security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
01dc930c173e329c191245b76f05de5fa4b5da21
blue-team-tools/tools/config/mitre/techniques.json
T

4529 lines
119 KiB
JSON
Raw Blame History

[
{
"technique_id": "T1001",
"technique": "Data Obfuscation",
"url": "https://attack.mitre.org/techniques/T1001",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1001.001",
"technique": "Data Obfuscation : Junk Data",
"url": "https://attack.mitre.org/techniques/T1001/001"
},
{
"technique_id": "T1001.002",
"technique": "Data Obfuscation : Steganography",
"url": "https://attack.mitre.org/techniques/T1001/002"
},
{
"technique_id": "T1001.003",
"technique": "Data Obfuscation : Protocol Impersonation",
"url": "https://attack.mitre.org/techniques/T1001/003"
},
{
"technique_id": "T1003",
"technique": "OS Credential Dumping",
"url": "https://attack.mitre.org/techniques/T1003",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1003.001",
"technique": "OS Credential Dumping : LSASS Memory",
"url": "https://attack.mitre.org/techniques/T1003/001"
},
{
"technique_id": "T1003.002",
"technique": "OS Credential Dumping : Security Account Manager",
"url": "https://attack.mitre.org/techniques/T1003/002"
},
{
"technique_id": "T1003.003",
"technique": "OS Credential Dumping : NTDS",
"url": "https://attack.mitre.org/techniques/T1003/003"
},
{
"technique_id": "T1003.004",
"technique": "OS Credential Dumping : LSA Secrets",
"url": "https://attack.mitre.org/techniques/T1003/004"
},
{
"technique_id": "T1003.005",
"technique": "OS Credential Dumping : Cached Domain Credentials",
"url": "https://attack.mitre.org/techniques/T1003/005"
},
{
"technique_id": "T1003.006",
"technique": "OS Credential Dumping : DCSync",
"url": "https://attack.mitre.org/techniques/T1003/006"
},
{
"technique_id": "T1003.007",
"technique": "OS Credential Dumping : Proc Filesystem",
"url": "https://attack.mitre.org/techniques/T1003/007"
},
{
"technique_id": "T1003.008",
"technique": "OS Credential Dumping : /etc/passwd and /etc/shadow",
"url": "https://attack.mitre.org/techniques/T1003/008"
},
{
"technique_id": "T1005",
"technique": "Data from Local System",
"url": "https://attack.mitre.org/techniques/T1005",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1006",
"technique": "Direct Volume Access",
"url": "https://attack.mitre.org/techniques/T1006",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1007",
"technique": "System Service Discovery",
"url": "https://attack.mitre.org/techniques/T1007",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1008",
"technique": "Fallback Channels",
"url": "https://attack.mitre.org/techniques/T1008",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1010",
"technique": "Application Window Discovery",
"url": "https://attack.mitre.org/techniques/T1010",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1011",
"technique": "Exfiltration Over Other Network Medium",
"url": "https://attack.mitre.org/techniques/T1011",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1011.001",
"technique": "Exfiltration Over Other Network Medium : Exfiltration Over Bluetooth",
"url": "https://attack.mitre.org/techniques/T1011/001"
},
{
"technique_id": "T1012",
"technique": "Query Registry",
"url": "https://attack.mitre.org/techniques/T1012",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1014",
"technique": "Rootkit",
"url": "https://attack.mitre.org/techniques/T1014",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1016",
"technique": "System Network Configuration Discovery",
"url": "https://attack.mitre.org/techniques/T1016",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1018",
"technique": "Remote System Discovery",
"url": "https://attack.mitre.org/techniques/T1018",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1020",
"technique": "Automated Exfiltration",
"url": "https://attack.mitre.org/techniques/T1020",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1021",
"technique": "Remote Services",
"url": "https://attack.mitre.org/techniques/T1021",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1021.001",
"technique": "Remote Services : Remote Desktop Protocol",
"url": "https://attack.mitre.org/techniques/T1021/001"
},
{
"technique_id": "T1021.002",
"technique": "Remote Services : SMB/Windows Admin Shares",
"url": "https://attack.mitre.org/techniques/T1021/002"
},
{
"technique_id": "T1021.003",
"technique": "Remote Services : Distributed Component Object Model",
"url": "https://attack.mitre.org/techniques/T1021/003"
},
{
"technique_id": "T1021.004",
"technique": "Remote Services : SSH",
"url": "https://attack.mitre.org/techniques/T1021/004"
},
{
"technique_id": "T1021.005",
"technique": "Remote Services : VNC",
"url": "https://attack.mitre.org/techniques/T1021/005"
},
{
"technique_id": "T1021.006",
"technique": "Remote Services : Windows Remote Management",
"url": "https://attack.mitre.org/techniques/T1021/006"
},
{
"technique_id": "T1025",
"technique": "Data from Removable Media",
"url": "https://attack.mitre.org/techniques/T1025",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1027",
"technique": "Obfuscated Files or Information",
"url": "https://attack.mitre.org/techniques/T1027",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1027.001",
"technique": "Obfuscated Files or Information : Binary Padding",
"url": "https://attack.mitre.org/techniques/T1027/001"
},
{
"technique_id": "T1027.002",
"technique": "Obfuscated Files or Information : Software Packing",
"url": "https://attack.mitre.org/techniques/T1027/002"
},
{
"technique_id": "T1027.003",
"technique": "Obfuscated Files or Information : Steganography",
"url": "https://attack.mitre.org/techniques/T1027/003"
},
{
"technique_id": "T1027.004",
"technique": "Obfuscated Files or Information : Compile After Delivery",
"url": "https://attack.mitre.org/techniques/T1027/004"
},
{
"technique_id": "T1027.005",
"technique": "Obfuscated Files or Information : Indicator Removal from Tools",
"url": "https://attack.mitre.org/techniques/T1027/005"
},
{
"technique_id": "T1029",
"technique": "Scheduled Transfer",
"url": "https://attack.mitre.org/techniques/T1029",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1030",
"technique": "Data Transfer Size Limits",
"url": "https://attack.mitre.org/techniques/T1030",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1033",
"technique": "System Owner/User Discovery",
"url": "https://attack.mitre.org/techniques/T1033",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1036",
"technique": "Masquerading",
"url": "https://attack.mitre.org/techniques/T1036",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1036.001",
"technique": "Masquerading : Invalid Code Signature",
"url": "https://attack.mitre.org/techniques/T1036/001"
},
{
"technique_id": "T1036.002",
"technique": "Masquerading : Right-to-Left Override",
"url": "https://attack.mitre.org/techniques/T1036/002"
},
{
"technique_id": "T1036.003",
"technique": "Masquerading : Rename System Utilities",
"url": "https://attack.mitre.org/techniques/T1036/003"
},
{
"technique_id": "T1036.004",
"technique": "Masquerading : Masquerade Task or Service",
"url": "https://attack.mitre.org/techniques/T1036/004"
},
{
"technique_id": "T1036.005",
"technique": "Masquerading : Match Legitimate Name or Location",
"url": "https://attack.mitre.org/techniques/T1036/005"
},
{
"technique_id": "T1036.006",
"technique": "Masquerading : Space after Filename",
"url": "https://attack.mitre.org/techniques/T1036/006"
},
{
"technique_id": "T1037",
"technique": "Boot or Logon Initialization Scripts",
"url": "https://attack.mitre.org/techniques/T1037",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1037.001",
"technique": "Boot or Logon Initialization Scripts : Logon Script (Windows)",
"url": "https://attack.mitre.org/techniques/T1037/001"
},
{
"technique_id": "T1037.002",
"technique": "Boot or Logon Initialization Scripts : Logon Script (Mac)",
"url": "https://attack.mitre.org/techniques/T1037/002"
},
{
"technique_id": "T1037.003",
"technique": "Boot or Logon Initialization Scripts : Network Logon Script",
"url": "https://attack.mitre.org/techniques/T1037/003"
},
{
"technique_id": "T1037.004",
"technique": "Boot or Logon Initialization Scripts : Rc.common",
"url": "https://attack.mitre.org/techniques/T1037/004"
},
{
"technique_id": "T1037.005",
"technique": "Boot or Logon Initialization Scripts : Startup Items",
"url": "https://attack.mitre.org/techniques/T1037/005"
},
{
"technique_id": "T1039",
"technique": "Data from Network Shared Drive",
"url": "https://attack.mitre.org/techniques/T1039",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1040",
"technique": "Network Sniffing",
"url": "https://attack.mitre.org/techniques/T1040",
"tactic": [
"Credential Access",
"Discovery"
]
},
{
"technique_id": "T1041",
"technique": "Exfiltration Over C2 Channel",
"url": "https://attack.mitre.org/techniques/T1041",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1046",
"technique": "Network Service Scanning",
"url": "https://attack.mitre.org/techniques/T1046",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1047",
"technique": "Windows Management Instrumentation",
"url": "https://attack.mitre.org/techniques/T1047",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1048",
"technique": "Exfiltration Over Alternative Protocol",
"url": "https://attack.mitre.org/techniques/T1048",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1048.001",
"technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
"url": "https://attack.mitre.org/techniques/T1048/001"
},
{
"technique_id": "T1048.002",
"technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
"url": "https://attack.mitre.org/techniques/T1048/002"
},
{
"technique_id": "T1048.003",
"technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol",
"url": "https://attack.mitre.org/techniques/T1048/003"
},
{
"technique_id": "T1049",
"technique": "System Network Connections Discovery",
"url": "https://attack.mitre.org/techniques/T1049",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1052",
"technique": "Exfiltration Over Physical Medium",
"url": "https://attack.mitre.org/techniques/T1052",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1052.001",
"technique": "Exfiltration Over Physical Medium : Exfiltration over USB",
"url": "https://attack.mitre.org/techniques/T1052/001"
},
{
"technique_id": "T1053",
"technique": "Scheduled Task/Job",
"url": "https://attack.mitre.org/techniques/T1053",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1053.001",
"technique": "Scheduled Task/Job : At (Linux)",
"url": "https://attack.mitre.org/techniques/T1053/001"
},
{
"technique_id": "T1053.002",
"technique": "Scheduled Task/Job : At (Windows)",
"url": "https://attack.mitre.org/techniques/T1053/002"
},
{
"technique_id": "T1053.003",
"technique": "Scheduled Task/Job : Cron",
"url": "https://attack.mitre.org/techniques/T1053/003"
},
{
"technique_id": "T1053.004",
"technique": "Scheduled Task/Job : Launchd",
"url": "https://attack.mitre.org/techniques/T1053/004"
},
{
"technique_id": "T1053.005",
"technique": "Scheduled Task/Job : Scheduled Task",
"url": "https://attack.mitre.org/techniques/T1053/005"
},
{
"technique_id": "T1055",
"technique": "Process Injection",
"url": "https://attack.mitre.org/techniques/T1055",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1055.001",
"technique": "Process Injection : Dynamic-link Library Injection",
"url": "https://attack.mitre.org/techniques/T1055/001"
},
{
"technique_id": "T1055.002",
"technique": "Process Injection : Portable Executable Injection",
"url": "https://attack.mitre.org/techniques/T1055/002"
},
{
"technique_id": "T1055.003",
"technique": "Process Injection : Thread Execution Hijacking",
"url": "https://attack.mitre.org/techniques/T1055/003"
},
{
"technique_id": "T1055.004",
"technique": "Process Injection : Asynchronous Procedure Call",
"url": "https://attack.mitre.org/techniques/T1055/004"
},
{
"technique_id": "T1055.005",
"technique": "Process Injection : Thread Local Storage",
"url": "https://attack.mitre.org/techniques/T1055/005"
},
{
"technique_id": "T1055.008",
"technique": "Process Injection : Ptrace System Calls",
"url": "https://attack.mitre.org/techniques/T1055/008"
},
{
"technique_id": "T1055.009",
"technique": "Process Injection : Proc Memory",
"url": "https://attack.mitre.org/techniques/T1055/009"
},
{
"technique_id": "T1055.011",
"technique": "Process Injection : Extra Window Memory Injection",
"url": "https://attack.mitre.org/techniques/T1055/011"
},
{
"technique_id": "T1055.012",
"technique": "Process Injection : Process Hollowing",
"url": "https://attack.mitre.org/techniques/T1055/012"
},
{
"technique_id": "T1055.013",
"technique": "Process Injection : Process Doppelg\u00e4nging",
"url": "https://attack.mitre.org/techniques/T1055/013"
},
{
"technique_id": "T1055.014",
"technique": "Process Injection : VDSO Hijacking",
"url": "https://attack.mitre.org/techniques/T1055/014"
},
{
"technique_id": "T1056",
"technique": "Input Capture",
"url": "https://attack.mitre.org/techniques/T1056",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1056.001",
"technique": "Input Capture : Keylogging",
"url": "https://attack.mitre.org/techniques/T1056/001"
},
{
"technique_id": "T1056.002",
"technique": "Input Capture : GUI Input Capture",
"url": "https://attack.mitre.org/techniques/T1056/002"
},
{
"technique_id": "T1056.003",
"technique": "Input Capture : Web Portal Capture",
"url": "https://attack.mitre.org/techniques/T1056/003"
},
{
"technique_id": "T1056.004",
"technique": "Input Capture : Credential API Hooking",
"url": "https://attack.mitre.org/techniques/T1056/004"
},
{
"technique_id": "T1057",
"technique": "Process Discovery",
"url": "https://attack.mitre.org/techniques/T1057",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1059",
"technique": "Command and Scripting Interpreter",
"url": "https://attack.mitre.org/techniques/T1059",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1059.001",
"technique": "Command and Scripting Interpreter : PowerShell",
"url": "https://attack.mitre.org/techniques/T1059/001"
},
{
"technique_id": "T1059.002",
"technique": "Command and Scripting Interpreter : AppleScript",
"url": "https://attack.mitre.org/techniques/T1059/002"
},
{
"technique_id": "T1059.003",
"technique": "Command and Scripting Interpreter : Windows Command Shell",
"url": "https://attack.mitre.org/techniques/T1059/003"
},
{
"technique_id": "T1059.004",
"technique": "Command and Scripting Interpreter : Unix Shell",
"url": "https://attack.mitre.org/techniques/T1059/004"
},
{
"technique_id": "T1059.005",
"technique": "Command and Scripting Interpreter : Visual Basic",
"url": "https://attack.mitre.org/techniques/T1059/005"
},
{
"technique_id": "T1059.006",
"technique": "Command and Scripting Interpreter : Python",
"url": "https://attack.mitre.org/techniques/T1059/006"
},
{
"technique_id": "T1059.007",
"technique": "Command and Scripting Interpreter : JavaScript/JScript",
"url": "https://attack.mitre.org/techniques/T1059/007"
},
{
"technique_id": "T1068",
"technique": "Exploitation for Privilege Escalation",
"url": "https://attack.mitre.org/techniques/T1068",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1069",
"technique": "Permission Groups Discovery",
"url": "https://attack.mitre.org/techniques/T1069",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1069.001",
"technique": "Permission Groups Discovery : Local Groups",
"url": "https://attack.mitre.org/techniques/T1069/001"
},
{
"technique_id": "T1069.002",
"technique": "Permission Groups Discovery : Domain Groups",
"url": "https://attack.mitre.org/techniques/T1069/002"
},
{
"technique_id": "T1069.003",
"technique": "Permission Groups Discovery : Cloud Groups",
"url": "https://attack.mitre.org/techniques/T1069/003"
},
{
"technique_id": "T1070",
"technique": "Indicator Removal on Host",
"url": "https://attack.mitre.org/techniques/T1070",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1070.001",
"technique": "Indicator Removal on Host : Clear Windows Event Logs",
"url": "https://attack.mitre.org/techniques/T1070/001"
},
{
"technique_id": "T1070.002",
"technique": "Indicator Removal on Host : Clear Linux or Mac System Logs",
"url": "https://attack.mitre.org/techniques/T1070/002"
},
{
"technique_id": "T1070.003",
"technique": "Indicator Removal on Host : Clear Command History",
"url": "https://attack.mitre.org/techniques/T1070/003"
},
{
"technique_id": "T1070.004",
"technique": "Indicator Removal on Host : File Deletion",
"url": "https://attack.mitre.org/techniques/T1070/004"
},
{
"technique_id": "T1070.005",
"technique": "Indicator Removal on Host : Network Share Connection Removal",
"url": "https://attack.mitre.org/techniques/T1070/005"
},
{
"technique_id": "T1070.006",
"technique": "Indicator Removal on Host : Timestomp",
"url": "https://attack.mitre.org/techniques/T1070/006"
},
{
"technique_id": "T1071",
"technique": "Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1071",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1071.001",
"technique": "Application Layer Protocol : Web Protocols",
"url": "https://attack.mitre.org/techniques/T1071/001"
},
{
"technique_id": "T1071.002",
"technique": "Application Layer Protocol : File Transfer Protocols",
"url": "https://attack.mitre.org/techniques/T1071/002"
},
{
"technique_id": "T1071.003",
"technique": "Application Layer Protocol : Mail Protocols",
"url": "https://attack.mitre.org/techniques/T1071/003"
},
{
"technique_id": "T1071.004",
"technique": "Application Layer Protocol : DNS",
"url": "https://attack.mitre.org/techniques/T1071/004"
},
{
"technique_id": "T1072",
"technique": "Software Deployment Tools",
"url": "https://attack.mitre.org/techniques/T1072",
"tactic": [
"Execution",
"Lateral Movement"
]
},
{
"technique_id": "T1074",
"technique": "Data Staged",
"url": "https://attack.mitre.org/techniques/T1074",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1074.001",
"technique": "Data Staged : Local Data Staging",
"url": "https://attack.mitre.org/techniques/T1074/001"
},
{
"technique_id": "T1074.002",
"technique": "Data Staged : Remote Data Staging",
"url": "https://attack.mitre.org/techniques/T1074/002"
},
{
"technique_id": "T1078",
"technique": "Valid Accounts",
"url": "https://attack.mitre.org/techniques/T1078",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
]
},
{
"technique_id": "T1078.001",
"technique": "Valid Accounts : Default Accounts",
"url": "https://attack.mitre.org/techniques/T1078/001"
},
{
"technique_id": "T1078.002",
"technique": "Valid Accounts : Domain Accounts",
"url": "https://attack.mitre.org/techniques/T1078/002"
},
{
"technique_id": "T1078.003",
"technique": "Valid Accounts : Local Accounts",
"url": "https://attack.mitre.org/techniques/T1078/003"
},
{
"technique_id": "T1078.004",
"technique": "Valid Accounts : Cloud Accounts",
"url": "https://attack.mitre.org/techniques/T1078/004"
},
{
"technique_id": "T1080",
"technique": "Taint Shared Content",
"url": "https://attack.mitre.org/techniques/T1080",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1082",
"technique": "System Information Discovery",
"url": "https://attack.mitre.org/techniques/T1082",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1083",
"technique": "File and Directory Discovery",
"url": "https://attack.mitre.org/techniques/T1083",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1087",
"technique": "Account Discovery",
"url": "https://attack.mitre.org/techniques/T1087",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1087.001",
"technique": "Account Discovery : Local Account",
"url": "https://attack.mitre.org/techniques/T1087/001"
},
{
"technique_id": "T1087.002",
"technique": "Account Discovery : Domain Account",
"url": "https://attack.mitre.org/techniques/T1087/002"
},
{
"technique_id": "T1087.003",
"technique": "Account Discovery : Email Account",
"url": "https://attack.mitre.org/techniques/T1087/003"
},
{
"technique_id": "T1087.004",
"technique": "Account Discovery : Cloud Account",
"url": "https://attack.mitre.org/techniques/T1087/004"
},
{
"technique_id": "T1090",
"technique": "Proxy",
"url": "https://attack.mitre.org/techniques/T1090",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1090.001",
"technique": "Proxy : Internal Proxy",
"url": "https://attack.mitre.org/techniques/T1090/001"
},
{
"technique_id": "T1090.002",
"technique": "Proxy : External Proxy",
"url": "https://attack.mitre.org/techniques/T1090/002"
},
{
"technique_id": "T1090.003",
"technique": "Proxy : Multi-hop Proxy",
"url": "https://attack.mitre.org/techniques/T1090/003"
},
{
"technique_id": "T1090.004",
"technique": "Proxy : Domain Fronting",
"url": "https://attack.mitre.org/techniques/T1090/004"
},
{
"technique_id": "T1091",
"technique": "Replication Through Removable Media",
"url": "https://attack.mitre.org/techniques/T1091",
"tactic": [
"Lateral Movement",
"Initial Access"
]
},
{
"technique_id": "T1092",
"technique": "Communication Through Removable Media",
"url": "https://attack.mitre.org/techniques/T1092",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1095",
"technique": "Non-Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1095",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1098",
"technique": "Account Manipulation",
"url": "https://attack.mitre.org/techniques/T1098",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1098.001",
"technique": "Account Manipulation : Additional Azure Service Principal Credentials",
"url": "https://attack.mitre.org/techniques/T1098/001"
},
{
"technique_id": "T1098.002",
"technique": "Account Manipulation : Exchange Email Delegate Permissions",
"url": "https://attack.mitre.org/techniques/T1098/002"
},
{
"technique_id": "T1098.003",
"technique": "Account Manipulation : Add Office 365 Global Administrator Role",
"url": "https://attack.mitre.org/techniques/T1098/003"
},
{
"technique_id": "T1098.004",
"technique": "Account Manipulation : SSH Authorized Keys",
"url": "https://attack.mitre.org/techniques/T1098/004"
},
{
"technique_id": "T1102",
"technique": "Web Service",
"url": "https://attack.mitre.org/techniques/T1102",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1102.001",
"technique": "Web Service : Dead Drop Resolver",
"url": "https://attack.mitre.org/techniques/T1102/001"
},
{
"technique_id": "T1102.002",
"technique": "Web Service : Bidirectional Communication",
"url": "https://attack.mitre.org/techniques/T1102/002"
},
{
"technique_id": "T1102.003",
"technique": "Web Service : One-Way Communication",
"url": "https://attack.mitre.org/techniques/T1102/003"
},
{
"technique_id": "T1104",
"technique": "Multi-Stage Channels",
"url": "https://attack.mitre.org/techniques/T1104",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1105",
"technique": "Ingress Tool Transfer",
"url": "https://attack.mitre.org/techniques/T1105",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1106",
"technique": "Native API",
"url": "https://attack.mitre.org/techniques/T1106",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1110",
"technique": "Brute Force",
"url": "https://attack.mitre.org/techniques/T1110",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1110.001",
"technique": "Brute Force : Password Guessing",
"url": "https://attack.mitre.org/techniques/T1110/001"
},
{
"technique_id": "T1110.002",
"technique": "Brute Force : Password Cracking",
"url": "https://attack.mitre.org/techniques/T1110/002"
},
{
"technique_id": "T1110.003",
"technique": "Brute Force : Password Spraying",
"url": "https://attack.mitre.org/techniques/T1110/003"
},
{
"technique_id": "T1110.004",
"technique": "Brute Force : Credential Stuffing",
"url": "https://attack.mitre.org/techniques/T1110/004"
},
{
"technique_id": "T1111",
"technique": "Two-Factor Authentication Interception",
"url": "https://attack.mitre.org/techniques/T1111",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1112",
"technique": "Modify Registry",
"url": "https://attack.mitre.org/techniques/T1112",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1113",
"technique": "Screen Capture",
"url": "https://attack.mitre.org/techniques/T1113",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1114",
"technique": "Email Collection",
"url": "https://attack.mitre.org/techniques/T1114",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1114.001",
"technique": "Email Collection : Local Email Collection",
"url": "https://attack.mitre.org/techniques/T1114/001"
},
{
"technique_id": "T1114.002",
"technique": "Email Collection : Remote Email Collection",
"url": "https://attack.mitre.org/techniques/T1114/002"
},
{
"technique_id": "T1114.003",
"technique": "Email Collection : Email Forwarding Rule",
"url": "https://attack.mitre.org/techniques/T1114/003"
},
{
"technique_id": "T1115",
"technique": "Clipboard Data",
"url": "https://attack.mitre.org/techniques/T1115",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1119",
"technique": "Automated Collection",
"url": "https://attack.mitre.org/techniques/T1119",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1120",
"technique": "Peripheral Device Discovery",
"url": "https://attack.mitre.org/techniques/T1120",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1123",
"technique": "Audio Capture",
"url": "https://attack.mitre.org/techniques/T1123",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1124",
"technique": "System Time Discovery",
"url": "https://attack.mitre.org/techniques/T1124",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1125",
"technique": "Video Capture",
"url": "https://attack.mitre.org/techniques/T1125",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1127",
"technique": "Trusted Developer Utilities Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1127",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1127.001",
"technique": "Trusted Developer Utilities Proxy Execution : MSBuild",
"url": "https://attack.mitre.org/techniques/T1127/001"
},
{
"technique_id": "T1129",
"technique": "Shared Modules",
"url": "https://attack.mitre.org/techniques/T1129",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1132",
"technique": "Data Encoding",
"url": "https://attack.mitre.org/techniques/T1132",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1132.001",
"technique": "Data Encoding : Standard Encoding",
"url": "https://attack.mitre.org/techniques/T1132/001"
},
{
"technique_id": "T1132.002",
"technique": "Data Encoding : Non-Standard Encoding",
"url": "https://attack.mitre.org/techniques/T1132/002"
},
{
"technique_id": "T1133",
"technique": "External Remote Services",
"url": "https://attack.mitre.org/techniques/T1133",
"tactic": [
"Persistence",
"Initial Access"
]
},
{
"technique_id": "T1134",
"technique": "Access Token Manipulation",
"url": "https://attack.mitre.org/techniques/T1134",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1134.001",
"technique": "Access Token Manipulation : Token Impersonation/Theft",
"url": "https://attack.mitre.org/techniques/T1134/001"
},
{
"technique_id": "T1134.002",
"technique": "Access Token Manipulation : Create Process with Token",
"url": "https://attack.mitre.org/techniques/T1134/002"
},
{
"technique_id": "T1134.003",
"technique": "Access Token Manipulation : Make and Impersonate Token",
"url": "https://attack.mitre.org/techniques/T1134/003"
},
{
"technique_id": "T1134.004",
"technique": "Access Token Manipulation : Parent PID Spoofing",
"url": "https://attack.mitre.org/techniques/T1134/004"
},
{
"technique_id": "T1134.005",
"technique": "Access Token Manipulation : SID-History Injection",
"url": "https://attack.mitre.org/techniques/T1134/005"
},
{
"technique_id": "T1135",
"technique": "Network Share Discovery",
"url": "https://attack.mitre.org/techniques/T1135",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1136",
"technique": "Create Account",
"url": "https://attack.mitre.org/techniques/T1136",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1136.001",
"technique": "Create Account : Local Account",
"url": "https://attack.mitre.org/techniques/T1136/001"
},
{
"technique_id": "T1136.002",
"technique": "Create Account : Domain Account",
"url": "https://attack.mitre.org/techniques/T1136/002"
},
{
"technique_id": "T1136.003",
"technique": "Create Account : Cloud Account",
"url": "https://attack.mitre.org/techniques/T1136/003"
},
{
"technique_id": "T1137",
"technique": "Office Application Startup",
"url": "https://attack.mitre.org/techniques/T1137",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1137.001",
"technique": "Office Application Startup : Office Template Macros",
"url": "https://attack.mitre.org/techniques/T1137/001"
},
{
"technique_id": "T1137.002",
"technique": "Office Application Startup : Office Test",
"url": "https://attack.mitre.org/techniques/T1137/002"
},
{
"technique_id": "T1137.003",
"technique": "Office Application Startup : Outlook Forms",
"url": "https://attack.mitre.org/techniques/T1137/003"
},
{
"technique_id": "T1137.004",
"technique": "Office Application Startup : Outlook Home Page",
"url": "https://attack.mitre.org/techniques/T1137/004"
},
{
"technique_id": "T1137.005",
"technique": "Office Application Startup : Outlook Rules",
"url": "https://attack.mitre.org/techniques/T1137/005"
},
{
"technique_id": "T1137.006",
"technique": "Office Application Startup : Add-ins",
"url": "https://attack.mitre.org/techniques/T1137/006"
},
{
"technique_id": "T1140",
"technique": "Deobfuscate/Decode Files or Information",
"url": "https://attack.mitre.org/techniques/T1140",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1176",
"technique": "Browser Extensions",
"url": "https://attack.mitre.org/techniques/T1176",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1185",
"technique": "Man in the Browser",
"url": "https://attack.mitre.org/techniques/T1185",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1187",
"technique": "Forced Authentication",
"url": "https://attack.mitre.org/techniques/T1187",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1189",
"technique": "Drive-by Compromise",
"url": "https://attack.mitre.org/techniques/T1189",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1190",
"technique": "Exploit Public-Facing Application",
"url": "https://attack.mitre.org/techniques/T1190",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1195",
"technique": "Supply Chain Compromise",
"url": "https://attack.mitre.org/techniques/T1195",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1195.001",
"technique": "Supply Chain Compromise : Compromise Software Dependencies and Development Tools",
"url": "https://attack.mitre.org/techniques/T1195/001"
},
{
"technique_id": "T1195.002",
"technique": "Supply Chain Compromise : Compromise Software Supply Chain",
"url": "https://attack.mitre.org/techniques/T1195/002"
},
{
"technique_id": "T1195.003",
"technique": "Supply Chain Compromise : Compromise Hardware Supply Chain",
"url": "https://attack.mitre.org/techniques/T1195/003"
},
{
"technique_id": "T1197",
"technique": "BITS Jobs",
"url": "https://attack.mitre.org/techniques/T1197",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1199",
"technique": "Trusted Relationship",
"url": "https://attack.mitre.org/techniques/T1199",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1200",
"technique": "Hardware Additions",
"url": "https://attack.mitre.org/techniques/T1200",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1201",
"technique": "Password Policy Discovery",
"url": "https://attack.mitre.org/techniques/T1201",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1202",
"technique": "Indirect Command Execution",
"url": "https://attack.mitre.org/techniques/T1202",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1203",
"technique": "Exploitation for Client Execution",
"url": "https://attack.mitre.org/techniques/T1203",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1204",
"technique": "User Execution",
"url": "https://attack.mitre.org/techniques/T1204",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1204.001",
"technique": "User Execution : Malicious Link",
"url": "https://attack.mitre.org/techniques/T1204/001"
},
{
"technique_id": "T1204.002",
"technique": "User Execution : Malicious File",
"url": "https://attack.mitre.org/techniques/T1204/002"
},
{
"technique_id": "T1205",
"technique": "Traffic Signaling",
"url": "https://attack.mitre.org/techniques/T1205",
"tactic": [
"Defense Evasion",
"Persistence",
"Command and Control"
]
},
{
"technique_id": "T1205.001",
"technique": "Traffic Signaling : Port Knocking",
"url": "https://attack.mitre.org/techniques/T1205/001"
},
{
"technique_id": "T1207",
"technique": "Rogue Domain Controller",
"url": "https://attack.mitre.org/techniques/T1207",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1210",
"technique": "Exploitation of Remote Services",
"url": "https://attack.mitre.org/techniques/T1210",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1211",
"technique": "Exploitation for Defense Evasion",
"url": "https://attack.mitre.org/techniques/T1211",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1212",
"technique": "Exploitation for Credential Access",
"url": "https://attack.mitre.org/techniques/T1212",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1213",
"technique": "Data from Information Repositories",
"url": "https://attack.mitre.org/techniques/T1213",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1213.001",
"technique": "Data from Information Repositories : Confluence",
"url": "https://attack.mitre.org/techniques/T1213/001"
},
{
"technique_id": "T1213.002",
"technique": "Data from Information Repositories : Sharepoint",
"url": "https://attack.mitre.org/techniques/T1213/002"
},
{
"technique_id": "T1216",
"technique": "Signed Script Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1216",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1216.001",
"technique": "Signed Script Proxy Execution : PubPrn",
"url": "https://attack.mitre.org/techniques/T1216/001"
},
{
"technique_id": "T1217",
"technique": "Browser Bookmark Discovery",
"url": "https://attack.mitre.org/techniques/T1217",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1218",
"technique": "Signed Binary Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1218",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1218.001",
"technique": "Signed Binary Proxy Execution : Compiled HTML File",
"url": "https://attack.mitre.org/techniques/T1218/001"
},
{
"technique_id": "T1218.002",
"technique": "Signed Binary Proxy Execution : Control Panel",
"url": "https://attack.mitre.org/techniques/T1218/002"
},
{
"technique_id": "T1218.003",
"technique": "Signed Binary Proxy Execution : CMSTP",
"url": "https://attack.mitre.org/techniques/T1218/003"
},
{
"technique_id": "T1218.004",
"technique": "Signed Binary Proxy Execution : InstallUtil",
"url": "https://attack.mitre.org/techniques/T1218/004"
},
{
"technique_id": "T1218.005",
"technique": "Signed Binary Proxy Execution : Mshta",
"url": "https://attack.mitre.org/techniques/T1218/005"
},
{
"technique_id": "T1218.007",
"technique": "Signed Binary Proxy Execution : Msiexec",
"url": "https://attack.mitre.org/techniques/T1218/007"
},
{
"technique_id": "T1218.008",
"technique": "Signed Binary Proxy Execution : Odbcconf",
"url": "https://attack.mitre.org/techniques/T1218/008"
},
{
"technique_id": "T1218.009",
"technique": "Signed Binary Proxy Execution : Regsvcs/Regasm",
"url": "https://attack.mitre.org/techniques/T1218/009"
},
{
"technique_id": "T1218.010",
"technique": "Signed Binary Proxy Execution : Regsvr32",
"url": "https://attack.mitre.org/techniques/T1218/010"
},
{
"technique_id": "T1218.011",
"technique": "Signed Binary Proxy Execution : Rundll32",
"url": "https://attack.mitre.org/techniques/T1218/011"
},
{
"technique_id": "T1219",
"technique": "Remote Access Software",
"url": "https://attack.mitre.org/techniques/T1219",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1220",
"technique": "XSL Script Processing",
"url": "https://attack.mitre.org/techniques/T1220",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1221",
"technique": "Template Injection",
"url": "https://attack.mitre.org/techniques/T1221",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1222",
"technique": "File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1222.001",
"technique": "File and Directory Permissions Modification : Windows File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222/001"
},
{
"technique_id": "T1222.002",
"technique": "File and Directory Permissions Modification : Linux and Mac File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222/002"
},
{
"technique_id": "T1224",
"technique": "Assess leadership areas of interest",
"url": "https://attack.mitre.org/techniques/T1224",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1225",
"technique": "Identify gap areas",
"url": "https://attack.mitre.org/techniques/T1225",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1226",
"technique": "Conduct cost/benefit analysis",
"url": "https://attack.mitre.org/techniques/T1226",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1227",
"technique": "Develop KITs/KIQs",
"url": "https://attack.mitre.org/techniques/T1227",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1228",
"technique": "Assign KITs/KIQs into categories",
"url": "https://attack.mitre.org/techniques/T1228",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1229",
"technique": "Assess KITs/KIQs benefits",
"url": "https://attack.mitre.org/techniques/T1229",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1230",
"technique": "Derive intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1230",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1231",
"technique": "Create strategic plan",
"url": "https://attack.mitre.org/techniques/T1231",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1232",
"technique": "Create implementation plan",
"url": "https://attack.mitre.org/techniques/T1232",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1233",
"technique": "Identify analyst level gaps",
"url": "https://attack.mitre.org/techniques/T1233",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1234",
"technique": "Generate analyst intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1234",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1235",
"technique": "Receive operator KITs/KIQs tasking",
"url": "https://attack.mitre.org/techniques/T1235",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1236",
"technique": "Assess current holdings, needs, and wants",
"url": "https://attack.mitre.org/techniques/T1236",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1237",
"technique": "Submit KITs, KIQs, and intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1237",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1238",
"technique": "Assign KITs, KIQs, and/or intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1238",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1239",
"technique": "Receive KITs/KIQs and determine requirements",
"url": "https://attack.mitre.org/techniques/T1239",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1240",
"technique": "Task requirements",
"url": "https://attack.mitre.org/techniques/T1240",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1241",
"technique": "Determine strategic target",
"url": "https://attack.mitre.org/techniques/T1241",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1242",
"technique": "Determine operational element",
"url": "https://attack.mitre.org/techniques/T1242",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1243",
"technique": "Determine highest level tactical element",
"url": "https://attack.mitre.org/techniques/T1243",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1244",
"technique": "Determine secondary level tactical element",
"url": "https://attack.mitre.org/techniques/T1244",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1245",
"technique": "Determine approach/attack vector",
"url": "https://attack.mitre.org/techniques/T1245",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1246",
"technique": "Identify supply chains",
"url": "https://attack.mitre.org/techniques/T1246",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1247",
"technique": "Acquire OSINT data sets and information",
"url": "https://attack.mitre.org/techniques/T1247",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1248",
"technique": "Identify job postings and needs/gaps",
"url": "https://attack.mitre.org/techniques/T1248",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1249",
"technique": "Conduct social engineering",
"url": "https://attack.mitre.org/techniques/T1249",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1250",
"technique": "Determine domain and IP address space",
"url": "https://attack.mitre.org/techniques/T1250",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1251",
"technique": "Obtain domain/IP registration information",
"url": "https://attack.mitre.org/techniques/T1251",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1252",
"technique": "Map network topology",
"url": "https://attack.mitre.org/techniques/T1252",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1253",
"technique": "Conduct passive scanning",
"url": "https://attack.mitre.org/techniques/T1253",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1254",
"technique": "Conduct active scanning",
"url": "https://attack.mitre.org/techniques/T1254",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1255",
"technique": "Discover target logon/email address format",
"url": "https://attack.mitre.org/techniques/T1255",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1256",
"technique": "Identify web defensive services",
"url": "https://attack.mitre.org/techniques/T1256",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1257",
"technique": "Mine technical blogs/forums",
"url": "https://attack.mitre.org/techniques/T1257",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1258",
"technique": "Determine firmware version",
"url": "https://attack.mitre.org/techniques/T1258",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1259",
"technique": "Determine external network trust dependencies",
"url": "https://attack.mitre.org/techniques/T1259",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1260",
"technique": "Determine 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1260",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1261",
"technique": "Enumerate externally facing software applications technologies, languages, and dependencies",
"url": "https://attack.mitre.org/techniques/T1261",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1262",
"technique": "Enumerate client configurations",
"url": "https://attack.mitre.org/techniques/T1262",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1263",
"technique": "Identify security defensive capabilities",
"url": "https://attack.mitre.org/techniques/T1263",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1264",
"technique": "Identify technology usage patterns",
"url": "https://attack.mitre.org/techniques/T1264",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1265",
"technique": "Identify supply chains",
"url": "https://attack.mitre.org/techniques/T1265",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1266",
"technique": "Acquire OSINT data sets and information",
"url": "https://attack.mitre.org/techniques/T1266",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1267",
"technique": "Identify job postings and needs/gaps",
"url": "https://attack.mitre.org/techniques/T1267",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1268",
"technique": "Conduct social engineering",
"url": "https://attack.mitre.org/techniques/T1268",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1269",
"technique": "Identify people of interest",
"url": "https://attack.mitre.org/techniques/T1269",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1270",
"technique": "Identify groups/roles",
"url": "https://attack.mitre.org/techniques/T1270",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1271",
"technique": "Identify personnel with an authority/privilege",
"url": "https://attack.mitre.org/techniques/T1271",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1272",
"technique": "Identify business relationships",
"url": "https://attack.mitre.org/techniques/T1272",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1273",
"technique": "Mine social media",
"url": "https://attack.mitre.org/techniques/T1273",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1274",
"technique": "Identify sensitive personnel information",
"url": "https://attack.mitre.org/techniques/T1274",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1275",
"technique": "Aggregate individual's digital footprint",
"url": "https://attack.mitre.org/techniques/T1275",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1276",
"technique": "Identify supply chains",
"url": "https://attack.mitre.org/techniques/T1276",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1277",
"technique": "Acquire OSINT data sets and information",
"url": "https://attack.mitre.org/techniques/T1277",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1278",
"technique": "Identify job postings and needs/gaps",
"url": "https://attack.mitre.org/techniques/T1278",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1279",
"technique": "Conduct social engineering",
"url": "https://attack.mitre.org/techniques/T1279",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1280",
"technique": "Identify business processes/tempo",
"url": "https://attack.mitre.org/techniques/T1280",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1281",
"technique": "Obtain templates/branding materials",
"url": "https://attack.mitre.org/techniques/T1281",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1282",
"technique": "Determine physical locations",
"url": "https://attack.mitre.org/techniques/T1282",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1283",
"technique": "Identify business relationships",
"url": "https://attack.mitre.org/techniques/T1283",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1284",
"technique": "Determine 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1284",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1285",
"technique": "Determine centralization of IT management",
"url": "https://attack.mitre.org/techniques/T1285",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1286",
"technique": "Dumpster dive",
"url": "https://attack.mitre.org/techniques/T1286",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1287",
"technique": "Analyze data collected",
"url": "https://attack.mitre.org/techniques/T1287",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1288",
"technique": "Analyze architecture and configuration posture",
"url": "https://attack.mitre.org/techniques/T1288",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1289",
"technique": "Analyze organizational skillsets and deficiencies",
"url": "https://attack.mitre.org/techniques/T1289",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1290",
"technique": "Research visibility gap of security vendors",
"url": "https://attack.mitre.org/techniques/T1290",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1291",
"technique": "Research relevant vulnerabilities/CVEs",
"url": "https://attack.mitre.org/techniques/T1291",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1292",
"technique": "Test signature detection",
"url": "https://attack.mitre.org/techniques/T1292",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1293",
"technique": "Analyze application security posture",
"url": "https://attack.mitre.org/techniques/T1293",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1294",
"technique": "Analyze hardware/software security defensive capabilities",
"url": "https://attack.mitre.org/techniques/T1294",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1295",
"technique": "Analyze social and business relationships, interests, and affiliations",
"url": "https://attack.mitre.org/techniques/T1295",
"tactic": [
"People Weakness Identification"
]
},
{
"technique_id": "T1296",
"technique": "Assess targeting options",
"url": "https://attack.mitre.org/techniques/T1296",
"tactic": [
"People Weakness Identification"
]
},
{
"technique_id": "T1297",
"technique": "Analyze organizational skillsets and deficiencies",
"url": "https://attack.mitre.org/techniques/T1297",
"tactic": [
"People Weakness Identification"
]
},
{
"technique_id": "T1298",
"technique": "Assess vulnerability of 3rd party vendors",
"url": "https://attack.mitre.org/techniques/T1298",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1299",
"technique": "Assess opportunities created by business deals",
"url": "https://attack.mitre.org/techniques/T1299",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1300",
"technique": "Analyze organizational skillsets and deficiencies",
"url": "https://attack.mitre.org/techniques/T1300",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1301",
"technique": "Analyze business processes",
"url": "https://attack.mitre.org/techniques/T1301",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1302",
"technique": "Assess security posture of physical locations",
"url": "https://attack.mitre.org/techniques/T1302",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1303",
"technique": "Analyze presence of outsourced capabilities",
"url": "https://attack.mitre.org/techniques/T1303",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1304",
"technique": "Proxy/protocol relays",
"url": "https://attack.mitre.org/techniques/T1304",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1305",
"technique": "Private whois services",
"url": "https://attack.mitre.org/techniques/T1305",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1306",
"technique": "Anonymity services",
"url": "https://attack.mitre.org/techniques/T1306",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1307",
"technique": "Acquire and/or use 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1307",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1308",
"technique": "Acquire and/or use 3rd party software services",
"url": "https://attack.mitre.org/techniques/T1308",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1309",
"technique": "Obfuscate infrastructure",
"url": "https://attack.mitre.org/techniques/T1309",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1310",
"technique": "Acquire or compromise 3rd party signing certificates",
"url": "https://attack.mitre.org/techniques/T1310",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1311",
"technique": "Dynamic DNS",
"url": "https://attack.mitre.org/techniques/T1311",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1312",
"technique": "Compromise 3rd party infrastructure to support delivery",
"url": "https://attack.mitre.org/techniques/T1312",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1313",
"technique": "Obfuscation or cryptography",
"url": "https://attack.mitre.org/techniques/T1313",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1314",
"technique": "Host-based hiding techniques",
"url": "https://attack.mitre.org/techniques/T1314",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1315",
"technique": "Network-based hiding techniques",
"url": "https://attack.mitre.org/techniques/T1315",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1316",
"technique": "Non-traditional or less attributable payment options",
"url": "https://attack.mitre.org/techniques/T1316",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1317",
"technique": "Secure and protect infrastructure",
"url": "https://attack.mitre.org/techniques/T1317",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1318",
"technique": "Obfuscate operational infrastructure",
"url": "https://attack.mitre.org/techniques/T1318",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1319",
"technique": "Obfuscate or encrypt code",
"url": "https://attack.mitre.org/techniques/T1319",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1320",
"technique": "Data Hiding",
"url": "https://attack.mitre.org/techniques/T1320",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1321",
"technique": "Common, high volume protocols and software",
"url": "https://attack.mitre.org/techniques/T1321",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1322",
"technique": "Misattributable credentials",
"url": "https://attack.mitre.org/techniques/T1322",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1326",
"technique": "Domain registration hijacking",
"url": "https://attack.mitre.org/techniques/T1326",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1327",
"technique": "Use multiple DNS infrastructures",
"url": "https://attack.mitre.org/techniques/T1327",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1328",
"technique": "Buy domain name",
"url": "https://attack.mitre.org/techniques/T1328",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1329",
"technique": "Acquire and/or use 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1329",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1330",
"technique": "Acquire and/or use 3rd party software services",
"url": "https://attack.mitre.org/techniques/T1330",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1331",
"technique": "Obfuscate infrastructure",
"url": "https://attack.mitre.org/techniques/T1331",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1332",
"technique": "Acquire or compromise 3rd party signing certificates",
"url": "https://attack.mitre.org/techniques/T1332",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1333",
"technique": "Dynamic DNS",
"url": "https://attack.mitre.org/techniques/T1333",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1334",
"technique": "Compromise 3rd party infrastructure to support delivery",
"url": "https://attack.mitre.org/techniques/T1334",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1335",
"technique": "Procure required equipment and software",
"url": "https://attack.mitre.org/techniques/T1335",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1336",
"technique": "Install and configure hardware, network, and systems",
"url": "https://attack.mitre.org/techniques/T1336",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1337",
"technique": "SSL certificate acquisition for domain",
"url": "https://attack.mitre.org/techniques/T1337",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1338",
"technique": "SSL certificate acquisition for trust breaking",
"url": "https://attack.mitre.org/techniques/T1338",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1339",
"technique": "Create backup infrastructure",
"url": "https://attack.mitre.org/techniques/T1339",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1340",
"technique": "Shadow DNS",
"url": "https://attack.mitre.org/techniques/T1340",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1341",
"technique": "Build social network persona",
"url": "https://attack.mitre.org/techniques/T1341",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1342",
"technique": "Develop social network persona digital footprint",
"url": "https://attack.mitre.org/techniques/T1342",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1343",
"technique": "Choose pre-compromised persona and affiliated accounts",
"url": "https://attack.mitre.org/techniques/T1343",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1344",
"technique": "Friend/Follow/Connect to targets of interest",
"url": "https://attack.mitre.org/techniques/T1344",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1345",
"technique": "Create custom payloads",
"url": "https://attack.mitre.org/techniques/T1345",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1346",
"technique": "Obtain/re-use payloads",
"url": "https://attack.mitre.org/techniques/T1346",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1347",
"technique": "Build and configure delivery systems",
"url": "https://attack.mitre.org/techniques/T1347",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1348",
"technique": "Identify resources required to build capabilities",
"url": "https://attack.mitre.org/techniques/T1348",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1349",
"technique": "Build or acquire exploits",
"url": "https://attack.mitre.org/techniques/T1349",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1350",
"technique": "Discover new exploits and monitor exploit-provider forums",
"url": "https://attack.mitre.org/techniques/T1350",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1351",
"technique": "Remote access tool development",
"url": "https://attack.mitre.org/techniques/T1351",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1352",
"technique": "C2 protocol development",
"url": "https://attack.mitre.org/techniques/T1352",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1353",
"technique": "Post compromise tool development",
"url": "https://attack.mitre.org/techniques/T1353",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1354",
"technique": "Compromise 3rd party or closed-source vulnerability/exploit information",
"url": "https://attack.mitre.org/techniques/T1354",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1355",
"technique": "Create infected removable media",
"url": "https://attack.mitre.org/techniques/T1355",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1356",
"technique": "Test callback functionality",
"url": "https://attack.mitre.org/techniques/T1356",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1357",
"technique": "Test malware in various execution environments",
"url": "https://attack.mitre.org/techniques/T1357",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1358",
"technique": "Review logs and residual traces",
"url": "https://attack.mitre.org/techniques/T1358",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1359",
"technique": "Test malware to evade detection",
"url": "https://attack.mitre.org/techniques/T1359",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1360",
"technique": "Test physical access",
"url": "https://attack.mitre.org/techniques/T1360",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1361",
"technique": "Test signature detection for file upload/email filters",
"url": "https://attack.mitre.org/techniques/T1361",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1362",
"technique": "Upload, install, and configure software/tools",
"url": "https://attack.mitre.org/techniques/T1362",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1363",
"technique": "Port redirector",
"url": "https://attack.mitre.org/techniques/T1363",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1364",
"technique": "Friend/Follow/Connect to targets of interest",
"url": "https://attack.mitre.org/techniques/T1364",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1365",
"technique": "Hardware or software supply chain implant",
"url": "https://attack.mitre.org/techniques/T1365",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1379",
"technique": "Disseminate removable media",
"url": "https://attack.mitre.org/techniques/T1379",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1389",
"technique": "Identify vulnerabilities in third-party software libraries",
"url": "https://attack.mitre.org/techniques/T1389",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1390",
"technique": "OS-vendor provided communication channels",
"url": "https://attack.mitre.org/techniques/T1390",
"tactic": [
"Adversary OPSEC"
]
},
{
"technique_id": "T1391",
"technique": "Choose pre-compromised mobile app developer account credentials or signing keys",
"url": "https://attack.mitre.org/techniques/T1391",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1392",
"technique": "Obtain Apple iOS enterprise distribution key pair and certificate",
"url": "https://attack.mitre.org/techniques/T1392",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1393",
"technique": "Test ability to evade automated mobile application security analysis performed by app stores",
"url": "https://attack.mitre.org/techniques/T1393",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1394",
"technique": "Distribute malicious software development tools",
"url": "https://attack.mitre.org/techniques/T1394",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1396",
"technique": "Obtain booter/stressor subscription",
"url": "https://attack.mitre.org/techniques/T1396",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1397",
"technique": "Spearphishing for Information",
"url": "https://attack.mitre.org/techniques/T1397",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1398",
"technique": "Modify OS Kernel or Boot Partition",
"url": "https://attack.mitre.org/techniques/T1398",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1399",
"technique": "Modify Trusted Execution Environment",
"url": "https://attack.mitre.org/techniques/T1399",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1400",
"technique": "Modify System Partition",
"url": "https://attack.mitre.org/techniques/T1400",
"tactic": [
"Defense Evasion",
"Persistence",
"Impact"
]
},
{
"technique_id": "T1401",
"technique": "Abuse Device Administrator Access to Prevent Removal",
"url": "https://attack.mitre.org/techniques/T1401",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1402",
"technique": "Broadcast Receivers",
"url": "https://attack.mitre.org/techniques/T1402",
"tactic": [
"Persistence",
"Execution"
]
},
{
"technique_id": "T1403",
"technique": "Modify Cached Executable Code",
"url": "https://attack.mitre.org/techniques/T1403",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1404",
"technique": "Exploit OS Vulnerability",
"url": "https://attack.mitre.org/techniques/T1404",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1405",
"technique": "Exploit TEE Vulnerability",
"url": "https://attack.mitre.org/techniques/T1405",
"tactic": [
"Credential Access",
"Privilege Escalation"
]
},
{
"technique_id": "T1406",
"technique": "Obfuscated Files or Information",
"url": "https://attack.mitre.org/techniques/T1406",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1407",
"technique": "Download New Code at Runtime",
"url": "https://attack.mitre.org/techniques/T1407",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1408",
"technique": "Disguise Root/Jailbreak Indicators",
"url": "https://attack.mitre.org/techniques/T1408",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1409",
"technique": "Access Stored Application Data",
"url": "https://attack.mitre.org/techniques/T1409",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1410",
"technique": "Network Traffic Capture or Redirection",
"url": "https://attack.mitre.org/techniques/T1410",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1411",
"technique": "Input Prompt",
"url": "https://attack.mitre.org/techniques/T1411",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1412",
"technique": "Capture SMS Messages",
"url": "https://attack.mitre.org/techniques/T1412",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1413",
"technique": "Access Sensitive Data in Device Logs",
"url": "https://attack.mitre.org/techniques/T1413",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1414",
"technique": "Capture Clipboard Data",
"url": "https://attack.mitre.org/techniques/T1414",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1415",
"technique": "URL Scheme Hijacking",
"url": "https://attack.mitre.org/techniques/T1415",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1416",
"technique": "Android Intent Hijacking",
"url": "https://attack.mitre.org/techniques/T1416",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1417",
"technique": "Input Capture",
"url": "https://attack.mitre.org/techniques/T1417",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1418",
"technique": "Application Discovery",
"url": "https://attack.mitre.org/techniques/T1418",
"tactic": [
"Defense Evasion",
"Discovery"
]
},
{
"technique_id": "T1420",
"technique": "File and Directory Discovery",
"url": "https://attack.mitre.org/techniques/T1420",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1421",
"technique": "System Network Connections Discovery",
"url": "https://attack.mitre.org/techniques/T1421",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1422",
"technique": "System Network Configuration Discovery",
"url": "https://attack.mitre.org/techniques/T1422",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1423",
"technique": "Network Service Scanning",
"url": "https://attack.mitre.org/techniques/T1423",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1424",
"technique": "Process Discovery",
"url": "https://attack.mitre.org/techniques/T1424",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1426",
"technique": "System Information Discovery",
"url": "https://attack.mitre.org/techniques/T1426",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1427",
"technique": "Attack PC via USB Connection",
"url": "https://attack.mitre.org/techniques/T1427",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1428",
"technique": "Exploit Enterprise Resources",
"url": "https://attack.mitre.org/techniques/T1428",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1429",
"technique": "Capture Audio",
"url": "https://attack.mitre.org/techniques/T1429",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1430",
"technique": "Location Tracking",
"url": "https://attack.mitre.org/techniques/T1430",
"tactic": [
"Collection",
"Discovery"
]
},
{
"technique_id": "T1432",
"technique": "Access Contact List",
"url": "https://attack.mitre.org/techniques/T1432",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1433",
"technique": "Access Call Log",
"url": "https://attack.mitre.org/techniques/T1433",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1435",
"technique": "Access Calendar Entries",
"url": "https://attack.mitre.org/techniques/T1435",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1436",
"technique": "Commonly Used Port",
"url": "https://attack.mitre.org/techniques/T1436",
"tactic": [
"Command and Control",
"Exfiltration"
]
},
{
"technique_id": "T1437",
"technique": "Standard Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1437",
"tactic": [
"Command and Control",
"Exfiltration"
]
},
{
"technique_id": "T1438",
"technique": "Alternate Network Mediums",
"url": "https://attack.mitre.org/techniques/T1438",
"tactic": [
"Command and Control",
"Exfiltration"
]
},
{
"technique_id": "T1439",
"technique": "Eavesdrop on Insecure Network Communication",
"url": "https://attack.mitre.org/techniques/T1439",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1444",
"technique": "Masquerade as Legitimate Application",
"url": "https://attack.mitre.org/techniques/T1444",
"tactic": [
"Initial Access",
"Defense Evasion"
]
},
{
"technique_id": "T1446",
"technique": "Device Lockout",
"url": "https://attack.mitre.org/techniques/T1446",
"tactic": [
"Impact",
"Defense Evasion"
]
},
{
"technique_id": "T1447",
"technique": "Delete Device Data",
"url": "https://attack.mitre.org/techniques/T1447",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1448",
"technique": "Carrier Billing Fraud",
"url": "https://attack.mitre.org/techniques/T1448",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1449",
"technique": "Exploit SS7 to Redirect Phone Calls/SMS",
"url": "https://attack.mitre.org/techniques/T1449",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1450",
"technique": "Exploit SS7 to Track Device Location",
"url": "https://attack.mitre.org/techniques/T1450",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1451",
"technique": "SIM Card Swap",
"url": "https://attack.mitre.org/techniques/T1451",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1452",
"technique": "Manipulate App Store Rankings or Ratings",
"url": "https://attack.mitre.org/techniques/T1452",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1456",
"technique": "Drive-by Compromise",
"url": "https://attack.mitre.org/techniques/T1456",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1458",
"technique": "Exploit via Charging Station or PC",
"url": "https://attack.mitre.org/techniques/T1458",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1461",
"technique": "Lockscreen Bypass",
"url": "https://attack.mitre.org/techniques/T1461",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1463",
"technique": "Manipulate Device Communication",
"url": "https://attack.mitre.org/techniques/T1463",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1464",
"technique": "Jamming or Denial of Service",
"url": "https://attack.mitre.org/techniques/T1464",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1465",
"technique": "Rogue Wi-Fi Access Points",
"url": "https://attack.mitre.org/techniques/T1465",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1466",
"technique": "Downgrade to Insecure Protocols",
"url": "https://attack.mitre.org/techniques/T1466",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1467",
"technique": "Rogue Cellular Base Station",
"url": "https://attack.mitre.org/techniques/T1467",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1468",
"technique": "Remotely Track Device Without Authorization",
"url": "https://attack.mitre.org/techniques/T1468",
"tactic": [
"Remote Service Effects"
]
},
{
"technique_id": "T1469",
"technique": "Remotely Wipe Data Without Authorization",
"url": "https://attack.mitre.org/techniques/T1469",
"tactic": [
"Remote Service Effects"
]
},
{
"technique_id": "T1470",
"technique": "Obtain Device Cloud Backups",
"url": "https://attack.mitre.org/techniques/T1470",
"tactic": [
"Remote Service Effects"
]
},
{
"technique_id": "T1471",
"technique": "Data Encrypted for Impact",
"url": "https://attack.mitre.org/techniques/T1471",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1472",
"technique": "Generate Fraudulent Advertising Revenue",
"url": "https://attack.mitre.org/techniques/T1472",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1474",
"technique": "Supply Chain Compromise",
"url": "https://attack.mitre.org/techniques/T1474",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1475",
"technique": "Deliver Malicious App via Authorized App Store",
"url": "https://attack.mitre.org/techniques/T1475",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1476",
"technique": "Deliver Malicious App via Other Means",
"url": "https://attack.mitre.org/techniques/T1476",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1477",
"technique": "Exploit via Radio Interfaces",
"url": "https://attack.mitre.org/techniques/T1477",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1478",
"technique": "Install Insecure or Malicious Configuration",
"url": "https://attack.mitre.org/techniques/T1478",
"tactic": [
"Defense Evasion",
"Initial Access"
]
},
{
"technique_id": "T1480",
"technique": "Execution Guardrails",
"url": "https://attack.mitre.org/techniques/T1480",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1480.001",
"technique": "Execution Guardrails : Environmental Keying",
"url": "https://attack.mitre.org/techniques/T1480/001"
},
{
"technique_id": "T1481",
"technique": "Web Service",
"url": "https://attack.mitre.org/techniques/T1481",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1482",
"technique": "Domain Trust Discovery",
"url": "https://attack.mitre.org/techniques/T1482",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1484",
"technique": "Group Policy Modification",
"url": "https://attack.mitre.org/techniques/T1484",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1485",
"technique": "Data Destruction",
"url": "https://attack.mitre.org/techniques/T1485",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1486",
"technique": "Data Encrypted for Impact",
"url": "https://attack.mitre.org/techniques/T1486",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1489",
"technique": "Service Stop",
"url": "https://attack.mitre.org/techniques/T1489",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1490",
"technique": "Inhibit System Recovery",
"url": "https://attack.mitre.org/techniques/T1490",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1491",
"technique": "Defacement",
"url": "https://attack.mitre.org/techniques/T1491",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1491.001",
"technique": "Defacement : Internal Defacement",
"url": "https://attack.mitre.org/techniques/T1491/001"
},
{
"technique_id": "T1491.002",
"technique": "Defacement : External Defacement",
"url": "https://attack.mitre.org/techniques/T1491/002"
},
{
"technique_id": "T1495",
"technique": "Firmware Corruption",
"url": "https://attack.mitre.org/techniques/T1495",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1496",
"technique": "Resource Hijacking",
"url": "https://attack.mitre.org/techniques/T1496",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1497",
"technique": "Virtualization/Sandbox Evasion",
"url": "https://attack.mitre.org/techniques/T1497",
"tactic": [
"Defense Evasion",
"Discovery"
]
},
{
"technique_id": "T1497.001",
"technique": "Virtualization/Sandbox Evasion : System Checks",
"url": "https://attack.mitre.org/techniques/T1497/001"
},
{
"technique_id": "T1497.002",
"technique": "Virtualization/Sandbox Evasion : User Activity Based Checks",
"url": "https://attack.mitre.org/techniques/T1497/002"
},
{
"technique_id": "T1497.003",
"technique": "Virtualization/Sandbox Evasion : Time Based Evasion",
"url": "https://attack.mitre.org/techniques/T1497/003"
},
{
"technique_id": "T1498",
"technique": "Network Denial of Service",
"url": "https://attack.mitre.org/techniques/T1498",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1498.001",
"technique": "Network Denial of Service : Direct Network Flood",
"url": "https://attack.mitre.org/techniques/T1498/001"
},
{
"technique_id": "T1498.002",
"technique": "Network Denial of Service : Reflection Amplification",
"url": "https://attack.mitre.org/techniques/T1498/002"
},
{
"technique_id": "T1499",
"technique": "Endpoint Denial of Service",
"url": "https://attack.mitre.org/techniques/T1499",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1499.001",
"technique": "Endpoint Denial of Service : OS Exhaustion Flood",
"url": "https://attack.mitre.org/techniques/T1499/001"
},
{
"technique_id": "T1499.002",
"technique": "Endpoint Denial of Service : Service Exhaustion Flood",
"url": "https://attack.mitre.org/techniques/T1499/002"
},
{
"technique_id": "T1499.003",
"technique": "Endpoint Denial of Service : Application Exhaustion Flood",
"url": "https://attack.mitre.org/techniques/T1499/003"
},
{
"technique_id": "T1499.004",
"technique": "Endpoint Denial of Service : Application or System Exploitation",
"url": "https://attack.mitre.org/techniques/T1499/004"
},
{
"technique_id": "T1505",
"technique": "Server Software Component",
"url": "https://attack.mitre.org/techniques/T1505",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1505.001",
"technique": "Server Software Component : SQL Stored Procedures",
"url": "https://attack.mitre.org/techniques/T1505/001"
},
{
"technique_id": "T1505.002",
"technique": "Server Software Component : Transport Agent",
"url": "https://attack.mitre.org/techniques/T1505/002"
},
{
"technique_id": "T1505.003",
"technique": "Server Software Component : Web Shell",
"url": "https://attack.mitre.org/techniques/T1505/003"
},
{
"technique_id": "T1507",
"technique": "Network Information Discovery",
"url": "https://attack.mitre.org/techniques/T1507",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1508",
"technique": "Suppress Application Icon",
"url": "https://attack.mitre.org/techniques/T1508",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1509",
"technique": "Uncommonly Used Port",
"url": "https://attack.mitre.org/techniques/T1509",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1510",
"technique": "Clipboard Modification",
"url": "https://attack.mitre.org/techniques/T1510",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1512",
"technique": "Capture Camera",
"url": "https://attack.mitre.org/techniques/T1512",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1513",
"technique": "Screen Capture",
"url": "https://attack.mitre.org/techniques/T1513",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1516",
"technique": "Input Injection",
"url": "https://attack.mitre.org/techniques/T1516",
"tactic": [
"Defense Evasion",
"Impact"
]
},
{
"technique_id": "T1517",
"technique": "Access Notifications",
"url": "https://attack.mitre.org/techniques/T1517",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1518",
"technique": "Software Discovery",
"url": "https://attack.mitre.org/techniques/T1518",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1518.001",
"technique": "Software Discovery : Security Software Discovery",
"url": "https://attack.mitre.org/techniques/T1518/001"
},
{
"technique_id": "T1520",
"technique": "Domain Generation Algorithms",
"url": "https://attack.mitre.org/techniques/T1520",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1521",
"technique": "Standard Cryptographic Protocol",
"url": "https://attack.mitre.org/techniques/T1521",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1523",
"technique": "Evade Analysis Environment",
"url": "https://attack.mitre.org/techniques/T1523",
"tactic": [
"Defense Evasion",
"Discovery"
]
},
{
"technique_id": "T1525",
"technique": "Implant Container Image",
"url": "https://attack.mitre.org/techniques/T1525",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1526",
"technique": "Cloud Service Discovery",
"url": "https://attack.mitre.org/techniques/T1526",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1528",
"technique": "Steal Application Access Token",
"url": "https://attack.mitre.org/techniques/T1528",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1529",
"technique": "System Shutdown/Reboot",
"url": "https://attack.mitre.org/techniques/T1529",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1530",
"technique": "Data from Cloud Storage Object",
"url": "https://attack.mitre.org/techniques/T1530",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1531",
"technique": "Account Access Removal",
"url": "https://attack.mitre.org/techniques/T1531",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1532",
"technique": "Data Encrypted",
"url": "https://attack.mitre.org/techniques/T1532",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1533",
"technique": "Data from Local System",
"url": "https://attack.mitre.org/techniques/T1533",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1534",
"technique": "Internal Spearphishing",
"url": "https://attack.mitre.org/techniques/T1534",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1535",
"technique": "Unused/Unsupported Cloud Regions",
"url": "https://attack.mitre.org/techniques/T1535",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1537",
"technique": "Transfer Data to Cloud Account",
"url": "https://attack.mitre.org/techniques/T1537",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1538",
"technique": "Cloud Service Dashboard",
"url": "https://attack.mitre.org/techniques/T1538",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1539",
"technique": "Steal Web Session Cookie",
"url": "https://attack.mitre.org/techniques/T1539",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1540",
"technique": "Code Injection",
"url": "https://attack.mitre.org/techniques/T1540",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
]
},
{
"technique_id": "T1541",
"technique": "Foreground Persistence",
"url": "https://attack.mitre.org/techniques/T1541",
"tactic": [
"Collection",
"Persistence"
]
},
{
"technique_id": "T1542",
"technique": "Pre-OS Boot",
"url": "https://attack.mitre.org/techniques/T1542",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1542.001",
"technique": "Pre-OS Boot : System Firmware",
"url": "https://attack.mitre.org/techniques/T1542/001"
},
{
"technique_id": "T1542.002",
"technique": "Pre-OS Boot : Component Firmware",
"url": "https://attack.mitre.org/techniques/T1542/002"
},
{
"technique_id": "T1542.003",
"technique": "Pre-OS Boot : Bootkit",
"url": "https://attack.mitre.org/techniques/T1542/003"
},
{
"technique_id": "T1543",
"technique": "Create or Modify System Process",
"url": "https://attack.mitre.org/techniques/T1543",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1543.001",
"technique": "Create or Modify System Process : Launch Agent",
"url": "https://attack.mitre.org/techniques/T1543/001"
},
{
"technique_id": "T1543.002",
"technique": "Create or Modify System Process : Systemd Service",
"url": "https://attack.mitre.org/techniques/T1543/002"
},
{
"technique_id": "T1543.003",
"technique": "Create or Modify System Process : Windows Service",
"url": "https://attack.mitre.org/techniques/T1543/003"
},
{
"technique_id": "T1543.004",
"technique": "Create or Modify System Process : Launch Daemon",
"url": "https://attack.mitre.org/techniques/T1543/004"
},
{
"technique_id": "T1544",
"technique": "Remote File Copy",
"url": "https://attack.mitre.org/techniques/T1544",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1546",
"technique": "Event Triggered Execution",
"url": "https://attack.mitre.org/techniques/T1546",
"tactic": [
"Privilege Escalation",
"Persistence"
]
},
{
"technique_id": "T1546.001",
"technique": "Event Triggered Execution : Change Default File Association",
"url": "https://attack.mitre.org/techniques/T1546/001"
},
{
"technique_id": "T1546.002",
"technique": "Event Triggered Execution : Screensaver",
"url": "https://attack.mitre.org/techniques/T1546/002"
},
{
"technique_id": "T1546.003",
"technique": "Event Triggered Execution : Windows Management Instrumentation Event Subscription",
"url": "https://attack.mitre.org/techniques/T1546/003"
},
{
"technique_id": "T1546.004",
"technique": "Event Triggered Execution : .bash_profile and .bashrc",
"url": "https://attack.mitre.org/techniques/T1546/004"
},
{
"technique_id": "T1546.005",
"technique": "Event Triggered Execution : Trap",
"url": "https://attack.mitre.org/techniques/T1546/005"
},
{
"technique_id": "T1546.006",
"technique": "Event Triggered Execution : LC_LOAD_DYLIB Addition",
"url": "https://attack.mitre.org/techniques/T1546/006"
},
{
"technique_id": "T1546.007",
"technique": "Event Triggered Execution : Netsh Helper DLL",
"url": "https://attack.mitre.org/techniques/T1546/007"
},
{
"technique_id": "T1546.008",
"technique": "Event Triggered Execution : Accessibility Features",
"url": "https://attack.mitre.org/techniques/T1546/008"
},
{
"technique_id": "T1546.009",
"technique": "Event Triggered Execution : AppCert DLLs",
"url": "https://attack.mitre.org/techniques/T1546/009"
},
{
"technique_id": "T1546.010",
"technique": "Event Triggered Execution : AppInit DLLs",
"url": "https://attack.mitre.org/techniques/T1546/010"
},
{
"technique_id": "T1546.011",
"technique": "Event Triggered Execution : Application Shimming",
"url": "https://attack.mitre.org/techniques/T1546/011"
},
{
"technique_id": "T1546.012",
"technique": "Event Triggered Execution : Image File Execution Options Injection",
"url": "https://attack.mitre.org/techniques/T1546/012"
},
{
"technique_id": "T1546.013",
"technique": "Event Triggered Execution : PowerShell Profile",
"url": "https://attack.mitre.org/techniques/T1546/013"
},
{
"technique_id": "T1546.014",
"technique": "Event Triggered Execution : Emond",
"url": "https://attack.mitre.org/techniques/T1546/014"
},
{
"technique_id": "T1546.015",
"technique": "Event Triggered Execution : Component Object Model Hijacking",
"url": "https://attack.mitre.org/techniques/T1546/015"
},
{
"technique_id": "T1547",
"technique": "Boot or Logon Autostart Execution",
"url": "https://attack.mitre.org/techniques/T1547",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1547.001",
"technique": "Boot or Logon Autostart Execution : Registry Run Keys / Startup Folder",
"url": "https://attack.mitre.org/techniques/T1547/001"
},
{
"technique_id": "T1547.002",
"technique": "Boot or Logon Autostart Execution : Authentication Package",
"url": "https://attack.mitre.org/techniques/T1547/002"
},
{
"technique_id": "T1547.003",
"technique": "Boot or Logon Autostart Execution : Time Providers",
"url": "https://attack.mitre.org/techniques/T1547/003"
},
{
"technique_id": "T1547.004",
"technique": "Boot or Logon Autostart Execution : Winlogon Helper DLL",
"url": "https://attack.mitre.org/techniques/T1547/004"
},
{
"technique_id": "T1547.005",
"technique": "Boot or Logon Autostart Execution : Security Support Provider",
"url": "https://attack.mitre.org/techniques/T1547/005"
},
{
"technique_id": "T1547.006",
"technique": "Boot or Logon Autostart Execution : Kernel Modules and Extensions",
"url": "https://attack.mitre.org/techniques/T1547/006"
},
{
"technique_id": "T1547.007",
"technique": "Boot or Logon Autostart Execution : Re-opened Applications",
"url": "https://attack.mitre.org/techniques/T1547/007"
},
{
"technique_id": "T1547.008",
"technique": "Boot or Logon Autostart Execution : LSASS Driver",
"url": "https://attack.mitre.org/techniques/T1547/008"
},
{
"technique_id": "T1547.009",
"technique": "Boot or Logon Autostart Execution : Shortcut Modification",
"url": "https://attack.mitre.org/techniques/T1547/009"
},
{
"technique_id": "T1547.010",
"technique": "Boot or Logon Autostart Execution : Port Monitors",
"url": "https://attack.mitre.org/techniques/T1547/010"
},
{
"technique_id": "T1547.011",
"technique": "Boot or Logon Autostart Execution : Plist Modification",
"url": "https://attack.mitre.org/techniques/T1547/011"
},
{
"technique_id": "T1548",
"technique": "Abuse Elevation Control Mechanism",
"url": "https://attack.mitre.org/techniques/T1548",
"tactic": [
"Privilege Escalation",
"Defense Evasion"
]
},
{
"technique_id": "T1548.001",
"technique": "Abuse Elevation Control Mechanism : Setuid and Setgid",
"url": "https://attack.mitre.org/techniques/T1548/001"
},
{
"technique_id": "T1548.002",
"technique": "Abuse Elevation Control Mechanism : Bypass User Access Control",
"url": "https://attack.mitre.org/techniques/T1548/002"
},
{
"technique_id": "T1548.003",
"technique": "Abuse Elevation Control Mechanism : Sudo and Sudo Caching",
"url": "https://attack.mitre.org/techniques/T1548/003"
},
{
"technique_id": "T1548.004",
"technique": "Abuse Elevation Control Mechanism : Elevated Execution with Prompt",
"url": "https://attack.mitre.org/techniques/T1548/004"
},
{
"technique_id": "T1550",
"technique": "Use Alternate Authentication Material",
"url": "https://attack.mitre.org/techniques/T1550",
"tactic": [
"Defense Evasion",
"Lateral Movement"
]
},
{
"technique_id": "T1550.001",
"technique": "Use Alternate Authentication Material : Application Access Token",
"url": "https://attack.mitre.org/techniques/T1550/001"
},
{
"technique_id": "T1550.002",
"technique": "Use Alternate Authentication Material : Pass the Hash",
"url": "https://attack.mitre.org/techniques/T1550/002"
},
{
"technique_id": "T1550.003",
"technique": "Use Alternate Authentication Material : Pass the Ticket",
"url": "https://attack.mitre.org/techniques/T1550/003"
},
{
"technique_id": "T1550.004",
"technique": "Use Alternate Authentication Material : Web Session Cookie",
"url": "https://attack.mitre.org/techniques/T1550/004"
},
{
"technique_id": "T1552",
"technique": "Unsecured Credentials",
"url": "https://attack.mitre.org/techniques/T1552",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1552.001",
"technique": "Unsecured Credentials : Credentials In Files",
"url": "https://attack.mitre.org/techniques/T1552/001"
},
{
"technique_id": "T1552.002",
"technique": "Unsecured Credentials : Credentials in Registry",
"url": "https://attack.mitre.org/techniques/T1552/002"
},
{
"technique_id": "T1552.003",
"technique": "Unsecured Credentials : Bash History",
"url": "https://attack.mitre.org/techniques/T1552/003"
},
{
"technique_id": "T1552.004",
"technique": "Unsecured Credentials : Private Keys",
"url": "https://attack.mitre.org/techniques/T1552/004"
},
{
"technique_id": "T1552.005",
"technique": "Unsecured Credentials : Cloud Instance Metadata API",
"url": "https://attack.mitre.org/techniques/T1552/005"
},
{
"technique_id": "T1552.006",
"technique": "Unsecured Credentials : Group Policy Preferences",
"url": "https://attack.mitre.org/techniques/T1552/006"
},
{
"technique_id": "T1553",
"technique": "Subvert Trust Controls",
"url": "https://attack.mitre.org/techniques/T1553",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1553.001",
"technique": "Subvert Trust Controls : Gatekeeper Bypass",
"url": "https://attack.mitre.org/techniques/T1553/001"
},
{
"technique_id": "T1553.002",
"technique": "Subvert Trust Controls : Code Signing",
"url": "https://attack.mitre.org/techniques/T1553/002"
},
{
"technique_id": "T1553.003",
"technique": "Subvert Trust Controls : SIP and Trust Provider Hijacking",
"url": "https://attack.mitre.org/techniques/T1553/003"
},
{
"technique_id": "T1553.004",
"technique": "Subvert Trust Controls : Install Root Certificate",
"url": "https://attack.mitre.org/techniques/T1553/004"
},
{
"technique_id": "T1554",
"technique": "Compromise Client Software Binary",
"url": "https://attack.mitre.org/techniques/T1554",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1555",
"technique": "Credentials from Password Stores",
"url": "https://attack.mitre.org/techniques/T1555",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1555.001",
"technique": "Credentials from Password Stores : Keychain",
"url": "https://attack.mitre.org/techniques/T1555/001"
},
{
"technique_id": "T1555.002",
"technique": "Credentials from Password Stores : Securityd Memory",
"url": "https://attack.mitre.org/techniques/T1555/002"
},
{
"technique_id": "T1555.003",
"technique": "Credentials from Password Stores : Credentials from Web Browsers",
"url": "https://attack.mitre.org/techniques/T1555/003"
},
{
"technique_id": "T1556",
"technique": "Modify Authentication Process",
"url": "https://attack.mitre.org/techniques/T1556",
"tactic": [
"Credential Access",
"Defense Evasion"
]
},
{
"technique_id": "T1556.001",
"technique": "Modify Authentication Process : Domain Controller Authentication",
"url": "https://attack.mitre.org/techniques/T1556/001"
},
{
"technique_id": "T1556.002",
"technique": "Modify Authentication Process : Password Filter DLL",
"url": "https://attack.mitre.org/techniques/T1556/002"
},
{
"technique_id": "T1556.003",
"technique": "Modify Authentication Process : Pluggable Authentication Modules",
"url": "https://attack.mitre.org/techniques/T1556/003"
},
{
"technique_id": "T1557",
"technique": "Man-in-the-Middle",
"url": "https://attack.mitre.org/techniques/T1557",
"tactic": [
"Credential Access",
"Collection"
]
},
{
"technique_id": "T1557.001",
"technique": "Man-in-the-Middle : LLMNR/NBT-NS Poisoning and SMB Relay",
"url": "https://attack.mitre.org/techniques/T1557/001"
},
{
"technique_id": "T1558",
"technique": "Steal or Forge Kerberos Tickets",
"url": "https://attack.mitre.org/techniques/T1558",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1558.001",
"technique": "Steal or Forge Kerberos Tickets : Golden Ticket",
"url": "https://attack.mitre.org/techniques/T1558/001"
},
{
"technique_id": "T1558.002",
"technique": "Steal or Forge Kerberos Tickets : Silver Ticket",
"url": "https://attack.mitre.org/techniques/T1558/002"
},
{
"technique_id": "T1558.003",
"technique": "Steal or Forge Kerberos Tickets : Kerberoasting",
"url": "https://attack.mitre.org/techniques/T1558/003"
},
{
"technique_id": "T1559",
"technique": "Inter-Process Communication",
"url": "https://attack.mitre.org/techniques/T1559",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1559.001",
"technique": "Inter-Process Communication : Component Object Model",
"url": "https://attack.mitre.org/techniques/T1559/001"
},
{
"technique_id": "T1559.002",
"technique": "Inter-Process Communication : Dynamic Data Exchange",
"url": "https://attack.mitre.org/techniques/T1559/002"
},
{
"technique_id": "T1560",
"technique": "Archive Collected Data",
"url": "https://attack.mitre.org/techniques/T1560",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1560.001",
"technique": "Archive Collected Data : Archive via Utility",
"url": "https://attack.mitre.org/techniques/T1560/001"
},
{
"technique_id": "T1560.002",
"technique": "Archive Collected Data : Archive via Library",
"url": "https://attack.mitre.org/techniques/T1560/002"
},
{
"technique_id": "T1560.003",
"technique": "Archive Collected Data : Archive via Custom Method",
"url": "https://attack.mitre.org/techniques/T1560/003"
},
{
"technique_id": "T1561",
"technique": "Disk Wipe",
"url": "https://attack.mitre.org/techniques/T1561",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1561.001",
"technique": "Disk Wipe : Disk Content Wipe",
"url": "https://attack.mitre.org/techniques/T1561/001"
},
{
"technique_id": "T1561.002",
"technique": "Disk Wipe : Disk Structure Wipe",
"url": "https://attack.mitre.org/techniques/T1561/002"
},
{
"technique_id": "T1562",
"technique": "Impair Defenses",
"url": "https://attack.mitre.org/techniques/T1562",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1562.001",
"technique": "Impair Defenses : Disable or Modify Tools",
"url": "https://attack.mitre.org/techniques/T1562/001"
},
{
"technique_id": "T1562.002",
"technique": "Impair Defenses : Disable Windows Event Logging",
"url": "https://attack.mitre.org/techniques/T1562/002"
},
{
"technique_id": "T1562.003",
"technique": "Impair Defenses : HISTCONTROL",
"url": "https://attack.mitre.org/techniques/T1562/003"
},
{
"technique_id": "T1562.004",
"technique": "Impair Defenses : Disable or Modify System Firewall",
"url": "https://attack.mitre.org/techniques/T1562/004"
},
{
"technique_id": "T1562.006",
"technique": "Impair Defenses : Indicator Blocking",
"url": "https://attack.mitre.org/techniques/T1562/006"
},
{
"technique_id": "T1562.007",
"technique": "Impair Defenses : Disable or Modify Cloud Firewall",
"url": "https://attack.mitre.org/techniques/T1562/007"
},
{
"technique_id": "T1563",
"technique": "Remote Service Session Hijacking",
"url": "https://attack.mitre.org/techniques/T1563",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1563.001",
"technique": "Remote Service Session Hijacking : SSH Hijacking",
"url": "https://attack.mitre.org/techniques/T1563/001"
},
{
"technique_id": "T1563.002",
"technique": "Remote Service Session Hijacking : RDP Hijacking",
"url": "https://attack.mitre.org/techniques/T1563/002"
},
{
"technique_id": "T1564",
"technique": "Hide Artifacts",
"url": "https://attack.mitre.org/techniques/T1564",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1564.001",
"technique": "Hide Artifacts : Hidden Files and Directories",
"url": "https://attack.mitre.org/techniques/T1564/001"
},
{
"technique_id": "T1564.002",
"technique": "Hide Artifacts : Hidden Users",
"url": "https://attack.mitre.org/techniques/T1564/002"
},
{
"technique_id": "T1564.003",
"technique": "Hide Artifacts : Hidden Window",
"url": "https://attack.mitre.org/techniques/T1564/003"
},
{
"technique_id": "T1564.004",
"technique": "Hide Artifacts : NTFS File Attributes",
"url": "https://attack.mitre.org/techniques/T1564/004"
},
{
"technique_id": "T1564.005",
"technique": "Hide Artifacts : Hidden File System",
"url": "https://attack.mitre.org/techniques/T1564/005"
},
{
"technique_id": "T1564.006",
"technique": "Hide Artifacts : Run Virtual Instance",
"url": "https://attack.mitre.org/techniques/T1564/006"
},
{
"technique_id": "T1565",
"technique": "Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1565.001",
"technique": "Data Manipulation : Stored Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565/001"
},
{
"technique_id": "T1565.002",
"technique": "Data Manipulation : Transmitted Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565/002"
},
{
"technique_id": "T1565.003",
"technique": "Data Manipulation : Runtime Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565/003"
},
{
"technique_id": "T1566",
"technique": "Phishing",
"url": "https://attack.mitre.org/techniques/T1566",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1566.001",
"technique": "Phishing : Spearphishing Attachment",
"url": "https://attack.mitre.org/techniques/T1566/001"
},
{
"technique_id": "T1566.002",
"technique": "Phishing : Spearphishing Link",
"url": "https://attack.mitre.org/techniques/T1566/002"
},
{
"technique_id": "T1566.003",
"technique": "Phishing : Spearphishing via Service",
"url": "https://attack.mitre.org/techniques/T1566/003"
},
{
"technique_id": "T1567",
"technique": "Exfiltration Over Web Service",
"url": "https://attack.mitre.org/techniques/T1567",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1567.001",
"technique": "Exfiltration Over Web Service : Exfiltration to Code Repository",
"url": "https://attack.mitre.org/techniques/T1567/001"
},
{
"technique_id": "T1567.002",
"technique": "Exfiltration Over Web Service : Exfiltration to Cloud Storage",
"url": "https://attack.mitre.org/techniques/T1567/002"
},
{
"technique_id": "T1568",
"technique": "Dynamic Resolution",
"url": "https://attack.mitre.org/techniques/T1568",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1568.001",
"technique": "Dynamic Resolution : Fast Flux DNS",
"url": "https://attack.mitre.org/techniques/T1568/001"
},
{
"technique_id": "T1568.002",
"technique": "Dynamic Resolution : Domain Generation Algorithms",
"url": "https://attack.mitre.org/techniques/T1568/002"
},
{
"technique_id": "T1568.003",
"technique": "Dynamic Resolution : DNS Calculation",
"url": "https://attack.mitre.org/techniques/T1568/003"
},
{
"technique_id": "T1569",
"technique": "System Services",
"url": "https://attack.mitre.org/techniques/T1569",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1569.001",
"technique": "System Services : Launchctl",
"url": "https://attack.mitre.org/techniques/T1569/001"
},
{
"technique_id": "T1569.002",
"technique": "System Services : Service Execution",
"url": "https://attack.mitre.org/techniques/T1569/002"
},
{
"technique_id": "T1570",
"technique": "Lateral Tool Transfer",
"url": "https://attack.mitre.org/techniques/T1570",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1571",
"technique": "Non-Standard Port",
"url": "https://attack.mitre.org/techniques/T1571",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1572",
"technique": "Protocol Tunneling",
"url": "https://attack.mitre.org/techniques/T1572",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1573",
"technique": "Encrypted Channel",
"url": "https://attack.mitre.org/techniques/T1573",
"tactic": [
"Command and Control"
]
},
{
"technique_id": "T1573.001",
"technique": "Encrypted Channel : Symmetric Cryptography",
"url": "https://attack.mitre.org/techniques/T1573/001"
},
{
"technique_id": "T1573.002",
"technique": "Encrypted Channel : Asymmetric Cryptography",
"url": "https://attack.mitre.org/techniques/T1573/002"
},
{
"technique_id": "T1574",
"technique": "Hijack Execution Flow",
"url": "https://attack.mitre.org/techniques/T1574",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
]
},
{
"technique_id": "T1574.001",
"technique": "Hijack Execution Flow : DLL Search Order Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/001"
},
{
"technique_id": "T1574.002",
"technique": "Hijack Execution Flow : DLL Side-Loading",
"url": "https://attack.mitre.org/techniques/T1574/002"
},
{
"technique_id": "T1574.004",
"technique": "Hijack Execution Flow : Dylib Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/004"
},
{
"technique_id": "T1574.005",
"technique": "Hijack Execution Flow : Executable Installer File Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1574/005"
},
{
"technique_id": "T1574.006",
"technique": "Hijack Execution Flow : LD_PRELOAD",
"url": "https://attack.mitre.org/techniques/T1574/006"
},
{
"technique_id": "T1574.007",
"technique": "Hijack Execution Flow : Path Interception by PATH Environment Variable",
"url": "https://attack.mitre.org/techniques/T1574/007"
},
{
"technique_id": "T1574.008",
"technique": "Hijack Execution Flow : Path Interception by Search Order Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/008"
},
{
"technique_id": "T1574.009",
"technique": "Hijack Execution Flow : Path Interception by Unquoted Path",
"url": "https://attack.mitre.org/techniques/T1574/009"
},
{
"technique_id": "T1574.010",
"technique": "Hijack Execution Flow : Services File Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1574/010"
},
{
"technique_id": "T1574.011",
"technique": "Hijack Execution Flow : Services Registry Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1574/011"
},
{
"technique_id": "T1574.012",
"technique": "Hijack Execution Flow : COR_PROFILER",
"url": "https://attack.mitre.org/techniques/T1574/012"
},
{
"technique_id": "T1575",
"technique": "Native Code",
"url": "https://attack.mitre.org/techniques/T1575",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1576",
"technique": "Uninstall Malicious Application",
"url": "https://attack.mitre.org/techniques/T1576",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1577",
"technique": "Compromise Application Executable",
"url": "https://attack.mitre.org/techniques/T1577",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1578",
"technique": "Modify Cloud Compute Infrastructure",
"url": "https://attack.mitre.org/techniques/T1578",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1578.001",
"technique": "Modify Cloud Compute Infrastructure : Create Snapshot",
"url": "https://attack.mitre.org/techniques/T1578/001"
},
{
"technique_id": "T1578.002",
"technique": "Modify Cloud Compute Infrastructure : Create Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1578/002"
},
{
"technique_id": "T1578.003",
"technique": "Modify Cloud Compute Infrastructure : Delete Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1578/003"
},
{
"technique_id": "T1578.004",
"technique": "Modify Cloud Compute Infrastructure : Revert Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1578/004"
},
{
"technique_id": "T1579",
"technique": "Keychain",
"url": "https://attack.mitre.org/techniques/T1579",
"tactic": [
"Credential Access"
]
}
]
Reference in New Issue View Git Blame Copy Permalink