "tactic": [ "Remote Service Effects" ] }, { "technique_id": "T1446", "technique": "Device Lockout", "url": "https://attack.mitre.org/techniques/T1446", "tactic": [ "Impact", "Defense Evasion" ] }, { "technique_id": "T1415", "technique": "URL Scheme Hijacking", "url": "https://attack.mitre.org/techniques/T1415", "tactic": [ "Credential Access" ] }, { "technique_id": "T1413", "technique": "Access Sensitive Data in Device Logs", "url": "https://attack.mitre.org/techniques/T1413", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1436", "technique": "Commonly Used Port", "url": "https://attack.mitre.org/techniques/T1436", "tactic": [ "Command And Control", "Exfiltration" ] }, { "technique_id": "T1445", "technique": "Abuse of iOS Enterprise App Signing Key", "url": "https://attack.mitre.org/techniques/T1445", "tactic": [] }, { "technique_id": "T1412", "technique": "Capture SMS Messages", "url": "https://attack.mitre.org/techniques/T1412", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1409", "technique": "Access Stored Application Data", "url": "https://attack.mitre.org/techniques/T1409", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1410", "technique": "Network Traffic Capture or Redirection", "url": "https://attack.mitre.org/techniques/T1410", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1407", "technique": "Download New Code at Runtime", "url": "https://attack.mitre.org/techniques/T1407", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1408", "technique": "Disguise Root/Jailbreak Indicators", "url": "https://attack.mitre.org/techniques/T1408", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1427", "technique": "Attack PC via USB Connection", "url": "https://attack.mitre.org/techniques/T1427", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1428", "technique": "Exploit Enterprise Resources", "url": "https://attack.mitre.org/techniques/T1428", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1429", "technique": "Capture Audio", "url": "https://attack.mitre.org/techniques/T1429", "tactic": [ "Collection" ] }, { "technique_id": "T1430", "technique": "Location Tracking", "url": "https://attack.mitre.org/techniques/T1430", "tactic": [ "Collection", "Discovery" ] }, { "technique_id": "T1431", "technique": "App Delivered via Web Download", "url": "https://attack.mitre.org/techniques/T1431", "tactic": [] }, { "technique_id": "T1432", "technique": "Access Contact List", "url": "https://attack.mitre.org/techniques/T1432", "tactic": [ "Collection" ] }, { "technique_id": "T1433", "technique": "Access Call Log", "url": "https://attack.mitre.org/techniques/T1433", "tactic": [ "Collection" ] }, { "technique_id": "T1434", "technique": "App Delivered via Email Attachment", "url": "https://attack.mitre.org/techniques/T1434", "tactic": [] }, { "technique_id": "T1471", "technique": "Data Encrypted for Impact", "url": "https://attack.mitre.org/techniques/T1471", "tactic": [ "Impact" ] }, { "technique_id": "T1450", "technique": "Exploit SS7 to Track Device Location", "url": "https://attack.mitre.org/techniques/T1450", "tactic": [ "Network Effects" ] }, { "technique_id": "T1473", "technique": "Malicious or Vulnerable Built-in Device Functionality", "url": "https://attack.mitre.org/techniques/T1473", "tactic": [] }, { "technique_id": "T1448", "technique": "Premium SMS Toll Fraud", "url": "https://attack.mitre.org/techniques/T1448", "tactic": [ "Impact" ] }, { "technique_id": "T1453", "technique": "Abuse Accessibility Features", "url": "https://attack.mitre.org/techniques/T1453", "tactic": [ "Collection", "Credential Access", "Impact", "Defense Evasion" ] }, { "technique_id": "T1454", "technique": "Malicious SMS Message", "url": "https://attack.mitre.org/techniques/T1454", "tactic": [] }, { "technique_id": "T1469", "technique": "Remotely Wipe Data Without Authorization", "url": "https://attack.mitre.org/techniques/T1469", "tactic": [ "Remote Service Effects" ] }, { "technique_id": "T1452", "technique": "Manipulate App Store Rankings or Ratings", "url": "https://attack.mitre.org/techniques/T1452", "tactic": [ "Impact" ] }, { "technique_id": "T1455", "technique": "Exploit Baseband Vulnerability", "url": "https://attack.mitre.org/techniques/T1455", "tactic": [] }, { "technique_id": "T1456", "technique": "Drive-by Compromise", "url": "https://attack.mitre.org/techniques/T1456", "tactic": [ "Initial Access" ] }, { "technique_id": "T1449", "technique": "Exploit SS7 to Redirect Phone Calls/SMS", "url": "https://attack.mitre.org/techniques/T1449", "tactic": [ "Network Effects" ] }, { "technique_id": "T1441", "technique": "Stolen Developer Credentials or Signing Keys", "url": "https://attack.mitre.org/techniques/T1441", "tactic": [] } ]