[ { "technique_id": "T1001", "technique": "Data Obfuscation", "url": "https://attack.mitre.org/techniques/T1001", "tactic": [ "Command and Control" ] }, { "technique_id": "T1001.001", "technique": "Data Obfuscation : Junk Data", "url": "https://attack.mitre.org/techniques/T1001/001" }, { "technique_id": "T1001.002", "technique": "Data Obfuscation : Steganography", "url": "https://attack.mitre.org/techniques/T1001/002" }, { "technique_id": "T1001.003", "technique": "Data Obfuscation : Protocol Impersonation", "url": "https://attack.mitre.org/techniques/T1001/003" }, { "technique_id": "T1003", "technique": "OS Credential Dumping", "url": "https://attack.mitre.org/techniques/T1003", "tactic": [ "Credential Access" ] }, { "technique_id": "T1003.001", "technique": "OS Credential Dumping : LSASS Memory", "url": "https://attack.mitre.org/techniques/T1003/001" }, { "technique_id": "T1003.002", "technique": "OS Credential Dumping : Security Account Manager", "url": "https://attack.mitre.org/techniques/T1003/002" }, { "technique_id": "T1003.003", "technique": "OS Credential Dumping : NTDS", "url": "https://attack.mitre.org/techniques/T1003/003" }, { "technique_id": "T1003.004", "technique": "OS Credential Dumping : LSA Secrets", "url": "https://attack.mitre.org/techniques/T1003/004" }, { "technique_id": "T1003.005", "technique": "OS Credential Dumping : Cached Domain Credentials", "url": "https://attack.mitre.org/techniques/T1003/005" }, { "technique_id": "T1003.006", "technique": "OS Credential Dumping : DCSync", "url": "https://attack.mitre.org/techniques/T1003/006" }, { "technique_id": "T1003.007", "technique": "OS Credential Dumping : Proc Filesystem", "url": "https://attack.mitre.org/techniques/T1003/007" }, { "technique_id": "T1003.008", "technique": "OS Credential Dumping : /etc/passwd and /etc/shadow", "url": "https://attack.mitre.org/techniques/T1003/008" }, { "technique_id": "T1005", "technique": "Data from Local System", "url": "https://attack.mitre.org/techniques/T1005", "tactic": [ "Collection" ] }, { "technique_id": "T1006", "technique": "Direct Volume Access", "url": "https://attack.mitre.org/techniques/T1006", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1007", "technique": "System Service Discovery", "url": "https://attack.mitre.org/techniques/T1007", "tactic": [ "Discovery" ] }, { "technique_id": "T1008", "technique": "Fallback Channels", "url": "https://attack.mitre.org/techniques/T1008", "tactic": [ "Command and Control" ] }, { "technique_id": "T1010", "technique": "Application Window Discovery", "url": "https://attack.mitre.org/techniques/T1010", "tactic": [ "Discovery" ] }, { "technique_id": "T1011", "technique": "Exfiltration Over Other Network Medium", "url": "https://attack.mitre.org/techniques/T1011", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1011.001", "technique": "Exfiltration Over Other Network Medium : Exfiltration Over Bluetooth", "url": "https://attack.mitre.org/techniques/T1011/001" }, { "technique_id": "T1012", "technique": "Query Registry", "url": "https://attack.mitre.org/techniques/T1012", "tactic": [ "Discovery" ] }, { "technique_id": "T1014", "technique": "Rootkit", "url": "https://attack.mitre.org/techniques/T1014", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1016", "technique": "System Network Configuration Discovery", "url": "https://attack.mitre.org/techniques/T1016", "tactic": [ "Discovery" ] }, { "technique_id": "T1018", "technique": "Remote System Discovery", "url": "https://attack.mitre.org/techniques/T1018", "tactic": [ "Discovery" ] }, { "technique_id": "T1020", "technique": "Automated Exfiltration", "url": "https://attack.mitre.org/techniques/T1020", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1021", "technique": "Remote Services", "url": "https://attack.mitre.org/techniques/T1021", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1021.001", "technique": "Remote Services : Remote Desktop Protocol", "url": "https://attack.mitre.org/techniques/T1021/001" }, { "technique_id": "T1021.002", "technique": "Remote Services : SMB/Windows Admin Shares", "url": "https://attack.mitre.org/techniques/T1021/002" }, { "technique_id": "T1021.003", "technique": "Remote Services : Distributed Component Object Model", "url": "https://attack.mitre.org/techniques/T1021/003" }, { "technique_id": "T1021.004", "technique": "Remote Services : SSH", "url": "https://attack.mitre.org/techniques/T1021/004" }, { "technique_id": "T1021.005", "technique": "Remote Services : VNC", "url": "https://attack.mitre.org/techniques/T1021/005" }, { "technique_id": "T1021.006", "technique": "Remote Services : Windows Remote Management", "url": "https://attack.mitre.org/techniques/T1021/006" }, { "technique_id": "T1025", "technique": "Data from Removable Media", "url": "https://attack.mitre.org/techniques/T1025", "tactic": [ "Collection" ] }, { "technique_id": "T1027", "technique": "Obfuscated Files or Information", "url": "https://attack.mitre.org/techniques/T1027", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1027.001", "technique": "Obfuscated Files or Information : Binary Padding", "url": "https://attack.mitre.org/techniques/T1027/001" }, { "technique_id": "T1027.002", "technique": "Obfuscated Files or Information : Software Packing", "url": "https://attack.mitre.org/techniques/T1027/002" }, { "technique_id": "T1027.003", "technique": "Obfuscated Files or Information : Steganography", "url": "https://attack.mitre.org/techniques/T1027/003" }, { "technique_id": "T1027.004", "technique": "Obfuscated Files or Information : Compile After Delivery", "url": "https://attack.mitre.org/techniques/T1027/004" }, { "technique_id": "T1027.005", "technique": "Obfuscated Files or Information : Indicator Removal from Tools", "url": "https://attack.mitre.org/techniques/T1027/005" }, { "technique_id": "T1029", "technique": "Scheduled Transfer", "url": "https://attack.mitre.org/techniques/T1029", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1030", "technique": "Data Transfer Size Limits", "url": "https://attack.mitre.org/techniques/T1030", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1033", "technique": "System Owner/User Discovery", "url": "https://attack.mitre.org/techniques/T1033", "tactic": [ "Discovery" ] }, { "technique_id": "T1036", "technique": "Masquerading", "url": "https://attack.mitre.org/techniques/T1036", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1036.001", "technique": "Masquerading : Invalid Code Signature", "url": "https://attack.mitre.org/techniques/T1036/001" }, { "technique_id": "T1036.002", "technique": "Masquerading : Right-to-Left Override", "url": "https://attack.mitre.org/techniques/T1036/002" }, { "technique_id": "T1036.003", "technique": "Masquerading : Rename System Utilities", "url": "https://attack.mitre.org/techniques/T1036/003" }, { "technique_id": "T1036.004", "technique": "Masquerading : Masquerade Task or Service", "url": "https://attack.mitre.org/techniques/T1036/004" }, { "technique_id": "T1036.005", "technique": "Masquerading : Match Legitimate Name or Location", "url": "https://attack.mitre.org/techniques/T1036/005" }, { "technique_id": "T1036.006", "technique": "Masquerading : Space after Filename", "url": "https://attack.mitre.org/techniques/T1036/006" }, { "technique_id": "T1037", "technique": "Boot or Logon Initialization Scripts", "url": "https://attack.mitre.org/techniques/T1037", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1037.001", "technique": "Boot or Logon Initialization Scripts : Logon Script (Windows)", "url": "https://attack.mitre.org/techniques/T1037/001" }, { "technique_id": "T1037.002", "technique": "Boot or Logon Initialization Scripts : Logon Script (Mac)", "url": "https://attack.mitre.org/techniques/T1037/002" }, { "technique_id": "T1037.003", "technique": "Boot or Logon Initialization Scripts : Network Logon Script", "url": "https://attack.mitre.org/techniques/T1037/003" }, { "technique_id": "T1037.004", "technique": "Boot or Logon Initialization Scripts : Rc.common", "url": "https://attack.mitre.org/techniques/T1037/004" }, { "technique_id": "T1037.005", "technique": "Boot or Logon Initialization Scripts : Startup Items", "url": "https://attack.mitre.org/techniques/T1037/005" }, { "technique_id": "T1039", "technique": "Data from Network Shared Drive", "url": "https://attack.mitre.org/techniques/T1039", "tactic": [ "Collection" ] }, { "technique_id": "T1040", "technique": "Network Sniffing", "url": "https://attack.mitre.org/techniques/T1040", "tactic": [ "Credential Access", "Discovery" ] }, { "technique_id": "T1041", "technique": "Exfiltration Over C2 Channel", "url": "https://attack.mitre.org/techniques/T1041", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1046", "technique": "Network Service Scanning", "url": "https://attack.mitre.org/techniques/T1046", "tactic": [ "Discovery" ] }, { "technique_id": "T1047", "technique": "Windows Management Instrumentation", "url": "https://attack.mitre.org/techniques/T1047", "tactic": [ "Execution" ] }, { "technique_id": "T1048", "technique": "Exfiltration Over Alternative Protocol", "url": "https://attack.mitre.org/techniques/T1048", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1048.001", "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "url": "https://attack.mitre.org/techniques/T1048/001" }, { "technique_id": "T1048.002", "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "url": "https://attack.mitre.org/techniques/T1048/002" }, { "technique_id": "T1048.003", "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "url": "https://attack.mitre.org/techniques/T1048/003" }, { "technique_id": "T1049", "technique": "System Network Connections Discovery", "url": "https://attack.mitre.org/techniques/T1049", "tactic": [ "Discovery" ] }, { "technique_id": "T1052", "technique": "Exfiltration Over Physical Medium", "url": "https://attack.mitre.org/techniques/T1052", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1052.001", "technique": "Exfiltration Over Physical Medium : Exfiltration over USB", "url": "https://attack.mitre.org/techniques/T1052/001" }, { "technique_id": "T1053", "technique": "Scheduled Task/Job", "url": "https://attack.mitre.org/techniques/T1053", "tactic": [ "Execution", "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1053.001", "technique": "Scheduled Task/Job : At (Linux)", "url": "https://attack.mitre.org/techniques/T1053/001" }, { "technique_id": "T1053.002", "technique": "Scheduled Task/Job : At (Windows)", "url": "https://attack.mitre.org/techniques/T1053/002" }, { "technique_id": "T1053.003", "technique": "Scheduled Task/Job : Cron", "url": "https://attack.mitre.org/techniques/T1053/003" }, { "technique_id": "T1053.004", "technique": "Scheduled Task/Job : Launchd", "url": "https://attack.mitre.org/techniques/T1053/004" }, { "technique_id": "T1053.005", "technique": "Scheduled Task/Job : Scheduled Task", "url": "https://attack.mitre.org/techniques/T1053/005" }, { "technique_id": "T1055", "technique": "Process Injection", "url": "https://attack.mitre.org/techniques/T1055", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1055.001", "technique": "Process Injection : Dynamic-link Library Injection", "url": "https://attack.mitre.org/techniques/T1055/001" }, { "technique_id": "T1055.002", "technique": "Process Injection : Portable Executable Injection", "url": "https://attack.mitre.org/techniques/T1055/002" }, { "technique_id": "T1055.003", "technique": "Process Injection : Thread Execution Hijacking", "url": "https://attack.mitre.org/techniques/T1055/003" }, { "technique_id": "T1055.004", "technique": "Process Injection : Asynchronous Procedure Call", "url": "https://attack.mitre.org/techniques/T1055/004" }, { "technique_id": "T1055.005", "technique": "Process Injection : Thread Local Storage", "url": "https://attack.mitre.org/techniques/T1055/005" }, { "technique_id": "T1055.008", "technique": "Process Injection : Ptrace System Calls", "url": "https://attack.mitre.org/techniques/T1055/008" }, { "technique_id": "T1055.009", "technique": "Process Injection : Proc Memory", "url": "https://attack.mitre.org/techniques/T1055/009" }, { "technique_id": "T1055.011", "technique": "Process Injection : Extra Window Memory Injection", "url": "https://attack.mitre.org/techniques/T1055/011" }, { "technique_id": "T1055.012", "technique": "Process Injection : Process Hollowing", "url": "https://attack.mitre.org/techniques/T1055/012" }, { "technique_id": "T1055.013", "technique": "Process Injection : Process Doppelg\u00e4nging", "url": "https://attack.mitre.org/techniques/T1055/013" }, { "technique_id": "T1055.014", "technique": "Process Injection : VDSO Hijacking", "url": "https://attack.mitre.org/techniques/T1055/014" }, { "technique_id": "T1056", "technique": "Input Capture", "url": "https://attack.mitre.org/techniques/T1056", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1056.001", "technique": "Input Capture : Keylogging", "url": "https://attack.mitre.org/techniques/T1056/001" }, { "technique_id": "T1056.002", "technique": "Input Capture : GUI Input Capture", "url": "https://attack.mitre.org/techniques/T1056/002" }, { "technique_id": "T1056.003", "technique": "Input Capture : Web Portal Capture", "url": "https://attack.mitre.org/techniques/T1056/003" }, { "technique_id": "T1056.004", "technique": "Input Capture : Credential API Hooking", "url": "https://attack.mitre.org/techniques/T1056/004" }, { "technique_id": "T1057", "technique": "Process Discovery", "url": "https://attack.mitre.org/techniques/T1057", "tactic": [ "Discovery" ] }, { "technique_id": "T1059", "technique": "Command and Scripting Interpreter", "url": "https://attack.mitre.org/techniques/T1059", "tactic": [ "Execution" ] }, { "technique_id": "T1059.001", "technique": "Command and Scripting Interpreter : PowerShell", "url": "https://attack.mitre.org/techniques/T1059/001" }, { "technique_id": "T1059.002", "technique": "Command and Scripting Interpreter : AppleScript", "url": "https://attack.mitre.org/techniques/T1059/002" }, { "technique_id": "T1059.003", "technique": "Command and Scripting Interpreter : Windows Command Shell", "url": "https://attack.mitre.org/techniques/T1059/003" }, { "technique_id": "T1059.004", "technique": "Command and Scripting Interpreter : Unix Shell", "url": "https://attack.mitre.org/techniques/T1059/004" }, { "technique_id": "T1059.005", "technique": "Command and Scripting Interpreter : Visual Basic", "url": "https://attack.mitre.org/techniques/T1059/005" }, { "technique_id": "T1059.006", "technique": "Command and Scripting Interpreter : Python", "url": "https://attack.mitre.org/techniques/T1059/006" }, { "technique_id": "T1059.007", "technique": "Command and Scripting Interpreter : JavaScript/JScript", "url": "https://attack.mitre.org/techniques/T1059/007" }, { "technique_id": "T1068", "technique": "Exploitation for Privilege Escalation", "url": "https://attack.mitre.org/techniques/T1068", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1069", "technique": "Permission Groups Discovery", "url": "https://attack.mitre.org/techniques/T1069", "tactic": [ "Discovery" ] }, { "technique_id": "T1069.001", "technique": "Permission Groups Discovery : Local Groups", "url": "https://attack.mitre.org/techniques/T1069/001" }, { "technique_id": "T1069.002", "technique": "Permission Groups Discovery : Domain Groups", "url": "https://attack.mitre.org/techniques/T1069/002" }, { "technique_id": "T1069.003", "technique": "Permission Groups Discovery : Cloud Groups", "url": "https://attack.mitre.org/techniques/T1069/003" }, { "technique_id": "T1070", "technique": "Indicator Removal on Host", "url": "https://attack.mitre.org/techniques/T1070", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1070.001", "technique": "Indicator Removal on Host : Clear Windows Event Logs", "url": "https://attack.mitre.org/techniques/T1070/001" }, { "technique_id": "T1070.002", "technique": "Indicator Removal on Host : Clear Linux or Mac System Logs", "url": "https://attack.mitre.org/techniques/T1070/002" }, { "technique_id": "T1070.003", "technique": "Indicator Removal on Host : Clear Command History", "url": "https://attack.mitre.org/techniques/T1070/003" }, { "technique_id": "T1070.004", "technique": "Indicator Removal on Host : File Deletion", "url": "https://attack.mitre.org/techniques/T1070/004" }, { "technique_id": "T1070.005", "technique": "Indicator Removal on Host : Network Share Connection Removal", "url": "https://attack.mitre.org/techniques/T1070/005" }, { "technique_id": "T1070.006", "technique": "Indicator Removal on Host : Timestomp", "url": "https://attack.mitre.org/techniques/T1070/006" }, { "technique_id": "T1071", "technique": "Application Layer Protocol", "url": "https://attack.mitre.org/techniques/T1071", "tactic": [ "Command and Control" ] }, { "technique_id": "T1071.001", "technique": "Application Layer Protocol : Web Protocols", "url": "https://attack.mitre.org/techniques/T1071/001" }, { "technique_id": "T1071.002", "technique": "Application Layer Protocol : File Transfer Protocols", "url": "https://attack.mitre.org/techniques/T1071/002" }, { "technique_id": "T1071.003", "technique": "Application Layer Protocol : Mail Protocols", "url": "https://attack.mitre.org/techniques/T1071/003" }, { "technique_id": "T1071.004", "technique": "Application Layer Protocol : DNS", "url": "https://attack.mitre.org/techniques/T1071/004" }, { "technique_id": "T1072", "technique": "Software Deployment Tools", "url": "https://attack.mitre.org/techniques/T1072", "tactic": [ "Execution", "Lateral Movement" ] }, { "technique_id": "T1074", "technique": "Data Staged", "url": "https://attack.mitre.org/techniques/T1074", "tactic": [ "Collection" ] }, { "technique_id": "T1074.001", "technique": "Data Staged : Local Data Staging", "url": "https://attack.mitre.org/techniques/T1074/001" }, { "technique_id": "T1074.002", "technique": "Data Staged : Remote Data Staging", "url": "https://attack.mitre.org/techniques/T1074/002" }, { "technique_id": "T1078", "technique": "Valid Accounts", "url": "https://attack.mitre.org/techniques/T1078", "tactic": [ "Defense Evasion", "Persistence", "Privilege Escalation", "Initial Access" ] }, { "technique_id": "T1078.001", "technique": "Valid Accounts : Default Accounts", "url": "https://attack.mitre.org/techniques/T1078/001" }, { "technique_id": "T1078.002", "technique": "Valid Accounts : Domain Accounts", "url": "https://attack.mitre.org/techniques/T1078/002" }, { "technique_id": "T1078.003", "technique": "Valid Accounts : Local Accounts", "url": "https://attack.mitre.org/techniques/T1078/003" }, { "technique_id": "T1078.004", "technique": "Valid Accounts : Cloud Accounts", "url": "https://attack.mitre.org/techniques/T1078/004" }, { "technique_id": "T1080", "technique": "Taint Shared Content", "url": "https://attack.mitre.org/techniques/T1080", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1082", "technique": "System Information Discovery", "url": "https://attack.mitre.org/techniques/T1082", "tactic": [ "Discovery" ] }, { "technique_id": "T1083", "technique": "File and Directory Discovery", "url": "https://attack.mitre.org/techniques/T1083", "tactic": [ "Discovery" ] }, { "technique_id": "T1087", "technique": "Account Discovery", "url": "https://attack.mitre.org/techniques/T1087", "tactic": [ "Discovery" ] }, { "technique_id": "T1087.001", "technique": "Account Discovery : Local Account", "url": "https://attack.mitre.org/techniques/T1087/001" }, { "technique_id": "T1087.002", "technique": "Account Discovery : Domain Account", "url": "https://attack.mitre.org/techniques/T1087/002" }, { "technique_id": "T1087.003", "technique": "Account Discovery : Email Account", "url": "https://attack.mitre.org/techniques/T1087/003" }, { "technique_id": "T1087.004", "technique": "Account Discovery : Cloud Account", "url": "https://attack.mitre.org/techniques/T1087/004" }, { "technique_id": "T1090", "technique": "Proxy", "url": "https://attack.mitre.org/techniques/T1090", "tactic": [ "Command and Control" ] }, { "technique_id": "T1090.001", "technique": "Proxy : Internal Proxy", "url": "https://attack.mitre.org/techniques/T1090/001" }, { "technique_id": "T1090.002", "technique": "Proxy : External Proxy", "url": "https://attack.mitre.org/techniques/T1090/002" }, { "technique_id": "T1090.003", "technique": "Proxy : Multi-hop Proxy", "url": "https://attack.mitre.org/techniques/T1090/003" }, { "technique_id": "T1090.004", "technique": "Proxy : Domain Fronting", "url": "https://attack.mitre.org/techniques/T1090/004" }, { "technique_id": "T1091", "technique": "Replication Through Removable Media", "url": "https://attack.mitre.org/techniques/T1091", "tactic": [ "Lateral Movement", "Initial Access" ] }, { "technique_id": "T1092", "technique": "Communication Through Removable Media", "url": "https://attack.mitre.org/techniques/T1092", "tactic": [ "Command and Control" ] }, { "technique_id": "T1095", "technique": "Non-Application Layer Protocol", "url": "https://attack.mitre.org/techniques/T1095", "tactic": [ "Command and Control" ] }, { "technique_id": "T1098", "technique": "Account Manipulation", "url": "https://attack.mitre.org/techniques/T1098", "tactic": [ "Persistence" ] }, { "technique_id": "T1098.001", "technique": "Account Manipulation : Additional Azure Service Principal Credentials", "url": "https://attack.mitre.org/techniques/T1098/001" }, { "technique_id": "T1098.002", "technique": "Account Manipulation : Exchange Email Delegate Permissions", "url": "https://attack.mitre.org/techniques/T1098/002" }, { "technique_id": "T1098.003", "technique": "Account Manipulation : Add Office 365 Global Administrator Role", "url": "https://attack.mitre.org/techniques/T1098/003" }, { "technique_id": "T1098.004", "technique": "Account Manipulation : SSH Authorized Keys", "url": "https://attack.mitre.org/techniques/T1098/004" }, { "technique_id": "T1102", "technique": "Web Service", "url": "https://attack.mitre.org/techniques/T1102", "tactic": [ "Command and Control" ] }, { "technique_id": "T1102.001", "technique": "Web Service : Dead Drop Resolver", "url": "https://attack.mitre.org/techniques/T1102/001" }, { "technique_id": "T1102.002", "technique": "Web Service : Bidirectional Communication", "url": "https://attack.mitre.org/techniques/T1102/002" }, { "technique_id": "T1102.003", "technique": "Web Service : One-Way Communication", "url": "https://attack.mitre.org/techniques/T1102/003" }, { "technique_id": "T1104", "technique": "Multi-Stage Channels", "url": "https://attack.mitre.org/techniques/T1104", "tactic": [ "Command and Control" ] }, { "technique_id": "T1105", "technique": "Ingress Tool Transfer", "url": "https://attack.mitre.org/techniques/T1105", "tactic": [ "Command and Control" ] }, { "technique_id": "T1106", "technique": "Native API", "url": "https://attack.mitre.org/techniques/T1106", "tactic": [ "Execution" ] }, { "technique_id": "T1110", "technique": "Brute Force", "url": "https://attack.mitre.org/techniques/T1110", "tactic": [ "Credential Access" ] }, { "technique_id": "T1110.001", "technique": "Brute Force : Password Guessing", "url": "https://attack.mitre.org/techniques/T1110/001" }, { "technique_id": "T1110.002", "technique": "Brute Force : Password Cracking", "url": "https://attack.mitre.org/techniques/T1110/002" }, { "technique_id": "T1110.003", "technique": "Brute Force : Password Spraying", "url": "https://attack.mitre.org/techniques/T1110/003" }, { "technique_id": "T1110.004", "technique": "Brute Force : Credential Stuffing", "url": "https://attack.mitre.org/techniques/T1110/004" }, { "technique_id": "T1111", "technique": "Two-Factor Authentication Interception", "url": "https://attack.mitre.org/techniques/T1111", "tactic": [ "Credential Access" ] }, { "technique_id": "T1112", "technique": "Modify Registry", "url": "https://attack.mitre.org/techniques/T1112", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1113", "technique": "Screen Capture", "url": "https://attack.mitre.org/techniques/T1113", "tactic": [ "Collection" ] }, { "technique_id": "T1114", "technique": "Email Collection", "url": "https://attack.mitre.org/techniques/T1114", "tactic": [ "Collection" ] }, { "technique_id": "T1114.001", "technique": "Email Collection : Local Email Collection", "url": "https://attack.mitre.org/techniques/T1114/001" }, { "technique_id": "T1114.002", "technique": "Email Collection : Remote Email Collection", "url": "https://attack.mitre.org/techniques/T1114/002" }, { "technique_id": "T1114.003", "technique": "Email Collection : Email Forwarding Rule", "url": "https://attack.mitre.org/techniques/T1114/003" }, { "technique_id": "T1115", "technique": "Clipboard Data", "url": "https://attack.mitre.org/techniques/T1115", "tactic": [ "Collection" ] }, { "technique_id": "T1119", "technique": "Automated Collection", "url": "https://attack.mitre.org/techniques/T1119", "tactic": [ "Collection" ] }, { "technique_id": "T1120", "technique": "Peripheral Device Discovery", "url": "https://attack.mitre.org/techniques/T1120", "tactic": [ "Discovery" ] }, { "technique_id": "T1123", "technique": "Audio Capture", "url": "https://attack.mitre.org/techniques/T1123", "tactic": [ "Collection" ] }, { "technique_id": "T1124", "technique": "System Time Discovery", "url": "https://attack.mitre.org/techniques/T1124", "tactic": [ "Discovery" ] }, { "technique_id": "T1125", "technique": "Video Capture", "url": "https://attack.mitre.org/techniques/T1125", "tactic": [ "Collection" ] }, { "technique_id": "T1127", "technique": "Trusted Developer Utilities Proxy Execution", "url": "https://attack.mitre.org/techniques/T1127", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1127.001", "technique": "Trusted Developer Utilities Proxy Execution : MSBuild", "url": "https://attack.mitre.org/techniques/T1127/001" }, { "technique_id": "T1129", "technique": "Shared Modules", "url": "https://attack.mitre.org/techniques/T1129", "tactic": [ "Execution" ] }, { "technique_id": "T1132", "technique": "Data Encoding", "url": "https://attack.mitre.org/techniques/T1132", "tactic": [ "Command and Control" ] }, { "technique_id": "T1132.001", "technique": "Data Encoding : Standard Encoding", "url": "https://attack.mitre.org/techniques/T1132/001" }, { "technique_id": "T1132.002", "technique": "Data Encoding : Non-Standard Encoding", "url": "https://attack.mitre.org/techniques/T1132/002" }, { "technique_id": "T1133", "technique": "External Remote Services", "url": "https://attack.mitre.org/techniques/T1133", "tactic": [ "Persistence", "Initial Access" ] }, { "technique_id": "T1134", "technique": "Access Token Manipulation", "url": "https://attack.mitre.org/techniques/T1134", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1134.001", "technique": "Access Token Manipulation : Token Impersonation/Theft", "url": "https://attack.mitre.org/techniques/T1134/001" }, { "technique_id": "T1134.002", "technique": "Access Token Manipulation : Create Process with Token", "url": "https://attack.mitre.org/techniques/T1134/002" }, { "technique_id": "T1134.003", "technique": "Access Token Manipulation : Make and Impersonate Token", "url": "https://attack.mitre.org/techniques/T1134/003" }, { "technique_id": "T1134.004", "technique": "Access Token Manipulation : Parent PID Spoofing", "url": "https://attack.mitre.org/techniques/T1134/004" }, { "technique_id": "T1134.005", "technique": "Access Token Manipulation : SID-History Injection", "url": "https://attack.mitre.org/techniques/T1134/005" }, { "technique_id": "T1135", "technique": "Network Share Discovery", "url": "https://attack.mitre.org/techniques/T1135", "tactic": [ "Discovery" ] }, { "technique_id": "T1136", "technique": "Create Account", "url": "https://attack.mitre.org/techniques/T1136", "tactic": [ "Persistence" ] }, { "technique_id": "T1136.001", "technique": "Create Account : Local Account", "url": "https://attack.mitre.org/techniques/T1136/001" }, { "technique_id": "T1136.002", "technique": "Create Account : Domain Account", "url": "https://attack.mitre.org/techniques/T1136/002" }, { "technique_id": "T1136.003", "technique": "Create Account : Cloud Account", "url": "https://attack.mitre.org/techniques/T1136/003" }, { "technique_id": "T1137", "technique": "Office Application Startup", "url": "https://attack.mitre.org/techniques/T1137", "tactic": [ "Persistence" ] }, { "technique_id": "T1137.001", "technique": "Office Application Startup : Office Template Macros", "url": "https://attack.mitre.org/techniques/T1137/001" }, { "technique_id": "T1137.002", "technique": "Office Application Startup : Office Test", "url": "https://attack.mitre.org/techniques/T1137/002" }, { "technique_id": "T1137.003", "technique": "Office Application Startup : Outlook Forms", "url": "https://attack.mitre.org/techniques/T1137/003" }, { "technique_id": "T1137.004", "technique": "Office Application Startup : Outlook Home Page", "url": "https://attack.mitre.org/techniques/T1137/004" }, { "technique_id": "T1137.005", "technique": "Office Application Startup : Outlook Rules", "url": "https://attack.mitre.org/techniques/T1137/005" }, { "technique_id": "T1137.006", "technique": "Office Application Startup : Add-ins", "url": "https://attack.mitre.org/techniques/T1137/006" }, { "technique_id": "T1140", "technique": "Deobfuscate/Decode Files or Information", "url": "https://attack.mitre.org/techniques/T1140", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1176", "technique": "Browser Extensions", "url": "https://attack.mitre.org/techniques/T1176", "tactic": [ "Persistence" ] }, { "technique_id": "T1185", "technique": "Man in the Browser", "url": "https://attack.mitre.org/techniques/T1185", "tactic": [ "Collection" ] }, { "technique_id": "T1187", "technique": "Forced Authentication", "url": "https://attack.mitre.org/techniques/T1187", "tactic": [ "Credential Access" ] }, { "technique_id": "T1189", "technique": "Drive-by Compromise", "url": "https://attack.mitre.org/techniques/T1189", "tactic": [ "Initial Access" ] }, { "technique_id": "T1190", "technique": "Exploit Public-Facing Application", "url": "https://attack.mitre.org/techniques/T1190", "tactic": [ "Initial Access" ] }, { "technique_id": "T1195", "technique": "Supply Chain Compromise", "url": "https://attack.mitre.org/techniques/T1195", "tactic": [ "Initial Access" ] }, { "technique_id": "T1195.001", "technique": "Supply Chain Compromise : Compromise Software Dependencies and Development Tools", "url": "https://attack.mitre.org/techniques/T1195/001" }, { "technique_id": "T1195.002", "technique": "Supply Chain Compromise : Compromise Software Supply Chain", "url": "https://attack.mitre.org/techniques/T1195/002" }, { "technique_id": "T1195.003", "technique": "Supply Chain Compromise : Compromise Hardware Supply Chain", "url": "https://attack.mitre.org/techniques/T1195/003" }, { "technique_id": "T1197", "technique": "BITS Jobs", "url": "https://attack.mitre.org/techniques/T1197", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1199", "technique": "Trusted Relationship", "url": "https://attack.mitre.org/techniques/T1199", "tactic": [ "Initial Access" ] }, { "technique_id": "T1200", "technique": "Hardware Additions", "url": "https://attack.mitre.org/techniques/T1200", "tactic": [ "Initial Access" ] }, { "technique_id": "T1201", "technique": "Password Policy Discovery", "url": "https://attack.mitre.org/techniques/T1201", "tactic": [ "Discovery" ] }, { "technique_id": "T1202", "technique": "Indirect Command Execution", "url": "https://attack.mitre.org/techniques/T1202", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1203", "technique": "Exploitation for Client Execution", "url": "https://attack.mitre.org/techniques/T1203", "tactic": [ "Execution" ] }, { "technique_id": "T1204", "technique": "User Execution", "url": "https://attack.mitre.org/techniques/T1204", "tactic": [ "Execution" ] }, { "technique_id": "T1204.001", "technique": "User Execution : Malicious Link", "url": "https://attack.mitre.org/techniques/T1204/001" }, { "technique_id": "T1204.002", "technique": "User Execution : Malicious File", "url": "https://attack.mitre.org/techniques/T1204/002" }, { "technique_id": "T1205", "technique": "Traffic Signaling", "url": "https://attack.mitre.org/techniques/T1205", "tactic": [ "Defense Evasion", "Persistence", "Command and Control" ] }, { "technique_id": "T1205.001", "technique": "Traffic Signaling : Port Knocking", "url": "https://attack.mitre.org/techniques/T1205/001" }, { "technique_id": "T1207", "technique": "Rogue Domain Controller", "url": "https://attack.mitre.org/techniques/T1207", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1210", "technique": "Exploitation of Remote Services", "url": "https://attack.mitre.org/techniques/T1210", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1211", "technique": "Exploitation for Defense Evasion", "url": "https://attack.mitre.org/techniques/T1211", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1212", "technique": "Exploitation for Credential Access", "url": "https://attack.mitre.org/techniques/T1212", "tactic": [ "Credential Access" ] }, { "technique_id": "T1213", "technique": "Data from Information Repositories", "url": "https://attack.mitre.org/techniques/T1213", "tactic": [ "Collection" ] }, { "technique_id": "T1213.001", "technique": "Data from Information Repositories : Confluence", "url": "https://attack.mitre.org/techniques/T1213/001" }, { "technique_id": "T1213.002", "technique": "Data from Information Repositories : Sharepoint", "url": "https://attack.mitre.org/techniques/T1213/002" }, { "technique_id": "T1216", "technique": "Signed Script Proxy Execution", "url": "https://attack.mitre.org/techniques/T1216", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1216.001", "technique": "Signed Script Proxy Execution : PubPrn", "url": "https://attack.mitre.org/techniques/T1216/001" }, { "technique_id": "T1217", "technique": "Browser Bookmark Discovery", "url": "https://attack.mitre.org/techniques/T1217", "tactic": [ "Discovery" ] }, { "technique_id": "T1218", "technique": "Signed Binary Proxy Execution", "url": "https://attack.mitre.org/techniques/T1218", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1218.001", "technique": "Signed Binary Proxy Execution : Compiled HTML File", "url": "https://attack.mitre.org/techniques/T1218/001" }, { "technique_id": "T1218.002", "technique": "Signed Binary Proxy Execution : Control Panel", "url": "https://attack.mitre.org/techniques/T1218/002" }, { "technique_id": "T1218.003", "technique": "Signed Binary Proxy Execution : CMSTP", "url": "https://attack.mitre.org/techniques/T1218/003" }, { "technique_id": "T1218.004", "technique": "Signed Binary Proxy Execution : InstallUtil", "url": "https://attack.mitre.org/techniques/T1218/004" }, { "technique_id": "T1218.005", "technique": "Signed Binary Proxy Execution : Mshta", "url": "https://attack.mitre.org/techniques/T1218/005" }, { "technique_id": "T1218.007", "technique": "Signed Binary Proxy Execution : Msiexec", "url": "https://attack.mitre.org/techniques/T1218/007" }, { "technique_id": "T1218.008", "technique": "Signed Binary Proxy Execution : Odbcconf", "url": "https://attack.mitre.org/techniques/T1218/008" }, { "technique_id": "T1218.009", "technique": "Signed Binary Proxy Execution : Regsvcs/Regasm", "url": "https://attack.mitre.org/techniques/T1218/009" }, { "technique_id": "T1218.010", "technique": "Signed Binary Proxy Execution : Regsvr32", "url": "https://attack.mitre.org/techniques/T1218/010" }, { "technique_id": "T1218.011", "technique": "Signed Binary Proxy Execution : Rundll32", "url": "https://attack.mitre.org/techniques/T1218/011" }, { "technique_id": "T1219", "technique": "Remote Access Software", "url": "https://attack.mitre.org/techniques/T1219", "tactic": [ "Command and Control" ] }, { "technique_id": "T1220", "technique": "XSL Script Processing", "url": "https://attack.mitre.org/techniques/T1220", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1221", "technique": "Template Injection", "url": "https://attack.mitre.org/techniques/T1221", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1222", "technique": "File and Directory Permissions Modification", "url": "https://attack.mitre.org/techniques/T1222", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1222.001", "technique": "File and Directory Permissions Modification : Windows File and Directory Permissions Modification", "url": "https://attack.mitre.org/techniques/T1222/001" }, { "technique_id": "T1222.002", "technique": "File and Directory Permissions Modification : Linux and Mac File and Directory Permissions Modification", "url": "https://attack.mitre.org/techniques/T1222/002" }, { "technique_id": "T1224", "technique": "Assess leadership areas of interest", "url": "https://attack.mitre.org/techniques/T1224", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1225", "technique": "Identify gap areas", "url": "https://attack.mitre.org/techniques/T1225", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1226", "technique": "Conduct cost/benefit analysis", "url": "https://attack.mitre.org/techniques/T1226", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1227", "technique": "Develop KITs/KIQs", "url": "https://attack.mitre.org/techniques/T1227", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1228", "technique": "Assign KITs/KIQs into categories", "url": "https://attack.mitre.org/techniques/T1228", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1229", "technique": "Assess KITs/KIQs benefits", "url": "https://attack.mitre.org/techniques/T1229", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1230", "technique": "Derive intelligence requirements", "url": "https://attack.mitre.org/techniques/T1230", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1231", "technique": "Create strategic plan", "url": "https://attack.mitre.org/techniques/T1231", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1232", "technique": "Create implementation plan", "url": "https://attack.mitre.org/techniques/T1232", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1233", "technique": "Identify analyst level gaps", "url": "https://attack.mitre.org/techniques/T1233", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1234", "technique": "Generate analyst intelligence requirements", "url": "https://attack.mitre.org/techniques/T1234", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1235", "technique": "Receive operator KITs/KIQs tasking", "url": "https://attack.mitre.org/techniques/T1235", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1236", "technique": "Assess current holdings, needs, and wants", "url": "https://attack.mitre.org/techniques/T1236", "tactic": [ "Priority Definition Planning" ] }, { "technique_id": "T1237", "technique": "Submit KITs, KIQs, and intelligence requirements", "url": "https://attack.mitre.org/techniques/T1237", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1238", "technique": "Assign KITs, KIQs, and/or intelligence requirements", "url": "https://attack.mitre.org/techniques/T1238", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1239", "technique": "Receive KITs/KIQs and determine requirements", "url": "https://attack.mitre.org/techniques/T1239", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1240", "technique": "Task requirements", "url": "https://attack.mitre.org/techniques/T1240", "tactic": [ "Priority Definition Direction" ] }, { "technique_id": "T1241", "technique": "Determine strategic target", "url": "https://attack.mitre.org/techniques/T1241", "tactic": [ "Target Selection" ] }, { "technique_id": "T1242", "technique": "Determine operational element", "url": "https://attack.mitre.org/techniques/T1242", "tactic": [ "Target Selection" ] }, { "technique_id": "T1243", "technique": "Determine highest level tactical element", "url": "https://attack.mitre.org/techniques/T1243", "tactic": [ "Target Selection" ] }, { "technique_id": "T1244", "technique": "Determine secondary level tactical element", "url": "https://attack.mitre.org/techniques/T1244", "tactic": [ "Target Selection" ] }, { "technique_id": "T1245", "technique": "Determine approach/attack vector", "url": "https://attack.mitre.org/techniques/T1245", "tactic": [ "Target Selection" ] }, { "technique_id": "T1246", "technique": "Identify supply chains", "url": "https://attack.mitre.org/techniques/T1246", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1247", "technique": "Acquire OSINT data sets and information", "url": "https://attack.mitre.org/techniques/T1247", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1248", "technique": "Identify job postings and needs/gaps", "url": "https://attack.mitre.org/techniques/T1248", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1249", "technique": "Conduct social engineering", "url": "https://attack.mitre.org/techniques/T1249", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1250", "technique": "Determine domain and IP address space", "url": "https://attack.mitre.org/techniques/T1250", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1251", "technique": "Obtain domain/IP registration information", "url": "https://attack.mitre.org/techniques/T1251", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1252", "technique": "Map network topology", "url": "https://attack.mitre.org/techniques/T1252", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1253", "technique": "Conduct passive scanning", "url": "https://attack.mitre.org/techniques/T1253", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1254", "technique": "Conduct active scanning", "url": "https://attack.mitre.org/techniques/T1254", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1255", "technique": "Discover target logon/email address format", "url": "https://attack.mitre.org/techniques/T1255", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1256", "technique": "Identify web defensive services", "url": "https://attack.mitre.org/techniques/T1256", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1257", "technique": "Mine technical blogs/forums", "url": "https://attack.mitre.org/techniques/T1257", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1258", "technique": "Determine firmware version", "url": "https://attack.mitre.org/techniques/T1258", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1259", "technique": "Determine external network trust dependencies", "url": "https://attack.mitre.org/techniques/T1259", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1260", "technique": "Determine 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1260", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1261", "technique": "Enumerate externally facing software applications technologies, languages, and dependencies", "url": "https://attack.mitre.org/techniques/T1261", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1262", "technique": "Enumerate client configurations", "url": "https://attack.mitre.org/techniques/T1262", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1263", "technique": "Identify security defensive capabilities", "url": "https://attack.mitre.org/techniques/T1263", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1264", "technique": "Identify technology usage patterns", "url": "https://attack.mitre.org/techniques/T1264", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1265", "technique": "Identify supply chains", "url": "https://attack.mitre.org/techniques/T1265", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1266", "technique": "Acquire OSINT data sets and information", "url": "https://attack.mitre.org/techniques/T1266", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1267", "technique": "Identify job postings and needs/gaps", "url": "https://attack.mitre.org/techniques/T1267", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1268", "technique": "Conduct social engineering", "url": "https://attack.mitre.org/techniques/T1268", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1269", "technique": "Identify people of interest", "url": "https://attack.mitre.org/techniques/T1269", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1270", "technique": "Identify groups/roles", "url": "https://attack.mitre.org/techniques/T1270", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1271", "technique": "Identify personnel with an authority/privilege", "url": "https://attack.mitre.org/techniques/T1271", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1272", "technique": "Identify business relationships", "url": "https://attack.mitre.org/techniques/T1272", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1273", "technique": "Mine social media", "url": "https://attack.mitre.org/techniques/T1273", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1274", "technique": "Identify sensitive personnel information", "url": "https://attack.mitre.org/techniques/T1274", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1275", "technique": "Aggregate individual's digital footprint", "url": "https://attack.mitre.org/techniques/T1275", "tactic": [ "People Information Gathering" ] }, { "technique_id": "T1276", "technique": "Identify supply chains", "url": "https://attack.mitre.org/techniques/T1276", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1277", "technique": "Acquire OSINT data sets and information", "url": "https://attack.mitre.org/techniques/T1277", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1278", "technique": "Identify job postings and needs/gaps", "url": "https://attack.mitre.org/techniques/T1278", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1279", "technique": "Conduct social engineering", "url": "https://attack.mitre.org/techniques/T1279", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1280", "technique": "Identify business processes/tempo", "url": "https://attack.mitre.org/techniques/T1280", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1281", "technique": "Obtain templates/branding materials", "url": "https://attack.mitre.org/techniques/T1281", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1282", "technique": "Determine physical locations", "url": "https://attack.mitre.org/techniques/T1282", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1283", "technique": "Identify business relationships", "url": "https://attack.mitre.org/techniques/T1283", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1284", "technique": "Determine 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1284", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1285", "technique": "Determine centralization of IT management", "url": "https://attack.mitre.org/techniques/T1285", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1286", "technique": "Dumpster dive", "url": "https://attack.mitre.org/techniques/T1286", "tactic": [ "Organizational Information Gathering" ] }, { "technique_id": "T1287", "technique": "Analyze data collected", "url": "https://attack.mitre.org/techniques/T1287", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1288", "technique": "Analyze architecture and configuration posture", "url": "https://attack.mitre.org/techniques/T1288", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1289", "technique": "Analyze organizational skillsets and deficiencies", "url": "https://attack.mitre.org/techniques/T1289", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1290", "technique": "Research visibility gap of security vendors", "url": "https://attack.mitre.org/techniques/T1290", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1291", "technique": "Research relevant vulnerabilities/CVEs", "url": "https://attack.mitre.org/techniques/T1291", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1292", "technique": "Test signature detection", "url": "https://attack.mitre.org/techniques/T1292", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1293", "technique": "Analyze application security posture", "url": "https://attack.mitre.org/techniques/T1293", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1294", "technique": "Analyze hardware/software security defensive capabilities", "url": "https://attack.mitre.org/techniques/T1294", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1295", "technique": "Analyze social and business relationships, interests, and affiliations", "url": "https://attack.mitre.org/techniques/T1295", "tactic": [ "People Weakness Identification" ] }, { "technique_id": "T1296", "technique": "Assess targeting options", "url": "https://attack.mitre.org/techniques/T1296", "tactic": [ "People Weakness Identification" ] }, { "technique_id": "T1297", "technique": "Analyze organizational skillsets and deficiencies", "url": "https://attack.mitre.org/techniques/T1297", "tactic": [ "People Weakness Identification" ] }, { "technique_id": "T1298", "technique": "Assess vulnerability of 3rd party vendors", "url": "https://attack.mitre.org/techniques/T1298", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1299", "technique": "Assess opportunities created by business deals", "url": "https://attack.mitre.org/techniques/T1299", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1300", "technique": "Analyze organizational skillsets and deficiencies", "url": "https://attack.mitre.org/techniques/T1300", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1301", "technique": "Analyze business processes", "url": "https://attack.mitre.org/techniques/T1301", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1302", "technique": "Assess security posture of physical locations", "url": "https://attack.mitre.org/techniques/T1302", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1303", "technique": "Analyze presence of outsourced capabilities", "url": "https://attack.mitre.org/techniques/T1303", "tactic": [ "Organizational Weakness Identification" ] }, { "technique_id": "T1304", "technique": "Proxy/protocol relays", "url": "https://attack.mitre.org/techniques/T1304", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1305", "technique": "Private whois services", "url": "https://attack.mitre.org/techniques/T1305", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1306", "technique": "Anonymity services", "url": "https://attack.mitre.org/techniques/T1306", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1307", "technique": "Acquire and/or use 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1307", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1308", "technique": "Acquire and/or use 3rd party software services", "url": "https://attack.mitre.org/techniques/T1308", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1309", "technique": "Obfuscate infrastructure", "url": "https://attack.mitre.org/techniques/T1309", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1310", "technique": "Acquire or compromise 3rd party signing certificates", "url": "https://attack.mitre.org/techniques/T1310", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1311", "technique": "Dynamic DNS", "url": "https://attack.mitre.org/techniques/T1311", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1312", "technique": "Compromise 3rd party infrastructure to support delivery", "url": "https://attack.mitre.org/techniques/T1312", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1313", "technique": "Obfuscation or cryptography", "url": "https://attack.mitre.org/techniques/T1313", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1314", "technique": "Host-based hiding techniques", "url": "https://attack.mitre.org/techniques/T1314", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1315", "technique": "Network-based hiding techniques", "url": "https://attack.mitre.org/techniques/T1315", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1316", "technique": "Non-traditional or less attributable payment options", "url": "https://attack.mitre.org/techniques/T1316", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1317", "technique": "Secure and protect infrastructure", "url": "https://attack.mitre.org/techniques/T1317", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1318", "technique": "Obfuscate operational infrastructure", "url": "https://attack.mitre.org/techniques/T1318", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1319", "technique": "Obfuscate or encrypt code", "url": "https://attack.mitre.org/techniques/T1319", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1320", "technique": "Data Hiding", "url": "https://attack.mitre.org/techniques/T1320", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1321", "technique": "Common, high volume protocols and software", "url": "https://attack.mitre.org/techniques/T1321", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1322", "technique": "Misattributable credentials", "url": "https://attack.mitre.org/techniques/T1322", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1326", "technique": "Domain registration hijacking", "url": "https://attack.mitre.org/techniques/T1326", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1327", "technique": "Use multiple DNS infrastructures", "url": "https://attack.mitre.org/techniques/T1327", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1328", "technique": "Buy domain name", "url": "https://attack.mitre.org/techniques/T1328", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1329", "technique": "Acquire and/or use 3rd party infrastructure services", "url": "https://attack.mitre.org/techniques/T1329", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1330", "technique": "Acquire and/or use 3rd party software services", "url": "https://attack.mitre.org/techniques/T1330", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1331", "technique": "Obfuscate infrastructure", "url": "https://attack.mitre.org/techniques/T1331", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1332", "technique": "Acquire or compromise 3rd party signing certificates", "url": "https://attack.mitre.org/techniques/T1332", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1333", "technique": "Dynamic DNS", "url": "https://attack.mitre.org/techniques/T1333", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1334", "technique": "Compromise 3rd party infrastructure to support delivery", "url": "https://attack.mitre.org/techniques/T1334", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1335", "technique": "Procure required equipment and software", "url": "https://attack.mitre.org/techniques/T1335", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1336", "technique": "Install and configure hardware, network, and systems", "url": "https://attack.mitre.org/techniques/T1336", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1337", "technique": "SSL certificate acquisition for domain", "url": "https://attack.mitre.org/techniques/T1337", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1338", "technique": "SSL certificate acquisition for trust breaking", "url": "https://attack.mitre.org/techniques/T1338", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1339", "technique": "Create backup infrastructure", "url": "https://attack.mitre.org/techniques/T1339", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1340", "technique": "Shadow DNS", "url": "https://attack.mitre.org/techniques/T1340", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1341", "technique": "Build social network persona", "url": "https://attack.mitre.org/techniques/T1341", "tactic": [ "Persona Development" ] }, { "technique_id": "T1342", "technique": "Develop social network persona digital footprint", "url": "https://attack.mitre.org/techniques/T1342", "tactic": [ "Persona Development" ] }, { "technique_id": "T1343", "technique": "Choose pre-compromised persona and affiliated accounts", "url": "https://attack.mitre.org/techniques/T1343", "tactic": [ "Persona Development" ] }, { "technique_id": "T1344", "technique": "Friend/Follow/Connect to targets of interest", "url": "https://attack.mitre.org/techniques/T1344", "tactic": [ "Persona Development" ] }, { "technique_id": "T1345", "technique": "Create custom payloads", "url": "https://attack.mitre.org/techniques/T1345", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1346", "technique": "Obtain/re-use payloads", "url": "https://attack.mitre.org/techniques/T1346", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1347", "technique": "Build and configure delivery systems", "url": "https://attack.mitre.org/techniques/T1347", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1348", "technique": "Identify resources required to build capabilities", "url": "https://attack.mitre.org/techniques/T1348", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1349", "technique": "Build or acquire exploits", "url": "https://attack.mitre.org/techniques/T1349", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1350", "technique": "Discover new exploits and monitor exploit-provider forums", "url": "https://attack.mitre.org/techniques/T1350", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1351", "technique": "Remote access tool development", "url": "https://attack.mitre.org/techniques/T1351", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1352", "technique": "C2 protocol development", "url": "https://attack.mitre.org/techniques/T1352", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1353", "technique": "Post compromise tool development", "url": "https://attack.mitre.org/techniques/T1353", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1354", "technique": "Compromise 3rd party or closed-source vulnerability/exploit information", "url": "https://attack.mitre.org/techniques/T1354", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1355", "technique": "Create infected removable media", "url": "https://attack.mitre.org/techniques/T1355", "tactic": [ "Build Capabilities" ] }, { "technique_id": "T1356", "technique": "Test callback functionality", "url": "https://attack.mitre.org/techniques/T1356", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1357", "technique": "Test malware in various execution environments", "url": "https://attack.mitre.org/techniques/T1357", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1358", "technique": "Review logs and residual traces", "url": "https://attack.mitre.org/techniques/T1358", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1359", "technique": "Test malware to evade detection", "url": "https://attack.mitre.org/techniques/T1359", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1360", "technique": "Test physical access", "url": "https://attack.mitre.org/techniques/T1360", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1361", "technique": "Test signature detection for file upload/email filters", "url": "https://attack.mitre.org/techniques/T1361", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1362", "technique": "Upload, install, and configure software/tools", "url": "https://attack.mitre.org/techniques/T1362", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1363", "technique": "Port redirector", "url": "https://attack.mitre.org/techniques/T1363", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1364", "technique": "Friend/Follow/Connect to targets of interest", "url": "https://attack.mitre.org/techniques/T1364", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1365", "technique": "Hardware or software supply chain implant", "url": "https://attack.mitre.org/techniques/T1365", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1379", "technique": "Disseminate removable media", "url": "https://attack.mitre.org/techniques/T1379", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1389", "technique": "Identify vulnerabilities in third-party software libraries", "url": "https://attack.mitre.org/techniques/T1389", "tactic": [ "Technical Weakness Identification" ] }, { "technique_id": "T1390", "technique": "OS-vendor provided communication channels", "url": "https://attack.mitre.org/techniques/T1390", "tactic": [ "Adversary OPSEC" ] }, { "technique_id": "T1391", "technique": "Choose pre-compromised mobile app developer account credentials or signing keys", "url": "https://attack.mitre.org/techniques/T1391", "tactic": [ "Persona Development" ] }, { "technique_id": "T1392", "technique": "Obtain Apple iOS enterprise distribution key pair and certificate", "url": "https://attack.mitre.org/techniques/T1392", "tactic": [ "Persona Development" ] }, { "technique_id": "T1393", "technique": "Test ability to evade automated mobile application security analysis performed by app stores", "url": "https://attack.mitre.org/techniques/T1393", "tactic": [ "Test Capabilities" ] }, { "technique_id": "T1394", "technique": "Distribute malicious software development tools", "url": "https://attack.mitre.org/techniques/T1394", "tactic": [ "Stage Capabilities" ] }, { "technique_id": "T1396", "technique": "Obtain booter/stressor subscription", "url": "https://attack.mitre.org/techniques/T1396", "tactic": [ "Establish & Maintain Infrastructure" ] }, { "technique_id": "T1397", "technique": "Spearphishing for Information", "url": "https://attack.mitre.org/techniques/T1397", "tactic": [ "Technical Information Gathering" ] }, { "technique_id": "T1398", "technique": "Modify OS Kernel or Boot Partition", "url": "https://attack.mitre.org/techniques/T1398", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1399", "technique": "Modify Trusted Execution Environment", "url": "https://attack.mitre.org/techniques/T1399", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1400", "technique": "Modify System Partition", "url": "https://attack.mitre.org/techniques/T1400", "tactic": [ "Defense Evasion", "Persistence", "Impact" ] }, { "technique_id": "T1401", "technique": "Abuse Device Administrator Access to Prevent Removal", "url": "https://attack.mitre.org/techniques/T1401", "tactic": [ "Persistence" ] }, { "technique_id": "T1402", "technique": "Broadcast Receivers", "url": "https://attack.mitre.org/techniques/T1402", "tactic": [ "Persistence", "Execution" ] }, { "technique_id": "T1403", "technique": "Modify Cached Executable Code", "url": "https://attack.mitre.org/techniques/T1403", "tactic": [ "Persistence" ] }, { "technique_id": "T1404", "technique": "Exploit OS Vulnerability", "url": "https://attack.mitre.org/techniques/T1404", "tactic": [ "Privilege Escalation" ] }, { "technique_id": "T1405", "technique": "Exploit TEE Vulnerability", "url": "https://attack.mitre.org/techniques/T1405", "tactic": [ "Credential Access", "Privilege Escalation" ] }, { "technique_id": "T1406", "technique": "Obfuscated Files or Information", "url": "https://attack.mitre.org/techniques/T1406", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1407", "technique": "Download New Code at Runtime", "url": "https://attack.mitre.org/techniques/T1407", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1408", "technique": "Disguise Root/Jailbreak Indicators", "url": "https://attack.mitre.org/techniques/T1408", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1409", "technique": "Access Stored Application Data", "url": "https://attack.mitre.org/techniques/T1409", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1410", "technique": "Network Traffic Capture or Redirection", "url": "https://attack.mitre.org/techniques/T1410", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1411", "technique": "Input Prompt", "url": "https://attack.mitre.org/techniques/T1411", "tactic": [ "Credential Access" ] }, { "technique_id": "T1412", "technique": "Capture SMS Messages", "url": "https://attack.mitre.org/techniques/T1412", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1413", "technique": "Access Sensitive Data in Device Logs", "url": "https://attack.mitre.org/techniques/T1413", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1414", "technique": "Capture Clipboard Data", "url": "https://attack.mitre.org/techniques/T1414", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1415", "technique": "URL Scheme Hijacking", "url": "https://attack.mitre.org/techniques/T1415", "tactic": [ "Credential Access" ] }, { "technique_id": "T1416", "technique": "Android Intent Hijacking", "url": "https://attack.mitre.org/techniques/T1416", "tactic": [ "Credential Access" ] }, { "technique_id": "T1417", "technique": "Input Capture", "url": "https://attack.mitre.org/techniques/T1417", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1418", "technique": "Application Discovery", "url": "https://attack.mitre.org/techniques/T1418", "tactic": [ "Defense Evasion", "Discovery" ] }, { "technique_id": "T1420", "technique": "File and Directory Discovery", "url": "https://attack.mitre.org/techniques/T1420", "tactic": [ "Discovery" ] }, { "technique_id": "T1421", "technique": "System Network Connections Discovery", "url": "https://attack.mitre.org/techniques/T1421", "tactic": [ "Discovery" ] }, { "technique_id": "T1422", "technique": "System Network Configuration Discovery", "url": "https://attack.mitre.org/techniques/T1422", "tactic": [ "Discovery" ] }, { "technique_id": "T1423", "technique": "Network Service Scanning", "url": "https://attack.mitre.org/techniques/T1423", "tactic": [ "Discovery" ] }, { "technique_id": "T1424", "technique": "Process Discovery", "url": "https://attack.mitre.org/techniques/T1424", "tactic": [ "Discovery" ] }, { "technique_id": "T1426", "technique": "System Information Discovery", "url": "https://attack.mitre.org/techniques/T1426", "tactic": [ "Discovery" ] }, { "technique_id": "T1427", "technique": "Attack PC via USB Connection", "url": "https://attack.mitre.org/techniques/T1427", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1428", "technique": "Exploit Enterprise Resources", "url": "https://attack.mitre.org/techniques/T1428", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1429", "technique": "Capture Audio", "url": "https://attack.mitre.org/techniques/T1429", "tactic": [ "Collection" ] }, { "technique_id": "T1430", "technique": "Location Tracking", "url": "https://attack.mitre.org/techniques/T1430", "tactic": [ "Collection", "Discovery" ] }, { "technique_id": "T1432", "technique": "Access Contact List", "url": "https://attack.mitre.org/techniques/T1432", "tactic": [ "Collection" ] }, { "technique_id": "T1433", "technique": "Access Call Log", "url": "https://attack.mitre.org/techniques/T1433", "tactic": [ "Collection" ] }, { "technique_id": "T1435", "technique": "Access Calendar Entries", "url": "https://attack.mitre.org/techniques/T1435", "tactic": [ "Collection" ] }, { "technique_id": "T1436", "technique": "Commonly Used Port", "url": "https://attack.mitre.org/techniques/T1436", "tactic": [ "Command and Control", "Exfiltration" ] }, { "technique_id": "T1437", "technique": "Standard Application Layer Protocol", "url": "https://attack.mitre.org/techniques/T1437", "tactic": [ "Command and Control", "Exfiltration" ] }, { "technique_id": "T1438", "technique": "Alternate Network Mediums", "url": "https://attack.mitre.org/techniques/T1438", "tactic": [ "Command and Control", "Exfiltration" ] }, { "technique_id": "T1439", "technique": "Eavesdrop on Insecure Network Communication", "url": "https://attack.mitre.org/techniques/T1439", "tactic": [ "Network Effects" ] }, { "technique_id": "T1444", "technique": "Masquerade as Legitimate Application", "url": "https://attack.mitre.org/techniques/T1444", "tactic": [ "Initial Access", "Defense Evasion" ] }, { "technique_id": "T1446", "technique": "Device Lockout", "url": "https://attack.mitre.org/techniques/T1446", "tactic": [ "Impact", "Defense Evasion" ] }, { "technique_id": "T1447", "technique": "Delete Device Data", "url": "https://attack.mitre.org/techniques/T1447", "tactic": [ "Impact" ] }, { "technique_id": "T1448", "technique": "Carrier Billing Fraud", "url": "https://attack.mitre.org/techniques/T1448", "tactic": [ "Impact" ] }, { "technique_id": "T1449", "technique": "Exploit SS7 to Redirect Phone Calls/SMS", "url": "https://attack.mitre.org/techniques/T1449", "tactic": [ "Network Effects" ] }, { "technique_id": "T1450", "technique": "Exploit SS7 to Track Device Location", "url": "https://attack.mitre.org/techniques/T1450", "tactic": [ "Network Effects" ] }, { "technique_id": "T1451", "technique": "SIM Card Swap", "url": "https://attack.mitre.org/techniques/T1451", "tactic": [ "Network Effects" ] }, { "technique_id": "T1452", "technique": "Manipulate App Store Rankings or Ratings", "url": "https://attack.mitre.org/techniques/T1452", "tactic": [ "Impact" ] }, { "technique_id": "T1456", "technique": "Drive-by Compromise", "url": "https://attack.mitre.org/techniques/T1456", "tactic": [ "Initial Access" ] }, { "technique_id": "T1458", "technique": "Exploit via Charging Station or PC", "url": "https://attack.mitre.org/techniques/T1458", "tactic": [ "Initial Access" ] }, { "technique_id": "T1461", "technique": "Lockscreen Bypass", "url": "https://attack.mitre.org/techniques/T1461", "tactic": [ "Initial Access" ] }, { "technique_id": "T1463", "technique": "Manipulate Device Communication", "url": "https://attack.mitre.org/techniques/T1463", "tactic": [ "Network Effects" ] }, { "technique_id": "T1464", "technique": "Jamming or Denial of Service", "url": "https://attack.mitre.org/techniques/T1464", "tactic": [ "Network Effects" ] }, { "technique_id": "T1465", "technique": "Rogue Wi-Fi Access Points", "url": "https://attack.mitre.org/techniques/T1465", "tactic": [ "Network Effects" ] }, { "technique_id": "T1466", "technique": "Downgrade to Insecure Protocols", "url": "https://attack.mitre.org/techniques/T1466", "tactic": [ "Network Effects" ] }, { "technique_id": "T1467", "technique": "Rogue Cellular Base Station", "url": "https://attack.mitre.org/techniques/T1467", "tactic": [ "Network Effects" ] }, { "technique_id": "T1468", "technique": "Remotely Track Device Without Authorization", "url": "https://attack.mitre.org/techniques/T1468", "tactic": [ "Remote Service Effects" ] }, { "technique_id": "T1469", "technique": "Remotely Wipe Data Without Authorization", "url": "https://attack.mitre.org/techniques/T1469", "tactic": [ "Remote Service Effects" ] }, { "technique_id": "T1470", "technique": "Obtain Device Cloud Backups", "url": "https://attack.mitre.org/techniques/T1470", "tactic": [ "Remote Service Effects" ] }, { "technique_id": "T1471", "technique": "Data Encrypted for Impact", "url": "https://attack.mitre.org/techniques/T1471", "tactic": [ "Impact" ] }, { "technique_id": "T1472", "technique": "Generate Fraudulent Advertising Revenue", "url": "https://attack.mitre.org/techniques/T1472", "tactic": [ "Impact" ] }, { "technique_id": "T1474", "technique": "Supply Chain Compromise", "url": "https://attack.mitre.org/techniques/T1474", "tactic": [ "Initial Access" ] }, { "technique_id": "T1475", "technique": "Deliver Malicious App via Authorized App Store", "url": "https://attack.mitre.org/techniques/T1475", "tactic": [ "Initial Access" ] }, { "technique_id": "T1476", "technique": "Deliver Malicious App via Other Means", "url": "https://attack.mitre.org/techniques/T1476", "tactic": [ "Initial Access" ] }, { "technique_id": "T1477", "technique": "Exploit via Radio Interfaces", "url": "https://attack.mitre.org/techniques/T1477", "tactic": [ "Initial Access" ] }, { "technique_id": "T1478", "technique": "Install Insecure or Malicious Configuration", "url": "https://attack.mitre.org/techniques/T1478", "tactic": [ "Defense Evasion", "Initial Access" ] }, { "technique_id": "T1480", "technique": "Execution Guardrails", "url": "https://attack.mitre.org/techniques/T1480", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1480.001", "technique": "Execution Guardrails : Environmental Keying", "url": "https://attack.mitre.org/techniques/T1480/001" }, { "technique_id": "T1481", "technique": "Web Service", "url": "https://attack.mitre.org/techniques/T1481", "tactic": [ "Command and Control" ] }, { "technique_id": "T1482", "technique": "Domain Trust Discovery", "url": "https://attack.mitre.org/techniques/T1482", "tactic": [ "Discovery" ] }, { "technique_id": "T1484", "technique": "Group Policy Modification", "url": "https://attack.mitre.org/techniques/T1484", "tactic": [ "Defense Evasion", "Privilege Escalation" ] }, { "technique_id": "T1485", "technique": "Data Destruction", "url": "https://attack.mitre.org/techniques/T1485", "tactic": [ "Impact" ] }, { "technique_id": "T1486", "technique": "Data Encrypted for Impact", "url": "https://attack.mitre.org/techniques/T1486", "tactic": [ "Impact" ] }, { "technique_id": "T1489", "technique": "Service Stop", "url": "https://attack.mitre.org/techniques/T1489", "tactic": [ "Impact" ] }, { "technique_id": "T1490", "technique": "Inhibit System Recovery", "url": "https://attack.mitre.org/techniques/T1490", "tactic": [ "Impact" ] }, { "technique_id": "T1491", "technique": "Defacement", "url": "https://attack.mitre.org/techniques/T1491", "tactic": [ "Impact" ] }, { "technique_id": "T1491.001", "technique": "Defacement : Internal Defacement", "url": "https://attack.mitre.org/techniques/T1491/001" }, { "technique_id": "T1491.002", "technique": "Defacement : External Defacement", "url": "https://attack.mitre.org/techniques/T1491/002" }, { "technique_id": "T1495", "technique": "Firmware Corruption", "url": "https://attack.mitre.org/techniques/T1495", "tactic": [ "Impact" ] }, { "technique_id": "T1496", "technique": "Resource Hijacking", "url": "https://attack.mitre.org/techniques/T1496", "tactic": [ "Impact" ] }, { "technique_id": "T1497", "technique": "Virtualization/Sandbox Evasion", "url": "https://attack.mitre.org/techniques/T1497", "tactic": [ "Defense Evasion", "Discovery" ] }, { "technique_id": "T1497.001", "technique": "Virtualization/Sandbox Evasion : System Checks", "url": "https://attack.mitre.org/techniques/T1497/001" }, { "technique_id": "T1497.002", "technique": "Virtualization/Sandbox Evasion : User Activity Based Checks", "url": "https://attack.mitre.org/techniques/T1497/002" }, { "technique_id": "T1497.003", "technique": "Virtualization/Sandbox Evasion : Time Based Evasion", "url": "https://attack.mitre.org/techniques/T1497/003" }, { "technique_id": "T1498", "technique": "Network Denial of Service", "url": "https://attack.mitre.org/techniques/T1498", "tactic": [ "Impact" ] }, { "technique_id": "T1498.001", "technique": "Network Denial of Service : Direct Network Flood", "url": "https://attack.mitre.org/techniques/T1498/001" }, { "technique_id": "T1498.002", "technique": "Network Denial of Service : Reflection Amplification", "url": "https://attack.mitre.org/techniques/T1498/002" }, { "technique_id": "T1499", "technique": "Endpoint Denial of Service", "url": "https://attack.mitre.org/techniques/T1499", "tactic": [ "Impact" ] }, { "technique_id": "T1499.001", "technique": "Endpoint Denial of Service : OS Exhaustion Flood", "url": "https://attack.mitre.org/techniques/T1499/001" }, { "technique_id": "T1499.002", "technique": "Endpoint Denial of Service : Service Exhaustion Flood", "url": "https://attack.mitre.org/techniques/T1499/002" }, { "technique_id": "T1499.003", "technique": "Endpoint Denial of Service : Application Exhaustion Flood", "url": "https://attack.mitre.org/techniques/T1499/003" }, { "technique_id": "T1499.004", "technique": "Endpoint Denial of Service : Application or System Exploitation", "url": "https://attack.mitre.org/techniques/T1499/004" }, { "technique_id": "T1505", "technique": "Server Software Component", "url": "https://attack.mitre.org/techniques/T1505", "tactic": [ "Persistence" ] }, { "technique_id": "T1505.001", "technique": "Server Software Component : SQL Stored Procedures", "url": "https://attack.mitre.org/techniques/T1505/001" }, { "technique_id": "T1505.002", "technique": "Server Software Component : Transport Agent", "url": "https://attack.mitre.org/techniques/T1505/002" }, { "technique_id": "T1505.003", "technique": "Server Software Component : Web Shell", "url": "https://attack.mitre.org/techniques/T1505/003" }, { "technique_id": "T1507", "technique": "Network Information Discovery", "url": "https://attack.mitre.org/techniques/T1507", "tactic": [ "Collection" ] }, { "technique_id": "T1508", "technique": "Suppress Application Icon", "url": "https://attack.mitre.org/techniques/T1508", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1509", "technique": "Uncommonly Used Port", "url": "https://attack.mitre.org/techniques/T1509", "tactic": [ "Command and Control" ] }, { "technique_id": "T1510", "technique": "Clipboard Modification", "url": "https://attack.mitre.org/techniques/T1510", "tactic": [ "Impact" ] }, { "technique_id": "T1512", "technique": "Capture Camera", "url": "https://attack.mitre.org/techniques/T1512", "tactic": [ "Collection" ] }, { "technique_id": "T1513", "technique": "Screen Capture", "url": "https://attack.mitre.org/techniques/T1513", "tactic": [ "Collection" ] }, { "technique_id": "T1516", "technique": "Input Injection", "url": "https://attack.mitre.org/techniques/T1516", "tactic": [ "Defense Evasion", "Impact" ] }, { "technique_id": "T1517", "technique": "Access Notifications", "url": "https://attack.mitre.org/techniques/T1517", "tactic": [ "Collection", "Credential Access" ] }, { "technique_id": "T1518", "technique": "Software Discovery", "url": "https://attack.mitre.org/techniques/T1518", "tactic": [ "Discovery" ] }, { "technique_id": "T1518.001", "technique": "Software Discovery : Security Software Discovery", "url": "https://attack.mitre.org/techniques/T1518/001" }, { "technique_id": "T1520", "technique": "Domain Generation Algorithms", "url": "https://attack.mitre.org/techniques/T1520", "tactic": [ "Command and Control" ] }, { "technique_id": "T1521", "technique": "Standard Cryptographic Protocol", "url": "https://attack.mitre.org/techniques/T1521", "tactic": [ "Command and Control" ] }, { "technique_id": "T1523", "technique": "Evade Analysis Environment", "url": "https://attack.mitre.org/techniques/T1523", "tactic": [ "Defense Evasion", "Discovery" ] }, { "technique_id": "T1525", "technique": "Implant Container Image", "url": "https://attack.mitre.org/techniques/T1525", "tactic": [ "Persistence" ] }, { "technique_id": "T1526", "technique": "Cloud Service Discovery", "url": "https://attack.mitre.org/techniques/T1526", "tactic": [ "Discovery" ] }, { "technique_id": "T1528", "technique": "Steal Application Access Token", "url": "https://attack.mitre.org/techniques/T1528", "tactic": [ "Credential Access" ] }, { "technique_id": "T1529", "technique": "System Shutdown/Reboot", "url": "https://attack.mitre.org/techniques/T1529", "tactic": [ "Impact" ] }, { "technique_id": "T1530", "technique": "Data from Cloud Storage Object", "url": "https://attack.mitre.org/techniques/T1530", "tactic": [ "Collection" ] }, { "technique_id": "T1531", "technique": "Account Access Removal", "url": "https://attack.mitre.org/techniques/T1531", "tactic": [ "Impact" ] }, { "technique_id": "T1532", "technique": "Data Encrypted", "url": "https://attack.mitre.org/techniques/T1532", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1533", "technique": "Data from Local System", "url": "https://attack.mitre.org/techniques/T1533", "tactic": [ "Collection" ] }, { "technique_id": "T1534", "technique": "Internal Spearphishing", "url": "https://attack.mitre.org/techniques/T1534", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1535", "technique": "Unused/Unsupported Cloud Regions", "url": "https://attack.mitre.org/techniques/T1535", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1537", "technique": "Transfer Data to Cloud Account", "url": "https://attack.mitre.org/techniques/T1537", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1538", "technique": "Cloud Service Dashboard", "url": "https://attack.mitre.org/techniques/T1538", "tactic": [ "Discovery" ] }, { "technique_id": "T1539", "technique": "Steal Web Session Cookie", "url": "https://attack.mitre.org/techniques/T1539", "tactic": [ "Credential Access" ] }, { "technique_id": "T1540", "technique": "Code Injection", "url": "https://attack.mitre.org/techniques/T1540", "tactic": [ "Persistence", "Privilege Escalation", "Defense Evasion" ] }, { "technique_id": "T1541", "technique": "Foreground Persistence", "url": "https://attack.mitre.org/techniques/T1541", "tactic": [ "Collection", "Persistence" ] }, { "technique_id": "T1542", "technique": "Pre-OS Boot", "url": "https://attack.mitre.org/techniques/T1542", "tactic": [ "Defense Evasion", "Persistence" ] }, { "technique_id": "T1542.001", "technique": "Pre-OS Boot : System Firmware", "url": "https://attack.mitre.org/techniques/T1542/001" }, { "technique_id": "T1542.002", "technique": "Pre-OS Boot : Component Firmware", "url": "https://attack.mitre.org/techniques/T1542/002" }, { "technique_id": "T1542.003", "technique": "Pre-OS Boot : Bootkit", "url": "https://attack.mitre.org/techniques/T1542/003" }, { "technique_id": "T1543", "technique": "Create or Modify System Process", "url": "https://attack.mitre.org/techniques/T1543", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1543.001", "technique": "Create or Modify System Process : Launch Agent", "url": "https://attack.mitre.org/techniques/T1543/001" }, { "technique_id": "T1543.002", "technique": "Create or Modify System Process : Systemd Service", "url": "https://attack.mitre.org/techniques/T1543/002" }, { "technique_id": "T1543.003", "technique": "Create or Modify System Process : Windows Service", "url": "https://attack.mitre.org/techniques/T1543/003" }, { "technique_id": "T1543.004", "technique": "Create or Modify System Process : Launch Daemon", "url": "https://attack.mitre.org/techniques/T1543/004" }, { "technique_id": "T1544", "technique": "Remote File Copy", "url": "https://attack.mitre.org/techniques/T1544", "tactic": [ "Command and Control" ] }, { "technique_id": "T1546", "technique": "Event Triggered Execution", "url": "https://attack.mitre.org/techniques/T1546", "tactic": [ "Privilege Escalation", "Persistence" ] }, { "technique_id": "T1546.001", "technique": "Event Triggered Execution : Change Default File Association", "url": "https://attack.mitre.org/techniques/T1546/001" }, { "technique_id": "T1546.002", "technique": "Event Triggered Execution : Screensaver", "url": "https://attack.mitre.org/techniques/T1546/002" }, { "technique_id": "T1546.003", "technique": "Event Triggered Execution : Windows Management Instrumentation Event Subscription", "url": "https://attack.mitre.org/techniques/T1546/003" }, { "technique_id": "T1546.004", "technique": "Event Triggered Execution : .bash_profile and .bashrc", "url": "https://attack.mitre.org/techniques/T1546/004" }, { "technique_id": "T1546.005", "technique": "Event Triggered Execution : Trap", "url": "https://attack.mitre.org/techniques/T1546/005" }, { "technique_id": "T1546.006", "technique": "Event Triggered Execution : LC_LOAD_DYLIB Addition", "url": "https://attack.mitre.org/techniques/T1546/006" }, { "technique_id": "T1546.007", "technique": "Event Triggered Execution : Netsh Helper DLL", "url": "https://attack.mitre.org/techniques/T1546/007" }, { "technique_id": "T1546.008", "technique": "Event Triggered Execution : Accessibility Features", "url": "https://attack.mitre.org/techniques/T1546/008" }, { "technique_id": "T1546.009", "technique": "Event Triggered Execution : AppCert DLLs", "url": "https://attack.mitre.org/techniques/T1546/009" }, { "technique_id": "T1546.010", "technique": "Event Triggered Execution : AppInit DLLs", "url": "https://attack.mitre.org/techniques/T1546/010" }, { "technique_id": "T1546.011", "technique": "Event Triggered Execution : Application Shimming", "url": "https://attack.mitre.org/techniques/T1546/011" }, { "technique_id": "T1546.012", "technique": "Event Triggered Execution : Image File Execution Options Injection", "url": "https://attack.mitre.org/techniques/T1546/012" }, { "technique_id": "T1546.013", "technique": "Event Triggered Execution : PowerShell Profile", "url": "https://attack.mitre.org/techniques/T1546/013" }, { "technique_id": "T1546.014", "technique": "Event Triggered Execution : Emond", "url": "https://attack.mitre.org/techniques/T1546/014" }, { "technique_id": "T1546.015", "technique": "Event Triggered Execution : Component Object Model Hijacking", "url": "https://attack.mitre.org/techniques/T1546/015" }, { "technique_id": "T1547", "technique": "Boot or Logon Autostart Execution", "url": "https://attack.mitre.org/techniques/T1547", "tactic": [ "Persistence", "Privilege Escalation" ] }, { "technique_id": "T1547.001", "technique": "Boot or Logon Autostart Execution : Registry Run Keys / Startup Folder", "url": "https://attack.mitre.org/techniques/T1547/001" }, { "technique_id": "T1547.002", "technique": "Boot or Logon Autostart Execution : Authentication Package", "url": "https://attack.mitre.org/techniques/T1547/002" }, { "technique_id": "T1547.003", "technique": "Boot or Logon Autostart Execution : Time Providers", "url": "https://attack.mitre.org/techniques/T1547/003" }, { "technique_id": "T1547.004", "technique": "Boot or Logon Autostart Execution : Winlogon Helper DLL", "url": "https://attack.mitre.org/techniques/T1547/004" }, { "technique_id": "T1547.005", "technique": "Boot or Logon Autostart Execution : Security Support Provider", "url": "https://attack.mitre.org/techniques/T1547/005" }, { "technique_id": "T1547.006", "technique": "Boot or Logon Autostart Execution : Kernel Modules and Extensions", "url": "https://attack.mitre.org/techniques/T1547/006" }, { "technique_id": "T1547.007", "technique": "Boot or Logon Autostart Execution : Re-opened Applications", "url": "https://attack.mitre.org/techniques/T1547/007" }, { "technique_id": "T1547.008", "technique": "Boot or Logon Autostart Execution : LSASS Driver", "url": "https://attack.mitre.org/techniques/T1547/008" }, { "technique_id": "T1547.009", "technique": "Boot or Logon Autostart Execution : Shortcut Modification", "url": "https://attack.mitre.org/techniques/T1547/009" }, { "technique_id": "T1547.010", "technique": "Boot or Logon Autostart Execution : Port Monitors", "url": "https://attack.mitre.org/techniques/T1547/010" }, { "technique_id": "T1547.011", "technique": "Boot or Logon Autostart Execution : Plist Modification", "url": "https://attack.mitre.org/techniques/T1547/011" }, { "technique_id": "T1548", "technique": "Abuse Elevation Control Mechanism", "url": "https://attack.mitre.org/techniques/T1548", "tactic": [ "Privilege Escalation", "Defense Evasion" ] }, { "technique_id": "T1548.001", "technique": "Abuse Elevation Control Mechanism : Setuid and Setgid", "url": "https://attack.mitre.org/techniques/T1548/001" }, { "technique_id": "T1548.002", "technique": "Abuse Elevation Control Mechanism : Bypass User Access Control", "url": "https://attack.mitre.org/techniques/T1548/002" }, { "technique_id": "T1548.003", "technique": "Abuse Elevation Control Mechanism : Sudo and Sudo Caching", "url": "https://attack.mitre.org/techniques/T1548/003" }, { "technique_id": "T1548.004", "technique": "Abuse Elevation Control Mechanism : Elevated Execution with Prompt", "url": "https://attack.mitre.org/techniques/T1548/004" }, { "technique_id": "T1550", "technique": "Use Alternate Authentication Material", "url": "https://attack.mitre.org/techniques/T1550", "tactic": [ "Defense Evasion", "Lateral Movement" ] }, { "technique_id": "T1550.001", "technique": "Use Alternate Authentication Material : Application Access Token", "url": "https://attack.mitre.org/techniques/T1550/001" }, { "technique_id": "T1550.002", "technique": "Use Alternate Authentication Material : Pass the Hash", "url": "https://attack.mitre.org/techniques/T1550/002" }, { "technique_id": "T1550.003", "technique": "Use Alternate Authentication Material : Pass the Ticket", "url": "https://attack.mitre.org/techniques/T1550/003" }, { "technique_id": "T1550.004", "technique": "Use Alternate Authentication Material : Web Session Cookie", "url": "https://attack.mitre.org/techniques/T1550/004" }, { "technique_id": "T1552", "technique": "Unsecured Credentials", "url": "https://attack.mitre.org/techniques/T1552", "tactic": [ "Credential Access" ] }, { "technique_id": "T1552.001", "technique": "Unsecured Credentials : Credentials In Files", "url": "https://attack.mitre.org/techniques/T1552/001" }, { "technique_id": "T1552.002", "technique": "Unsecured Credentials : Credentials in Registry", "url": "https://attack.mitre.org/techniques/T1552/002" }, { "technique_id": "T1552.003", "technique": "Unsecured Credentials : Bash History", "url": "https://attack.mitre.org/techniques/T1552/003" }, { "technique_id": "T1552.004", "technique": "Unsecured Credentials : Private Keys", "url": "https://attack.mitre.org/techniques/T1552/004" }, { "technique_id": "T1552.005", "technique": "Unsecured Credentials : Cloud Instance Metadata API", "url": "https://attack.mitre.org/techniques/T1552/005" }, { "technique_id": "T1552.006", "technique": "Unsecured Credentials : Group Policy Preferences", "url": "https://attack.mitre.org/techniques/T1552/006" }, { "technique_id": "T1553", "technique": "Subvert Trust Controls", "url": "https://attack.mitre.org/techniques/T1553", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1553.001", "technique": "Subvert Trust Controls : Gatekeeper Bypass", "url": "https://attack.mitre.org/techniques/T1553/001" }, { "technique_id": "T1553.002", "technique": "Subvert Trust Controls : Code Signing", "url": "https://attack.mitre.org/techniques/T1553/002" }, { "technique_id": "T1553.003", "technique": "Subvert Trust Controls : SIP and Trust Provider Hijacking", "url": "https://attack.mitre.org/techniques/T1553/003" }, { "technique_id": "T1553.004", "technique": "Subvert Trust Controls : Install Root Certificate", "url": "https://attack.mitre.org/techniques/T1553/004" }, { "technique_id": "T1554", "technique": "Compromise Client Software Binary", "url": "https://attack.mitre.org/techniques/T1554", "tactic": [ "Persistence" ] }, { "technique_id": "T1555", "technique": "Credentials from Password Stores", "url": "https://attack.mitre.org/techniques/T1555", "tactic": [ "Credential Access" ] }, { "technique_id": "T1555.001", "technique": "Credentials from Password Stores : Keychain", "url": "https://attack.mitre.org/techniques/T1555/001" }, { "technique_id": "T1555.002", "technique": "Credentials from Password Stores : Securityd Memory", "url": "https://attack.mitre.org/techniques/T1555/002" }, { "technique_id": "T1555.003", "technique": "Credentials from Password Stores : Credentials from Web Browsers", "url": "https://attack.mitre.org/techniques/T1555/003" }, { "technique_id": "T1556", "technique": "Modify Authentication Process", "url": "https://attack.mitre.org/techniques/T1556", "tactic": [ "Credential Access", "Defense Evasion" ] }, { "technique_id": "T1556.001", "technique": "Modify Authentication Process : Domain Controller Authentication", "url": "https://attack.mitre.org/techniques/T1556/001" }, { "technique_id": "T1556.002", "technique": "Modify Authentication Process : Password Filter DLL", "url": "https://attack.mitre.org/techniques/T1556/002" }, { "technique_id": "T1556.003", "technique": "Modify Authentication Process : Pluggable Authentication Modules", "url": "https://attack.mitre.org/techniques/T1556/003" }, { "technique_id": "T1557", "technique": "Man-in-the-Middle", "url": "https://attack.mitre.org/techniques/T1557", "tactic": [ "Credential Access", "Collection" ] }, { "technique_id": "T1557.001", "technique": "Man-in-the-Middle : LLMNR/NBT-NS Poisoning and SMB Relay", "url": "https://attack.mitre.org/techniques/T1557/001" }, { "technique_id": "T1558", "technique": "Steal or Forge Kerberos Tickets", "url": "https://attack.mitre.org/techniques/T1558", "tactic": [ "Credential Access" ] }, { "technique_id": "T1558.001", "technique": "Steal or Forge Kerberos Tickets : Golden Ticket", "url": "https://attack.mitre.org/techniques/T1558/001" }, { "technique_id": "T1558.002", "technique": "Steal or Forge Kerberos Tickets : Silver Ticket", "url": "https://attack.mitre.org/techniques/T1558/002" }, { "technique_id": "T1558.003", "technique": "Steal or Forge Kerberos Tickets : Kerberoasting", "url": "https://attack.mitre.org/techniques/T1558/003" }, { "technique_id": "T1559", "technique": "Inter-Process Communication", "url": "https://attack.mitre.org/techniques/T1559", "tactic": [ "Execution" ] }, { "technique_id": "T1559.001", "technique": "Inter-Process Communication : Component Object Model", "url": "https://attack.mitre.org/techniques/T1559/001" }, { "technique_id": "T1559.002", "technique": "Inter-Process Communication : Dynamic Data Exchange", "url": "https://attack.mitre.org/techniques/T1559/002" }, { "technique_id": "T1560", "technique": "Archive Collected Data", "url": "https://attack.mitre.org/techniques/T1560", "tactic": [ "Collection" ] }, { "technique_id": "T1560.001", "technique": "Archive Collected Data : Archive via Utility", "url": "https://attack.mitre.org/techniques/T1560/001" }, { "technique_id": "T1560.002", "technique": "Archive Collected Data : Archive via Library", "url": "https://attack.mitre.org/techniques/T1560/002" }, { "technique_id": "T1560.003", "technique": "Archive Collected Data : Archive via Custom Method", "url": "https://attack.mitre.org/techniques/T1560/003" }, { "technique_id": "T1561", "technique": "Disk Wipe", "url": "https://attack.mitre.org/techniques/T1561", "tactic": [ "Impact" ] }, { "technique_id": "T1561.001", "technique": "Disk Wipe : Disk Content Wipe", "url": "https://attack.mitre.org/techniques/T1561/001" }, { "technique_id": "T1561.002", "technique": "Disk Wipe : Disk Structure Wipe", "url": "https://attack.mitre.org/techniques/T1561/002" }, { "technique_id": "T1562", "technique": "Impair Defenses", "url": "https://attack.mitre.org/techniques/T1562", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1562.001", "technique": "Impair Defenses : Disable or Modify Tools", "url": "https://attack.mitre.org/techniques/T1562/001" }, { "technique_id": "T1562.002", "technique": "Impair Defenses : Disable Windows Event Logging", "url": "https://attack.mitre.org/techniques/T1562/002" }, { "technique_id": "T1562.003", "technique": "Impair Defenses : HISTCONTROL", "url": "https://attack.mitre.org/techniques/T1562/003" }, { "technique_id": "T1562.004", "technique": "Impair Defenses : Disable or Modify System Firewall", "url": "https://attack.mitre.org/techniques/T1562/004" }, { "technique_id": "T1562.006", "technique": "Impair Defenses : Indicator Blocking", "url": "https://attack.mitre.org/techniques/T1562/006" }, { "technique_id": "T1562.007", "technique": "Impair Defenses : Disable or Modify Cloud Firewall", "url": "https://attack.mitre.org/techniques/T1562/007" }, { "technique_id": "T1563", "technique": "Remote Service Session Hijacking", "url": "https://attack.mitre.org/techniques/T1563", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1563.001", "technique": "Remote Service Session Hijacking : SSH Hijacking", "url": "https://attack.mitre.org/techniques/T1563/001" }, { "technique_id": "T1563.002", "technique": "Remote Service Session Hijacking : RDP Hijacking", "url": "https://attack.mitre.org/techniques/T1563/002" }, { "technique_id": "T1564", "technique": "Hide Artifacts", "url": "https://attack.mitre.org/techniques/T1564", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1564.001", "technique": "Hide Artifacts : Hidden Files and Directories", "url": "https://attack.mitre.org/techniques/T1564/001" }, { "technique_id": "T1564.002", "technique": "Hide Artifacts : Hidden Users", "url": "https://attack.mitre.org/techniques/T1564/002" }, { "technique_id": "T1564.003", "technique": "Hide Artifacts : Hidden Window", "url": "https://attack.mitre.org/techniques/T1564/003" }, { "technique_id": "T1564.004", "technique": "Hide Artifacts : NTFS File Attributes", "url": "https://attack.mitre.org/techniques/T1564/004" }, { "technique_id": "T1564.005", "technique": "Hide Artifacts : Hidden File System", "url": "https://attack.mitre.org/techniques/T1564/005" }, { "technique_id": "T1564.006", "technique": "Hide Artifacts : Run Virtual Instance", "url": "https://attack.mitre.org/techniques/T1564/006" }, { "technique_id": "T1565", "technique": "Data Manipulation", "url": "https://attack.mitre.org/techniques/T1565", "tactic": [ "Impact" ] }, { "technique_id": "T1565.001", "technique": "Data Manipulation : Stored Data Manipulation", "url": "https://attack.mitre.org/techniques/T1565/001" }, { "technique_id": "T1565.002", "technique": "Data Manipulation : Transmitted Data Manipulation", "url": "https://attack.mitre.org/techniques/T1565/002" }, { "technique_id": "T1565.003", "technique": "Data Manipulation : Runtime Data Manipulation", "url": "https://attack.mitre.org/techniques/T1565/003" }, { "technique_id": "T1566", "technique": "Phishing", "url": "https://attack.mitre.org/techniques/T1566", "tactic": [ "Initial Access" ] }, { "technique_id": "T1566.001", "technique": "Phishing : Spearphishing Attachment", "url": "https://attack.mitre.org/techniques/T1566/001" }, { "technique_id": "T1566.002", "technique": "Phishing : Spearphishing Link", "url": "https://attack.mitre.org/techniques/T1566/002" }, { "technique_id": "T1566.003", "technique": "Phishing : Spearphishing via Service", "url": "https://attack.mitre.org/techniques/T1566/003" }, { "technique_id": "T1567", "technique": "Exfiltration Over Web Service", "url": "https://attack.mitre.org/techniques/T1567", "tactic": [ "Exfiltration" ] }, { "technique_id": "T1567.001", "technique": "Exfiltration Over Web Service : Exfiltration to Code Repository", "url": "https://attack.mitre.org/techniques/T1567/001" }, { "technique_id": "T1567.002", "technique": "Exfiltration Over Web Service : Exfiltration to Cloud Storage", "url": "https://attack.mitre.org/techniques/T1567/002" }, { "technique_id": "T1568", "technique": "Dynamic Resolution", "url": "https://attack.mitre.org/techniques/T1568", "tactic": [ "Command and Control" ] }, { "technique_id": "T1568.001", "technique": "Dynamic Resolution : Fast Flux DNS", "url": "https://attack.mitre.org/techniques/T1568/001" }, { "technique_id": "T1568.002", "technique": "Dynamic Resolution : Domain Generation Algorithms", "url": "https://attack.mitre.org/techniques/T1568/002" }, { "technique_id": "T1568.003", "technique": "Dynamic Resolution : DNS Calculation", "url": "https://attack.mitre.org/techniques/T1568/003" }, { "technique_id": "T1569", "technique": "System Services", "url": "https://attack.mitre.org/techniques/T1569", "tactic": [ "Execution" ] }, { "technique_id": "T1569.001", "technique": "System Services : Launchctl", "url": "https://attack.mitre.org/techniques/T1569/001" }, { "technique_id": "T1569.002", "technique": "System Services : Service Execution", "url": "https://attack.mitre.org/techniques/T1569/002" }, { "technique_id": "T1570", "technique": "Lateral Tool Transfer", "url": "https://attack.mitre.org/techniques/T1570", "tactic": [ "Lateral Movement" ] }, { "technique_id": "T1571", "technique": "Non-Standard Port", "url": "https://attack.mitre.org/techniques/T1571", "tactic": [ "Command and Control" ] }, { "technique_id": "T1572", "technique": "Protocol Tunneling", "url": "https://attack.mitre.org/techniques/T1572", "tactic": [ "Command and Control" ] }, { "technique_id": "T1573", "technique": "Encrypted Channel", "url": "https://attack.mitre.org/techniques/T1573", "tactic": [ "Command and Control" ] }, { "technique_id": "T1573.001", "technique": "Encrypted Channel : Symmetric Cryptography", "url": "https://attack.mitre.org/techniques/T1573/001" }, { "technique_id": "T1573.002", "technique": "Encrypted Channel : Asymmetric Cryptography", "url": "https://attack.mitre.org/techniques/T1573/002" }, { "technique_id": "T1574", "technique": "Hijack Execution Flow", "url": "https://attack.mitre.org/techniques/T1574", "tactic": [ "Persistence", "Privilege Escalation", "Defense Evasion" ] }, { "technique_id": "T1574.001", "technique": "Hijack Execution Flow : DLL Search Order Hijacking", "url": "https://attack.mitre.org/techniques/T1574/001" }, { "technique_id": "T1574.002", "technique": "Hijack Execution Flow : DLL Side-Loading", "url": "https://attack.mitre.org/techniques/T1574/002" }, { "technique_id": "T1574.004", "technique": "Hijack Execution Flow : Dylib Hijacking", "url": "https://attack.mitre.org/techniques/T1574/004" }, { "technique_id": "T1574.005", "technique": "Hijack Execution Flow : Executable Installer File Permissions Weakness", "url": "https://attack.mitre.org/techniques/T1574/005" }, { "technique_id": "T1574.006", "technique": "Hijack Execution Flow : LD_PRELOAD", "url": "https://attack.mitre.org/techniques/T1574/006" }, { "technique_id": "T1574.007", "technique": "Hijack Execution Flow : Path Interception by PATH Environment Variable", "url": "https://attack.mitre.org/techniques/T1574/007" }, { "technique_id": "T1574.008", "technique": "Hijack Execution Flow : Path Interception by Search Order Hijacking", "url": "https://attack.mitre.org/techniques/T1574/008" }, { "technique_id": "T1574.009", "technique": "Hijack Execution Flow : Path Interception by Unquoted Path", "url": "https://attack.mitre.org/techniques/T1574/009" }, { "technique_id": "T1574.010", "technique": "Hijack Execution Flow : Services File Permissions Weakness", "url": "https://attack.mitre.org/techniques/T1574/010" }, { "technique_id": "T1574.011", "technique": "Hijack Execution Flow : Services Registry Permissions Weakness", "url": "https://attack.mitre.org/techniques/T1574/011" }, { "technique_id": "T1574.012", "technique": "Hijack Execution Flow : COR_PROFILER", "url": "https://attack.mitre.org/techniques/T1574/012" }, { "technique_id": "T1575", "technique": "Native Code", "url": "https://attack.mitre.org/techniques/T1575", "tactic": [ "Defense Evasion", "Execution" ] }, { "technique_id": "T1576", "technique": "Uninstall Malicious Application", "url": "https://attack.mitre.org/techniques/T1576", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1577", "technique": "Compromise Application Executable", "url": "https://attack.mitre.org/techniques/T1577", "tactic": [ "Persistence" ] }, { "technique_id": "T1578", "technique": "Modify Cloud Compute Infrastructure", "url": "https://attack.mitre.org/techniques/T1578", "tactic": [ "Defense Evasion" ] }, { "technique_id": "T1578.001", "technique": "Modify Cloud Compute Infrastructure : Create Snapshot", "url": "https://attack.mitre.org/techniques/T1578/001" }, { "technique_id": "T1578.002", "technique": "Modify Cloud Compute Infrastructure : Create Cloud Instance", "url": "https://attack.mitre.org/techniques/T1578/002" }, { "technique_id": "T1578.003", "technique": "Modify Cloud Compute Infrastructure : Delete Cloud Instance", "url": "https://attack.mitre.org/techniques/T1578/003" }, { "technique_id": "T1578.004", "technique": "Modify Cloud Compute Infrastructure : Revert Cloud Instance", "url": "https://attack.mitre.org/techniques/T1578/004" }, { "technique_id": "T1579", "technique": "Keychain", "url": "https://attack.mitre.org/techniques/T1579", "tactic": [ "Credential Access" ] } ]