security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
34ea706e4fe91c8a2c7ae11b953407e1dd67a319
blue-team-tools/tools/config/mitre/techniques.json
T
vh 5dc30bd388 Carbonblack, Arcsight ESM, Elastic Rule
2020-02-24 19:29:45 +02:00

4353 lines
117 KiB
JSON
Raw Blame History

[
{
"technique_id": "T1531",
"technique": "Account Access Removal",
"url": "https://attack.mitre.org/techniques/T1531",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1506",
"technique": "Web Session Cookie",
"url": "https://attack.mitre.org/techniques/T1506",
"tactic": [
"Defense Evasion",
"Lateral Movement"
]
},
{
"technique_id": "T1539",
"technique": "Steal Web Session Cookie",
"url": "https://attack.mitre.org/techniques/T1539",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1529",
"technique": "System Shutdown/Reboot",
"url": "https://attack.mitre.org/techniques/T1529",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1519",
"technique": "Emond",
"url": "https://attack.mitre.org/techniques/T1519",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1518",
"technique": "Software Discovery",
"url": "https://attack.mitre.org/techniques/T1518",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1534",
"technique": "Internal Spearphishing",
"url": "https://attack.mitre.org/techniques/T1534",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1528",
"technique": "Steal Application Access Token",
"url": "https://attack.mitre.org/techniques/T1528",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1522",
"technique": "Cloud Instance Metadata API",
"url": "https://attack.mitre.org/techniques/T1522",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1536",
"technique": "Revert Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1536",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1535",
"technique": "Unused/Unsupported Cloud Regions",
"url": "https://attack.mitre.org/techniques/T1535",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1525",
"technique": "Implant Container Image",
"url": "https://attack.mitre.org/techniques/T1525",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1538",
"technique": "Cloud Service Dashboard",
"url": "https://attack.mitre.org/techniques/T1538",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1530",
"technique": "Data from Cloud Storage Object",
"url": "https://attack.mitre.org/techniques/T1530",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1537",
"technique": "Transfer Data to Cloud Account",
"url": "https://attack.mitre.org/techniques/T1537",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1526",
"technique": "Cloud Service Discovery",
"url": "https://attack.mitre.org/techniques/T1526",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1527",
"technique": "Application Access Token",
"url": "https://attack.mitre.org/techniques/T1527",
"tactic": [
"Defense Evasion",
"Lateral Movement"
]
},
{
"technique_id": "T1514",
"technique": "Elevated Execution with Prompt",
"url": "https://attack.mitre.org/techniques/T1514",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1505",
"technique": "Server Software Component",
"url": "https://attack.mitre.org/techniques/T1505",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1503",
"technique": "Credentials from Web Browsers",
"url": "https://attack.mitre.org/techniques/T1503",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1504",
"technique": "PowerShell Profile",
"url": "https://attack.mitre.org/techniques/T1504",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1502",
"technique": "Parent PID Spoofing",
"url": "https://attack.mitre.org/techniques/T1502",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1500",
"technique": "Compile After Delivery",
"url": "https://attack.mitre.org/techniques/T1500",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1501",
"technique": "Systemd Service",
"url": "https://attack.mitre.org/techniques/T1501",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1499",
"technique": "Endpoint Denial of Service",
"url": "https://attack.mitre.org/techniques/T1499",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1497",
"technique": "Virtualization/Sandbox Evasion",
"url": "https://attack.mitre.org/techniques/T1497",
"tactic": [
"Defense Evasion",
"Discovery"
]
},
{
"technique_id": "T1498",
"technique": "Network Denial of Service",
"url": "https://attack.mitre.org/techniques/T1498",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1496",
"technique": "Resource Hijacking",
"url": "https://attack.mitre.org/techniques/T1496",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1495",
"technique": "Firmware Corruption",
"url": "https://attack.mitre.org/techniques/T1495",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1494",
"technique": "Runtime Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1494",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1493",
"technique": "Transmitted Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1493",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1492",
"technique": "Stored Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1492",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1491",
"technique": "Defacement",
"url": "https://attack.mitre.org/techniques/T1491",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1490",
"technique": "Inhibit System Recovery",
"url": "https://attack.mitre.org/techniques/T1490",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1489",
"technique": "Service Stop",
"url": "https://attack.mitre.org/techniques/T1489",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1488",
"technique": "Disk Content Wipe",
"url": "https://attack.mitre.org/techniques/T1488",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1487",
"technique": "Disk Structure Wipe",
"url": "https://attack.mitre.org/techniques/T1487",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1486",
"technique": "Data Encrypted for Impact",
"url": "https://attack.mitre.org/techniques/T1486",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1485",
"technique": "Data Destruction",
"url": "https://attack.mitre.org/techniques/T1485",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1484",
"technique": "Group Policy Modification",
"url": "https://attack.mitre.org/techniques/T1484",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1483",
"technique": "Domain Generation Algorithms",
"url": "https://attack.mitre.org/techniques/T1483",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1482",
"technique": "Domain Trust Discovery",
"url": "https://attack.mitre.org/techniques/T1482",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1480",
"technique": "Execution Guardrails",
"url": "https://attack.mitre.org/techniques/T1480",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1222",
"technique": "File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1223",
"technique": "Compiled HTML File",
"url": "https://attack.mitre.org/techniques/T1223",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1221",
"technique": "Template Injection",
"url": "https://attack.mitre.org/techniques/T1221",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1220",
"technique": "XSL Script Processing",
"url": "https://attack.mitre.org/techniques/T1220",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1217",
"technique": "Browser Bookmark Discovery",
"url": "https://attack.mitre.org/techniques/T1217",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1213",
"technique": "Data from Information Repositories",
"url": "https://attack.mitre.org/techniques/T1213",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1190",
"technique": "Exploit Public-Facing Application",
"url": "https://attack.mitre.org/techniques/T1190",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1210",
"technique": "Exploitation of Remote Services",
"url": "https://attack.mitre.org/techniques/T1210",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1200",
"technique": "Hardware Additions",
"url": "https://attack.mitre.org/techniques/T1200",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1202",
"technique": "Indirect Command Execution",
"url": "https://attack.mitre.org/techniques/T1202",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1194",
"technique": "Spearphishing via Service",
"url": "https://attack.mitre.org/techniques/T1194",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1209",
"technique": "Time Providers",
"url": "https://attack.mitre.org/techniques/T1209",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1199",
"technique": "Trusted Relationship",
"url": "https://attack.mitre.org/techniques/T1199",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1191",
"technique": "CMSTP",
"url": "https://attack.mitre.org/techniques/T1191",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1207",
"technique": "DCShadow",
"url": "https://attack.mitre.org/techniques/T1207",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1189",
"technique": "Drive-by Compromise",
"url": "https://attack.mitre.org/techniques/T1189",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1211",
"technique": "Exploitation for Defense Evasion",
"url": "https://attack.mitre.org/techniques/T1211",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1218",
"technique": "Signed Binary Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1218",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1193",
"technique": "Spearphishing Attachment",
"url": "https://attack.mitre.org/techniques/T1193",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1195",
"technique": "Supply Chain Compromise",
"url": "https://attack.mitre.org/techniques/T1195",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1204",
"technique": "User Execution",
"url": "https://attack.mitre.org/techniques/T1204",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1196",
"technique": "Control Panel Items",
"url": "https://attack.mitre.org/techniques/T1196",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1212",
"technique": "Exploitation for Credential Access",
"url": "https://attack.mitre.org/techniques/T1212",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1215",
"technique": "Kernel Modules and Extensions",
"url": "https://attack.mitre.org/techniques/T1215",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1197",
"technique": "BITS Jobs",
"url": "https://attack.mitre.org/techniques/T1197",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1214",
"technique": "Credentials in Registry",
"url": "https://attack.mitre.org/techniques/T1214",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1216",
"technique": "Signed Script Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1216",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1192",
"technique": "Spearphishing Link",
"url": "https://attack.mitre.org/techniques/T1192",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1198",
"technique": "SIP and Trust Provider Hijacking",
"url": "https://attack.mitre.org/techniques/T1198",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1206",
"technique": "Sudo Caching",
"url": "https://attack.mitre.org/techniques/T1206",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1203",
"technique": "Exploitation for Client Execution",
"url": "https://attack.mitre.org/techniques/T1203",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1208",
"technique": "Kerberoasting",
"url": "https://attack.mitre.org/techniques/T1208",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1201",
"technique": "Password Policy Discovery",
"url": "https://attack.mitre.org/techniques/T1201",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1205",
"technique": "Port Knocking",
"url": "https://attack.mitre.org/techniques/T1205",
"tactic": [
"Defense Evasion",
"Persistence",
"Command And Control"
]
},
{
"technique_id": "T1219",
"technique": "Remote Access Tools",
"url": "https://attack.mitre.org/techniques/T1219",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1172",
"technique": "Domain Fronting",
"url": "https://attack.mitre.org/techniques/T1172",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1173",
"technique": "Dynamic Data Exchange",
"url": "https://attack.mitre.org/techniques/T1173",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1187",
"technique": "Forced Authentication",
"url": "https://attack.mitre.org/techniques/T1187",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1188",
"technique": "Multi-hop Proxy",
"url": "https://attack.mitre.org/techniques/T1188",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1174",
"technique": "Password Filter DLL",
"url": "https://attack.mitre.org/techniques/T1174",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1175",
"technique": "Component Object Model and Distributed COM",
"url": "https://attack.mitre.org/techniques/T1175",
"tactic": [
"Lateral Movement",
"Execution"
]
},
{
"technique_id": "T1170",
"technique": "Mshta",
"url": "https://attack.mitre.org/techniques/T1170",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1179",
"technique": "Hooking",
"url": "https://attack.mitre.org/techniques/T1179",
"tactic": [
"Persistence",
"Privilege Escalation",
"Credential Access"
]
},
{
"technique_id": "T1184",
"technique": "SSH Hijacking",
"url": "https://attack.mitre.org/techniques/T1184",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1181",
"technique": "Extra Window Memory Injection",
"url": "https://attack.mitre.org/techniques/T1181",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1177",
"technique": "LSASS Driver",
"url": "https://attack.mitre.org/techniques/T1177",
"tactic": [
"Execution",
"Persistence"
]
},
{
"technique_id": "T1182",
"technique": "AppCert DLLs",
"url": "https://attack.mitre.org/techniques/T1182",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1176",
"technique": "Browser Extensions",
"url": "https://attack.mitre.org/techniques/T1176",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1185",
"technique": "Man in the Browser",
"url": "https://attack.mitre.org/techniques/T1185",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1180",
"technique": "Screensaver",
"url": "https://attack.mitre.org/techniques/T1180",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1183",
"technique": "Image File Execution Options Injection",
"url": "https://attack.mitre.org/techniques/T1183",
"tactic": [
"Privilege Escalation",
"Persistence",
"Defense Evasion"
]
},
{
"technique_id": "T1171",
"technique": "LLMNR/NBT-NS Poisoning and Relay",
"url": "https://attack.mitre.org/techniques/T1171",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1186",
"technique": "Process Doppelg\\u00e4nging",
"url": "https://attack.mitre.org/techniques/T1186",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1178",
"technique": "SID-History Injection",
"url": "https://attack.mitre.org/techniques/T1178",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1138",
"technique": "Application Shimming",
"url": "https://attack.mitre.org/techniques/T1138",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1140",
"technique": "Deobfuscate/Decode Files or Information",
"url": "https://attack.mitre.org/techniques/T1140",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1149",
"technique": "LC_MAIN Hijacking",
"url": "https://attack.mitre.org/techniques/T1149",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1152",
"technique": "Launchctl",
"url": "https://attack.mitre.org/techniques/T1152",
"tactic": [
"Defense Evasion",
"Execution",
"Persistence"
]
},
{
"technique_id": "T1150",
"technique": "Plist Modification",
"url": "https://attack.mitre.org/techniques/T1150",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1163",
"technique": "Rc.common",
"url": "https://attack.mitre.org/techniques/T1163",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1166",
"technique": "Setuid and Setgid",
"url": "https://attack.mitre.org/techniques/T1166",
"tactic": [
"Privilege Escalation",
"Persistence"
]
},
{
"technique_id": "T1157",
"technique": "Dylib Hijacking",
"url": "https://attack.mitre.org/techniques/T1157",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1155",
"technique": "AppleScript",
"url": "https://attack.mitre.org/techniques/T1155",
"tactic": [
"Execution",
"Lateral Movement"
]
},
{
"technique_id": "T1136",
"technique": "Create Account",
"url": "https://attack.mitre.org/techniques/T1136",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1143",
"technique": "Hidden Window",
"url": "https://attack.mitre.org/techniques/T1143",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1141",
"technique": "Input Prompt",
"url": "https://attack.mitre.org/techniques/T1141",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1142",
"technique": "Keychain",
"url": "https://attack.mitre.org/techniques/T1142",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1159",
"technique": "Launch Agent",
"url": "https://attack.mitre.org/techniques/T1159",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1135",
"technique": "Network Share Discovery",
"url": "https://attack.mitre.org/techniques/T1135",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1148",
"technique": "HISTCONTROL",
"url": "https://attack.mitre.org/techniques/T1148",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1161",
"technique": "LC_LOAD_DYLIB Addition",
"url": "https://attack.mitre.org/techniques/T1161",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1154",
"technique": "Trap",
"url": "https://attack.mitre.org/techniques/T1154",
"tactic": [
"Execution",
"Persistence"
]
},
{
"technique_id": "T1134",
"technique": "Access Token Manipulation",
"url": "https://attack.mitre.org/techniques/T1134",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1139",
"technique": "Bash History",
"url": "https://attack.mitre.org/techniques/T1139",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1147",
"technique": "Hidden Users",
"url": "https://attack.mitre.org/techniques/T1147",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1156",
"technique": ".bash_profile and .bashrc",
"url": "https://attack.mitre.org/techniques/T1156",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1146",
"technique": "Clear Command History",
"url": "https://attack.mitre.org/techniques/T1146",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1160",
"technique": "Launch Daemon",
"url": "https://attack.mitre.org/techniques/T1160",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1145",
"technique": "Private Keys",
"url": "https://attack.mitre.org/techniques/T1145",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1165",
"technique": "Startup Items",
"url": "https://attack.mitre.org/techniques/T1165",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1162",
"technique": "Login Item",
"url": "https://attack.mitre.org/techniques/T1162",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1137",
"technique": "Office Application Startup",
"url": "https://attack.mitre.org/techniques/T1137",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1151",
"technique": "Space after Filename",
"url": "https://attack.mitre.org/techniques/T1151",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1144",
"technique": "Gatekeeper Bypass",
"url": "https://attack.mitre.org/techniques/T1144",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1158",
"technique": "Hidden Files and Directories",
"url": "https://attack.mitre.org/techniques/T1158",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1168",
"technique": "Local Job Scheduling",
"url": "https://attack.mitre.org/techniques/T1168",
"tactic": [
"Persistence",
"Execution"
]
},
{
"technique_id": "T1164",
"technique": "Re-opened Applications",
"url": "https://attack.mitre.org/techniques/T1164",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1167",
"technique": "Securityd Memory",
"url": "https://attack.mitre.org/techniques/T1167",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1153",
"technique": "Source",
"url": "https://attack.mitre.org/techniques/T1153",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1169",
"technique": "Sudo",
"url": "https://attack.mitre.org/techniques/T1169",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1133",
"technique": "External Remote Services",
"url": "https://attack.mitre.org/techniques/T1133",
"tactic": [
"Persistence",
"Initial Access"
]
},
{
"technique_id": "T1132",
"technique": "Data Encoding",
"url": "https://attack.mitre.org/techniques/T1132",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1131",
"technique": "Authentication Package",
"url": "https://attack.mitre.org/techniques/T1131",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1130",
"technique": "Install Root Certificate",
"url": "https://attack.mitre.org/techniques/T1130",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1129",
"technique": "Execution through Module Load",
"url": "https://attack.mitre.org/techniques/T1129",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1128",
"technique": "Netsh Helper DLL",
"url": "https://attack.mitre.org/techniques/T1128",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1127",
"technique": "Trusted Developer Utilities",
"url": "https://attack.mitre.org/techniques/T1127",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1126",
"technique": "Network Share Connection Removal",
"url": "https://attack.mitre.org/techniques/T1126",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1125",
"technique": "Video Capture",
"url": "https://attack.mitre.org/techniques/T1125",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1124",
"technique": "System Time Discovery",
"url": "https://attack.mitre.org/techniques/T1124",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1123",
"technique": "Audio Capture",
"url": "https://attack.mitre.org/techniques/T1123",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1122",
"technique": "Component Object Model Hijacking",
"url": "https://attack.mitre.org/techniques/T1122",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1121",
"technique": "Regsvcs/Regasm",
"url": "https://attack.mitre.org/techniques/T1121",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1120",
"technique": "Peripheral Device Discovery",
"url": "https://attack.mitre.org/techniques/T1120",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1119",
"technique": "Automated Collection",
"url": "https://attack.mitre.org/techniques/T1119",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1118",
"technique": "InstallUtil",
"url": "https://attack.mitre.org/techniques/T1118",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1117",
"technique": "Regsvr32",
"url": "https://attack.mitre.org/techniques/T1117",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1116",
"technique": "Code Signing",
"url": "https://attack.mitre.org/techniques/T1116",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1115",
"technique": "Clipboard Data",
"url": "https://attack.mitre.org/techniques/T1115",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1114",
"technique": "Email Collection",
"url": "https://attack.mitre.org/techniques/T1114",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1113",
"technique": "Screen Capture",
"url": "https://attack.mitre.org/techniques/T1113",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1112",
"technique": "Modify Registry",
"url": "https://attack.mitre.org/techniques/T1112",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1111",
"technique": "Two-Factor Authentication Interception",
"url": "https://attack.mitre.org/techniques/T1111",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1110",
"technique": "Brute Force",
"url": "https://attack.mitre.org/techniques/T1110",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1109",
"technique": "Component Firmware",
"url": "https://attack.mitre.org/techniques/T1109",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1108",
"technique": "Redundant Access",
"url": "https://attack.mitre.org/techniques/T1108",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1107",
"technique": "File Deletion",
"url": "https://attack.mitre.org/techniques/T1107",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1106",
"technique": "Execution through API",
"url": "https://attack.mitre.org/techniques/T1106",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1105",
"technique": "Remote File Copy",
"url": "https://attack.mitre.org/techniques/T1105",
"tactic": [
"Command And Control",
"Lateral Movement"
]
},
{
"technique_id": "T1104",
"technique": "Multi-Stage Channels",
"url": "https://attack.mitre.org/techniques/T1104",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1103",
"technique": "AppInit DLLs",
"url": "https://attack.mitre.org/techniques/T1103",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1102",
"technique": "Web Service",
"url": "https://attack.mitre.org/techniques/T1102",
"tactic": [
"Command And Control",
"Defense Evasion"
]
},
{
"technique_id": "T1101",
"technique": "Security Support Provider",
"url": "https://attack.mitre.org/techniques/T1101",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1100",
"technique": "Web Shell",
"url": "https://attack.mitre.org/techniques/T1100",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1099",
"technique": "Timestomp",
"url": "https://attack.mitre.org/techniques/T1099",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1098",
"technique": "Account Manipulation",
"url": "https://attack.mitre.org/techniques/T1098",
"tactic": [
"Credential Access",
"Persistence"
]
},
{
"technique_id": "T1097",
"technique": "Pass the Ticket",
"url": "https://attack.mitre.org/techniques/T1097",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1096",
"technique": "NTFS File Attributes",
"url": "https://attack.mitre.org/techniques/T1096",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1095",
"technique": "Standard Non-Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1095",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1094",
"technique": "Custom Command and Control Protocol",
"url": "https://attack.mitre.org/techniques/T1094",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1093",
"technique": "Process Hollowing",
"url": "https://attack.mitre.org/techniques/T1093",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1092",
"technique": "Communication Through Removable Media",
"url": "https://attack.mitre.org/techniques/T1092",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1091",
"technique": "Replication Through Removable Media",
"url": "https://attack.mitre.org/techniques/T1091",
"tactic": [
"Lateral Movement",
"Initial Access"
]
},
{
"technique_id": "T1090",
"technique": "Connection Proxy",
"url": "https://attack.mitre.org/techniques/T1090",
"tactic": [
"Command And Control",
"Defense Evasion"
]
},
{
"technique_id": "T1089",
"technique": "Disabling Security Tools",
"url": "https://attack.mitre.org/techniques/T1089",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1088",
"technique": "Bypass User Account Control",
"url": "https://attack.mitre.org/techniques/T1088",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1087",
"technique": "Account Discovery",
"url": "https://attack.mitre.org/techniques/T1087",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1086",
"technique": "PowerShell",
"url": "https://attack.mitre.org/techniques/T1086",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1085",
"technique": "Rundll32",
"url": "https://attack.mitre.org/techniques/T1085",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1084",
"technique": "Windows Management Instrumentation Event Subscription",
"url": "https://attack.mitre.org/techniques/T1084",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1083",
"technique": "File and Directory Discovery",
"url": "https://attack.mitre.org/techniques/T1083",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1082",
"technique": "System Information Discovery",
"url": "https://attack.mitre.org/techniques/T1082",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1081",
"technique": "Credentials in Files",
"url": "https://attack.mitre.org/techniques/T1081",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1080",
"technique": "Taint Shared Content",
"url": "https://attack.mitre.org/techniques/T1080",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1079",
"technique": "Multilayer Encryption",
"url": "https://attack.mitre.org/techniques/T1079",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1078",
"technique": "Valid Accounts",
"url": "https://attack.mitre.org/techniques/T1078",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
]
},
{
"technique_id": "T1077",
"technique": "Windows Admin Shares",
"url": "https://attack.mitre.org/techniques/T1077",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1076",
"technique": "Remote Desktop Protocol",
"url": "https://attack.mitre.org/techniques/T1076",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1075",
"technique": "Pass the Hash",
"url": "https://attack.mitre.org/techniques/T1075",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1074",
"technique": "Data Staged",
"url": "https://attack.mitre.org/techniques/T1074",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1073",
"technique": "DLL Side-Loading",
"url": "https://attack.mitre.org/techniques/T1073",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1072",
"technique": "Third-party Software",
"url": "https://attack.mitre.org/techniques/T1072",
"tactic": [
"Execution",
"Lateral Movement"
]
},
{
"technique_id": "T1071",
"technique": "Standard Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1071",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1070",
"technique": "Indicator Removal on Host",
"url": "https://attack.mitre.org/techniques/T1070",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1069",
"technique": "Permission Groups Discovery",
"url": "https://attack.mitre.org/techniques/T1069",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1068",
"technique": "Exploitation for Privilege Escalation",
"url": "https://attack.mitre.org/techniques/T1068",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1067",
"technique": "Bootkit",
"url": "https://attack.mitre.org/techniques/T1067",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1066",
"technique": "Indicator Removal from Tools",
"url": "https://attack.mitre.org/techniques/T1066",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1065",
"technique": "Uncommonly Used Port",
"url": "https://attack.mitre.org/techniques/T1065",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1064",
"technique": "Scripting",
"url": "https://attack.mitre.org/techniques/T1064",
"tactic": [
"Defense Evasion",
"Execution"
]
},
{
"technique_id": "T1063",
"technique": "Security Software Discovery",
"url": "https://attack.mitre.org/techniques/T1063",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1062",
"technique": "Hypervisor",
"url": "https://attack.mitre.org/techniques/T1062",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1061",
"technique": "Graphical User Interface",
"url": "https://attack.mitre.org/techniques/T1061",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1060",
"technique": "Registry Run Keys / Startup Folder",
"url": "https://attack.mitre.org/techniques/T1060",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1059",
"technique": "Command-Line Interface",
"url": "https://attack.mitre.org/techniques/T1059",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1058",
"technique": "Service Registry Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1058",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1057",
"technique": "Process Discovery",
"url": "https://attack.mitre.org/techniques/T1057",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1056",
"technique": "Input Capture",
"url": "https://attack.mitre.org/techniques/T1056",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1055",
"technique": "Process Injection",
"url": "https://attack.mitre.org/techniques/T1055",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
]
},
{
"technique_id": "T1054",
"technique": "Indicator Blocking",
"url": "https://attack.mitre.org/techniques/T1054",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1053",
"technique": "Scheduled Task",
"url": "https://attack.mitre.org/techniques/T1053",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1052",
"technique": "Exfiltration Over Physical Medium",
"url": "https://attack.mitre.org/techniques/T1052",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1051",
"technique": "Shared Webroot",
"url": "https://attack.mitre.org/techniques/T1051",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1050",
"technique": "New Service",
"url": "https://attack.mitre.org/techniques/T1050",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1049",
"technique": "System Network Connections Discovery",
"url": "https://attack.mitre.org/techniques/T1049",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1048",
"technique": "Exfiltration Over Alternative Protocol",
"url": "https://attack.mitre.org/techniques/T1048",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1047",
"technique": "Windows Management Instrumentation",
"url": "https://attack.mitre.org/techniques/T1047",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1046",
"technique": "Network Service Scanning",
"url": "https://attack.mitre.org/techniques/T1046",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1045",
"technique": "Software Packing",
"url": "https://attack.mitre.org/techniques/T1045",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1044",
"technique": "File System Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1044",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1043",
"technique": "Commonly Used Port",
"url": "https://attack.mitre.org/techniques/T1043",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1042",
"technique": "Change Default File Association",
"url": "https://attack.mitre.org/techniques/T1042",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1041",
"technique": "Exfiltration Over Command and Control Channel",
"url": "https://attack.mitre.org/techniques/T1041",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1040",
"technique": "Network Sniffing",
"url": "https://attack.mitre.org/techniques/T1040",
"tactic": [
"Credential Access",
"Discovery"
]
},
{
"technique_id": "T1039",
"technique": "Data from Network Shared Drive",
"url": "https://attack.mitre.org/techniques/T1039",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1038",
"technique": "DLL Search Order Hijacking",
"url": "https://attack.mitre.org/techniques/T1038",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
]
},
{
"technique_id": "T1037",
"technique": "Logon Scripts",
"url": "https://attack.mitre.org/techniques/T1037",
"tactic": [
"Lateral Movement",
"Persistence"
]
},
{
"technique_id": "T1036",
"technique": "Masquerading",
"url": "https://attack.mitre.org/techniques/T1036",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1035",
"technique": "Service Execution",
"url": "https://attack.mitre.org/techniques/T1035",
"tactic": [
"Execution"
]
},
{
"technique_id": "T1034",
"technique": "Path Interception",
"url": "https://attack.mitre.org/techniques/T1034",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1033",
"technique": "System Owner/User Discovery",
"url": "https://attack.mitre.org/techniques/T1033",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1032",
"technique": "Standard Cryptographic Protocol",
"url": "https://attack.mitre.org/techniques/T1032",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1031",
"technique": "Modify Existing Service",
"url": "https://attack.mitre.org/techniques/T1031",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1030",
"technique": "Data Transfer Size Limits",
"url": "https://attack.mitre.org/techniques/T1030",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1029",
"technique": "Scheduled Transfer",
"url": "https://attack.mitre.org/techniques/T1029",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1028",
"technique": "Windows Remote Management",
"url": "https://attack.mitre.org/techniques/T1028",
"tactic": [
"Execution",
"Lateral Movement"
]
},
{
"technique_id": "T1027",
"technique": "Obfuscated Files or Information",
"url": "https://attack.mitre.org/techniques/T1027",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1026",
"technique": "Multiband Communication",
"url": "https://attack.mitre.org/techniques/T1026",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1025",
"technique": "Data from Removable Media",
"url": "https://attack.mitre.org/techniques/T1025",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1024",
"technique": "Custom Cryptographic Protocol",
"url": "https://attack.mitre.org/techniques/T1024",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1023",
"technique": "Shortcut Modification",
"url": "https://attack.mitre.org/techniques/T1023",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1022",
"technique": "Data Encrypted",
"url": "https://attack.mitre.org/techniques/T1022",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1021",
"technique": "Remote Services",
"url": "https://attack.mitre.org/techniques/T1021",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1020",
"technique": "Automated Exfiltration",
"url": "https://attack.mitre.org/techniques/T1020",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1019",
"technique": "System Firmware",
"url": "https://attack.mitre.org/techniques/T1019",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1018",
"technique": "Remote System Discovery",
"url": "https://attack.mitre.org/techniques/T1018",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1017",
"technique": "Application Deployment Software",
"url": "https://attack.mitre.org/techniques/T1017",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1016",
"technique": "System Network Configuration Discovery",
"url": "https://attack.mitre.org/techniques/T1016",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1015",
"technique": "Accessibility Features",
"url": "https://attack.mitre.org/techniques/T1015",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1014",
"technique": "Rootkit",
"url": "https://attack.mitre.org/techniques/T1014",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1013",
"technique": "Port Monitors",
"url": "https://attack.mitre.org/techniques/T1013",
"tactic": [
"Persistence",
"Privilege Escalation"
]
},
{
"technique_id": "T1012",
"technique": "Query Registry",
"url": "https://attack.mitre.org/techniques/T1012",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1011",
"technique": "Exfiltration Over Other Network Medium",
"url": "https://attack.mitre.org/techniques/T1011",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1010",
"technique": "Application Window Discovery",
"url": "https://attack.mitre.org/techniques/T1010",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1009",
"technique": "Binary Padding",
"url": "https://attack.mitre.org/techniques/T1009",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1008",
"technique": "Fallback Channels",
"url": "https://attack.mitre.org/techniques/T1008",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1007",
"technique": "System Service Discovery",
"url": "https://attack.mitre.org/techniques/T1007",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1006",
"technique": "File System Logical Offsets",
"url": "https://attack.mitre.org/techniques/T1006",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1005",
"technique": "Data from Local System",
"url": "https://attack.mitre.org/techniques/T1005",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1004",
"technique": "Winlogon Helper DLL",
"url": "https://attack.mitre.org/techniques/T1004",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1003",
"technique": "Credential Dumping",
"url": "https://attack.mitre.org/techniques/T1003",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1002",
"technique": "Data Compressed",
"url": "https://attack.mitre.org/techniques/T1002",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1001",
"technique": "Data Obfuscation",
"url": "https://attack.mitre.org/techniques/T1001",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1397",
"technique": "Spearphishing for Information",
"url": "https://attack.mitre.org/techniques/T1397",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1307",
"technique": "Acquire and/or use 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1307",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1275",
"technique": "Aggregate individual's digital footprint",
"url": "https://attack.mitre.org/techniques/T1275",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1294",
"technique": "Analyze hardware/software security defensive capabilities",
"url": "https://attack.mitre.org/techniques/T1294",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1295",
"technique": "Analyze social and business relationships, interests, and affiliations",
"url": "https://attack.mitre.org/techniques/T1295",
"tactic": [
"People Weakness Identification"
]
},
{
"technique_id": "T1299",
"technique": "Assess opportunities created by business deals",
"url": "https://attack.mitre.org/techniques/T1299",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1228",
"technique": "Assign KITs/KIQs into categories",
"url": "https://attack.mitre.org/techniques/T1228",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1349",
"technique": "Build or acquire exploits",
"url": "https://attack.mitre.org/techniques/T1349",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1343",
"technique": "Choose pre-compromised persona and affiliated accounts",
"url": "https://attack.mitre.org/techniques/T1343",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1388",
"technique": "Compromise of externally facing system",
"url": "https://attack.mitre.org/techniques/T1388",
"tactic": [
"Compromise"
]
},
{
"technique_id": "T1268",
"technique": "Conduct social engineering",
"url": "https://attack.mitre.org/techniques/T1268",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1345",
"technique": "Create custom payloads",
"url": "https://attack.mitre.org/techniques/T1345",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1382",
"technique": "DNS poisoning",
"url": "https://attack.mitre.org/techniques/T1382",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1284",
"technique": "Determine 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1284",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1259",
"technique": "Determine external network trust dependencies",
"url": "https://attack.mitre.org/techniques/T1259",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1244",
"technique": "Determine secondary level tactical element",
"url": "https://attack.mitre.org/techniques/T1244",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1255",
"technique": "Discover target logon/email address format",
"url": "https://attack.mitre.org/techniques/T1255",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1286",
"technique": "Dumpster dive",
"url": "https://attack.mitre.org/techniques/T1286",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1377",
"technique": "Exploit public-facing application",
"url": "https://attack.mitre.org/techniques/T1377",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1365",
"technique": "Hardware or software supply chain implant",
"url": "https://attack.mitre.org/techniques/T1365",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1272",
"technique": "Identify business relationships",
"url": "https://attack.mitre.org/techniques/T1272",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1278",
"technique": "Identify job postings and needs/gaps",
"url": "https://attack.mitre.org/techniques/T1278",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1263",
"technique": "Identify security defensive capabilities",
"url": "https://attack.mitre.org/techniques/T1263",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1264",
"technique": "Identify technology usage patterns",
"url": "https://attack.mitre.org/techniques/T1264",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1252",
"technique": "Map network topology",
"url": "https://attack.mitre.org/techniques/T1252",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1316",
"technique": "Non-traditional or less attributable payment options",
"url": "https://attack.mitre.org/techniques/T1316",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1319",
"technique": "Obfuscate or encrypt code",
"url": "https://attack.mitre.org/techniques/T1319",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1281",
"technique": "Obtain templates/branding materials",
"url": "https://attack.mitre.org/techniques/T1281",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1335",
"technique": "Procure required equipment and software",
"url": "https://attack.mitre.org/techniques/T1335",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1351",
"technique": "Remote access tool development",
"url": "https://attack.mitre.org/techniques/T1351",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1395",
"technique": "Runtime code download and execution",
"url": "https://attack.mitre.org/techniques/T1395",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1367",
"technique": "Spear phishing messages with malicious attachments",
"url": "https://attack.mitre.org/techniques/T1367",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1371",
"technique": "Targeted client-side exploitation",
"url": "https://attack.mitre.org/techniques/T1371",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1357",
"technique": "Test malware in various execution environments",
"url": "https://attack.mitre.org/techniques/T1357",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1387",
"technique": "Unauthorized user introduces compromise delivery mechanism",
"url": "https://attack.mitre.org/techniques/T1387",
"tactic": [
"Compromise"
]
},
{
"technique_id": "T1329",
"technique": "Acquire and/or use 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1329",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1332",
"technique": "Acquire or compromise 3rd party signing certificates",
"url": "https://attack.mitre.org/techniques/T1332",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1287",
"technique": "Analyze data collected",
"url": "https://attack.mitre.org/techniques/T1287",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1303",
"technique": "Analyze presence of outsourced capabilities",
"url": "https://attack.mitre.org/techniques/T1303",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1224",
"technique": "Assess leadership areas of interest",
"url": "https://attack.mitre.org/techniques/T1224",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1238",
"technique": "Assign KITs, KIQs, and/or intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1238",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1347",
"technique": "Build and configure delivery systems",
"url": "https://attack.mitre.org/techniques/T1347",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1391",
"technique": "Choose pre-compromised mobile app developer account credentials or signing keys",
"url": "https://attack.mitre.org/techniques/T1391",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1354",
"technique": "Compromise 3rd party or closed-source vulnerability/exploit information",
"url": "https://attack.mitre.org/techniques/T1354",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1279",
"technique": "Conduct social engineering",
"url": "https://attack.mitre.org/techniques/T1279",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1339",
"technique": "Create backup infrastructure",
"url": "https://attack.mitre.org/techniques/T1339",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1374",
"technique": "Credential pharming",
"url": "https://attack.mitre.org/techniques/T1374",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1230",
"technique": "Derive intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1230",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1250",
"technique": "Determine domain and IP address space",
"url": "https://attack.mitre.org/techniques/T1250",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1282",
"technique": "Determine physical locations",
"url": "https://attack.mitre.org/techniques/T1282",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1350",
"technique": "Discover new exploits and monitor exploit-provider forums",
"url": "https://attack.mitre.org/techniques/T1350",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1326",
"technique": "Domain registration hijacking",
"url": "https://attack.mitre.org/techniques/T1326",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1261",
"technique": "Enumerate externally facing software applications technologies, languages, and dependencies",
"url": "https://attack.mitre.org/techniques/T1261",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1234",
"technique": "Generate analyst intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1234",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1280",
"technique": "Identify business processes/tempo",
"url": "https://attack.mitre.org/techniques/T1280",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1248",
"technique": "Identify job postings and needs/gaps",
"url": "https://attack.mitre.org/techniques/T1248",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1348",
"technique": "Identify resources required to build capabilities",
"url": "https://attack.mitre.org/techniques/T1348",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1265",
"technique": "Identify supply chains",
"url": "https://attack.mitre.org/techniques/T1265",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1375",
"technique": "Leverage compromised 3rd party resources",
"url": "https://attack.mitre.org/techniques/T1375",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1315",
"technique": "Network-based hiding techniques",
"url": "https://attack.mitre.org/techniques/T1315",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1318",
"technique": "Obfuscate operational infrastructure",
"url": "https://attack.mitre.org/techniques/T1318",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1251",
"technique": "Obtain domain/IP registration information",
"url": "https://attack.mitre.org/techniques/T1251",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1305",
"technique": "Private whois services",
"url": "https://attack.mitre.org/techniques/T1305",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1235",
"technique": "Receive operator KITs/KIQs tasking",
"url": "https://attack.mitre.org/techniques/T1235",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1358",
"technique": "Review logs and residual traces",
"url": "https://attack.mitre.org/techniques/T1358",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1340",
"technique": "Shadow DNS",
"url": "https://attack.mitre.org/techniques/T1340",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1237",
"technique": "Submit KITs, KIQs, and intelligence requirements",
"url": "https://attack.mitre.org/techniques/T1237",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1356",
"technique": "Test callback functionality",
"url": "https://attack.mitre.org/techniques/T1356",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1361",
"technique": "Test signature detection for file upload/email filters",
"url": "https://attack.mitre.org/techniques/T1361",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1327",
"technique": "Use multiple DNS infrastructures",
"url": "https://attack.mitre.org/techniques/T1327",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1277",
"technique": "Acquire OSINT data sets and information",
"url": "https://attack.mitre.org/techniques/T1277",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1310",
"technique": "Acquire or compromise 3rd party signing certificates",
"url": "https://attack.mitre.org/techniques/T1310",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1301",
"technique": "Analyze business processes",
"url": "https://attack.mitre.org/techniques/T1301",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1297",
"technique": "Analyze organizational skillsets and deficiencies",
"url": "https://attack.mitre.org/techniques/T1297",
"tactic": [
"People Weakness Identification"
]
},
{
"technique_id": "T1236",
"technique": "Assess current holdings, needs, and wants",
"url": "https://attack.mitre.org/techniques/T1236",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1298",
"technique": "Assess vulnerability of 3rd party vendors",
"url": "https://attack.mitre.org/techniques/T1298",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1384",
"technique": "Automated system performs requested action",
"url": "https://attack.mitre.org/techniques/T1384",
"tactic": [
"Compromise"
]
},
{
"technique_id": "T1352",
"technique": "C2 protocol development",
"url": "https://attack.mitre.org/techniques/T1352",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1334",
"technique": "Compromise 3rd party infrastructure to support delivery",
"url": "https://attack.mitre.org/techniques/T1334",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1253",
"technique": "Conduct passive scanning",
"url": "https://attack.mitre.org/techniques/T1253",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1383",
"technique": "Confirmation of launched compromise achieved",
"url": "https://attack.mitre.org/techniques/T1383",
"tactic": [
"Compromise"
]
},
{
"technique_id": "T1231",
"technique": "Create strategic plan",
"url": "https://attack.mitre.org/techniques/T1231",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1380",
"technique": "Deploy exploit using advertising",
"url": "https://attack.mitre.org/techniques/T1380",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1285",
"technique": "Determine centralization of IT management",
"url": "https://attack.mitre.org/techniques/T1285",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1242",
"technique": "Determine operational element",
"url": "https://attack.mitre.org/techniques/T1242",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1342",
"technique": "Develop social network persona digital footprint",
"url": "https://attack.mitre.org/techniques/T1342",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1323",
"technique": "Domain Generation Algorithms (DGA)",
"url": "https://attack.mitre.org/techniques/T1323",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1262",
"technique": "Enumerate client configurations",
"url": "https://attack.mitre.org/techniques/T1262",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1364",
"technique": "Friend/Follow/Connect to targets of interest",
"url": "https://attack.mitre.org/techniques/T1364",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1233",
"technique": "Identify analyst level gaps",
"url": "https://attack.mitre.org/techniques/T1233",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1270",
"technique": "Identify groups/roles",
"url": "https://attack.mitre.org/techniques/T1270",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1271",
"technique": "Identify personnel with an authority/privilege",
"url": "https://attack.mitre.org/techniques/T1271",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1246",
"technique": "Identify supply chains",
"url": "https://attack.mitre.org/techniques/T1246",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1336",
"technique": "Install and configure hardware, network, and systems",
"url": "https://attack.mitre.org/techniques/T1336",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1322",
"technique": "Misattributable credentials",
"url": "https://attack.mitre.org/techniques/T1322",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1331",
"technique": "Obfuscate infrastructure",
"url": "https://attack.mitre.org/techniques/T1331",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1396",
"technique": "Obtain booter/stressor subscription",
"url": "https://attack.mitre.org/techniques/T1396",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1353",
"technique": "Post compromise tool development",
"url": "https://attack.mitre.org/techniques/T1353",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1239",
"technique": "Receive KITs/KIQs and determine requirements",
"url": "https://attack.mitre.org/techniques/T1239",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1290",
"technique": "Research visibility gap of security vendors",
"url": "https://attack.mitre.org/techniques/T1290",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1317",
"technique": "Secure and protect infrastructure",
"url": "https://attack.mitre.org/techniques/T1317",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1393",
"technique": "Test ability to evade automated mobile application security analysis performed by app stores",
"url": "https://attack.mitre.org/techniques/T1393",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1292",
"technique": "Test signature detection",
"url": "https://attack.mitre.org/techniques/T1292",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1362",
"technique": "Upload, install, and configure software/tools",
"url": "https://attack.mitre.org/techniques/T1362",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1266",
"technique": "Acquire OSINT data sets and information",
"url": "https://attack.mitre.org/techniques/T1266",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1308",
"technique": "Acquire and/or use 3rd party software services",
"url": "https://attack.mitre.org/techniques/T1308",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1293",
"technique": "Analyze application security posture",
"url": "https://attack.mitre.org/techniques/T1293",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1300",
"technique": "Analyze organizational skillsets and deficiencies",
"url": "https://attack.mitre.org/techniques/T1300",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1306",
"technique": "Anonymity services",
"url": "https://attack.mitre.org/techniques/T1306",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1302",
"technique": "Assess security posture of physical locations",
"url": "https://attack.mitre.org/techniques/T1302",
"tactic": [
"Organizational Weakness Identification"
]
},
{
"technique_id": "T1381",
"technique": "Authentication attempt",
"url": "https://attack.mitre.org/techniques/T1381",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1341",
"technique": "Build social network persona",
"url": "https://attack.mitre.org/techniques/T1341",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1321",
"technique": "Common, high volume protocols and software",
"url": "https://attack.mitre.org/techniques/T1321",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1254",
"technique": "Conduct active scanning",
"url": "https://attack.mitre.org/techniques/T1254",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1249",
"technique": "Conduct social engineering",
"url": "https://attack.mitre.org/techniques/T1249",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1232",
"technique": "Create implementation plan",
"url": "https://attack.mitre.org/techniques/T1232",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1324",
"technique": "DNSCalc",
"url": "https://attack.mitre.org/techniques/T1324",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1260",
"technique": "Determine 3rd party infrastructure services",
"url": "https://attack.mitre.org/techniques/T1260",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1258",
"technique": "Determine firmware version",
"url": "https://attack.mitre.org/techniques/T1258",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1241",
"technique": "Determine strategic target",
"url": "https://attack.mitre.org/techniques/T1241",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1379",
"technique": "Disseminate removable media",
"url": "https://attack.mitre.org/techniques/T1379",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1311",
"technique": "Dynamic DNS",
"url": "https://attack.mitre.org/techniques/T1311",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1325",
"technique": "Fast Flux DNS",
"url": "https://attack.mitre.org/techniques/T1325",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1314",
"technique": "Host-based hiding techniques",
"url": "https://attack.mitre.org/techniques/T1314",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1283",
"technique": "Identify business relationships",
"url": "https://attack.mitre.org/techniques/T1283",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1267",
"technique": "Identify job postings and needs/gaps",
"url": "https://attack.mitre.org/techniques/T1267",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1274",
"technique": "Identify sensitive personnel information",
"url": "https://attack.mitre.org/techniques/T1274",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1389",
"technique": "Identify vulnerabilities in third-party software libraries",
"url": "https://attack.mitre.org/techniques/T1389",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1273",
"technique": "Mine social media",
"url": "https://attack.mitre.org/techniques/T1273",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1390",
"technique": "OS-vendor provided communication channels",
"url": "https://attack.mitre.org/techniques/T1390",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1313",
"technique": "Obfuscation or cryptography",
"url": "https://attack.mitre.org/techniques/T1313",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1247",
"technique": "Acquire OSINT data sets and information",
"url": "https://attack.mitre.org/techniques/T1247",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1346",
"technique": "Obtain/re-use payloads",
"url": "https://attack.mitre.org/techniques/T1346",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1330",
"technique": "Acquire and/or use 3rd party software services",
"url": "https://attack.mitre.org/techniques/T1330",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1288",
"technique": "Analyze architecture and configuration posture",
"url": "https://attack.mitre.org/techniques/T1288",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1304",
"technique": "Proxy/protocol relays",
"url": "https://attack.mitre.org/techniques/T1304",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1289",
"technique": "Analyze organizational skillsets and deficiencies",
"url": "https://attack.mitre.org/techniques/T1289",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1378",
"technique": "Replace legitimate binary with malware",
"url": "https://attack.mitre.org/techniques/T1378",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1229",
"technique": "Assess KITs/KIQs benefits",
"url": "https://attack.mitre.org/techniques/T1229",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1337",
"technique": "SSL certificate acquisition for domain",
"url": "https://attack.mitre.org/techniques/T1337",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1296",
"technique": "Assess targeting options",
"url": "https://attack.mitre.org/techniques/T1296",
"tactic": [
"People Weakness Identification"
]
},
{
"technique_id": "T1386",
"technique": "Authorized user performs requested cyber action",
"url": "https://attack.mitre.org/techniques/T1386",
"tactic": [
"Compromise"
]
},
{
"technique_id": "T1369",
"technique": "Spear phishing messages with malicious links",
"url": "https://attack.mitre.org/techniques/T1369",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1328",
"technique": "Buy domain name",
"url": "https://attack.mitre.org/techniques/T1328",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1366",
"technique": "Targeted social media phishing",
"url": "https://attack.mitre.org/techniques/T1366",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1312",
"technique": "Compromise 3rd party infrastructure to support delivery",
"url": "https://attack.mitre.org/techniques/T1312",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1359",
"technique": "Test malware to evade detection",
"url": "https://attack.mitre.org/techniques/T1359",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1226",
"technique": "Conduct cost/benefit analysis",
"url": "https://attack.mitre.org/techniques/T1226",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1376",
"technique": "Conduct social engineering or HUMINT operation",
"url": "https://attack.mitre.org/techniques/T1376",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1355",
"technique": "Create infected removable media",
"url": "https://attack.mitre.org/techniques/T1355",
"tactic": [
"Build Capabilities"
]
},
{
"technique_id": "T1320",
"technique": "Data Hiding",
"url": "https://attack.mitre.org/techniques/T1320",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1245",
"technique": "Determine approach/attack vector",
"url": "https://attack.mitre.org/techniques/T1245",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1243",
"technique": "Determine highest level tactical element",
"url": "https://attack.mitre.org/techniques/T1243",
"tactic": [
"Target Selection"
]
},
{
"technique_id": "T1227",
"technique": "Develop KITs/KIQs",
"url": "https://attack.mitre.org/techniques/T1227",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1394",
"technique": "Distribute malicious software development tools",
"url": "https://attack.mitre.org/techniques/T1394",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1333",
"technique": "Dynamic DNS",
"url": "https://attack.mitre.org/techniques/T1333",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1344",
"technique": "Friend/Follow/Connect to targets of interest",
"url": "https://attack.mitre.org/techniques/T1344",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1385",
"technique": "Human performs requested action of physical nature",
"url": "https://attack.mitre.org/techniques/T1385",
"tactic": [
"Compromise"
]
},
{
"technique_id": "T1225",
"technique": "Identify gap areas",
"url": "https://attack.mitre.org/techniques/T1225",
"tactic": [
"Priority Definition Planning"
]
},
{
"technique_id": "T1269",
"technique": "Identify people of interest",
"url": "https://attack.mitre.org/techniques/T1269",
"tactic": [
"People Information Gathering"
]
},
{
"technique_id": "T1276",
"technique": "Identify supply chains",
"url": "https://attack.mitre.org/techniques/T1276",
"tactic": [
"Organizational Information Gathering"
]
},
{
"technique_id": "T1256",
"technique": "Identify web defensive services",
"url": "https://attack.mitre.org/techniques/T1256",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1257",
"technique": "Mine technical blogs/forums",
"url": "https://attack.mitre.org/techniques/T1257",
"tactic": [
"Technical Information Gathering"
]
},
{
"technique_id": "T1309",
"technique": "Obfuscate infrastructure",
"url": "https://attack.mitre.org/techniques/T1309",
"tactic": [
"Adversary Opsec"
]
},
{
"technique_id": "T1392",
"technique": "Obtain Apple iOS enterprise distribution key pair and certificate",
"url": "https://attack.mitre.org/techniques/T1392",
"tactic": [
"Persona Development"
]
},
{
"technique_id": "T1363",
"technique": "Port redirector",
"url": "https://attack.mitre.org/techniques/T1363",
"tactic": [
"Stage Capabilities"
]
},
{
"technique_id": "T1373",
"technique": "Push-notification client-side exploit",
"url": "https://attack.mitre.org/techniques/T1373",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1291",
"technique": "Research relevant vulnerabilities/CVEs",
"url": "https://attack.mitre.org/techniques/T1291",
"tactic": [
"Technical Weakness Identification"
]
},
{
"technique_id": "T1338",
"technique": "SSL certificate acquisition for trust breaking",
"url": "https://attack.mitre.org/techniques/T1338",
"tactic": [
"Establish & Maintain Infrastructure"
]
},
{
"technique_id": "T1368",
"technique": "Spear phishing messages with text only",
"url": "https://attack.mitre.org/techniques/T1368",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1240",
"technique": "Task requirements",
"url": "https://attack.mitre.org/techniques/T1240",
"tactic": [
"Priority Definition Direction"
]
},
{
"technique_id": "T1360",
"technique": "Test physical access",
"url": "https://attack.mitre.org/techniques/T1360",
"tactic": [
"Test Capabilities"
]
},
{
"technique_id": "T1370",
"technique": "Untargeted client-side exploitation",
"url": "https://attack.mitre.org/techniques/T1370",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1372",
"technique": "Unconditional client-side exploitation/Injected Website/Driveby",
"url": "https://attack.mitre.org/techniques/T1372",
"tactic": [
"Launch"
]
},
{
"technique_id": "T1533",
"technique": "Data from Local System",
"url": "https://attack.mitre.org/techniques/T1533",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1532",
"technique": "Data Encrypted",
"url": "https://attack.mitre.org/techniques/T1532",
"tactic": [
"Exfiltration"
]
},
{
"technique_id": "T1523",
"technique": "Evade Analysis Environment",
"url": "https://attack.mitre.org/techniques/T1523",
"tactic": [
"Defense Evasion",
"Discovery"
]
},
{
"technique_id": "T1521",
"technique": "Standard Cryptographic Protocol",
"url": "https://attack.mitre.org/techniques/T1521",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1520",
"technique": "Domain Generation Algorithms",
"url": "https://attack.mitre.org/techniques/T1520",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1516",
"technique": "Input Injection",
"url": "https://attack.mitre.org/techniques/T1516",
"tactic": [
"Defense Evasion",
"Impact"
]
},
{
"technique_id": "T1517",
"technique": "Access Notifications",
"url": "https://attack.mitre.org/techniques/T1517",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1512",
"technique": "Capture Camera",
"url": "https://attack.mitre.org/techniques/T1512",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1513",
"technique": "Screen Capture",
"url": "https://attack.mitre.org/techniques/T1513",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1509",
"technique": "Uncommonly Used Port",
"url": "https://attack.mitre.org/techniques/T1509",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1510",
"technique": "Clipboard Modification",
"url": "https://attack.mitre.org/techniques/T1510",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1508",
"technique": "Suppress Application Icon",
"url": "https://attack.mitre.org/techniques/T1508",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1507",
"technique": "Network Information Discovery",
"url": "https://attack.mitre.org/techniques/T1507",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1481",
"technique": "Web Service",
"url": "https://attack.mitre.org/techniques/T1481",
"tactic": [
"Command And Control"
]
},
{
"technique_id": "T1476",
"technique": "Deliver Malicious App via Other Means",
"url": "https://attack.mitre.org/techniques/T1476",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1475",
"technique": "Deliver Malicious App via Authorized App Store",
"url": "https://attack.mitre.org/techniques/T1475",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1474",
"technique": "Supply Chain Compromise",
"url": "https://attack.mitre.org/techniques/T1474",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1477",
"technique": "Exploit via Radio Interfaces",
"url": "https://attack.mitre.org/techniques/T1477",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1478",
"technique": "Install Insecure or Malicious Configuration",
"url": "https://attack.mitre.org/techniques/T1478",
"tactic": [
"Defense Evasion",
"Initial Access"
]
},
{
"technique_id": "T1444",
"technique": "Masquerade as Legitimate Application",
"url": "https://attack.mitre.org/techniques/T1444",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1443",
"technique": "Remotely Install Application",
"url": "https://attack.mitre.org/techniques/T1443",
"tactic": []
},
{
"technique_id": "T1411",
"technique": "Input Prompt",
"url": "https://attack.mitre.org/techniques/T1411",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1424",
"technique": "Process Discovery",
"url": "https://attack.mitre.org/techniques/T1424",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1421",
"technique": "System Network Connections Discovery",
"url": "https://attack.mitre.org/techniques/T1421",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1437",
"technique": "Standard Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1437",
"tactic": [
"Command And Control",
"Exfiltration"
]
},
{
"technique_id": "T1422",
"technique": "System Network Configuration Discovery",
"url": "https://attack.mitre.org/techniques/T1422",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1406",
"technique": "Obfuscated Files or Information",
"url": "https://attack.mitre.org/techniques/T1406",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1416",
"technique": "Android Intent Hijacking",
"url": "https://attack.mitre.org/techniques/T1416",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1447",
"technique": "Delete Device Data",
"url": "https://attack.mitre.org/techniques/T1447",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1398",
"technique": "Modify OS Kernel or Boot Partition",
"url": "https://attack.mitre.org/techniques/T1398",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1400",
"technique": "Modify System Partition",
"url": "https://attack.mitre.org/techniques/T1400",
"tactic": [
"Defense Evasion",
"Persistence",
"Impact"
]
},
{
"technique_id": "T1425",
"technique": "Insecure Third-Party Libraries",
"url": "https://attack.mitre.org/techniques/T1425",
"tactic": []
},
{
"technique_id": "T1402",
"technique": "App Auto-Start at Device Boot",
"url": "https://attack.mitre.org/techniques/T1402",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1401",
"technique": "Abuse Device Administrator Access to Prevent Removal",
"url": "https://attack.mitre.org/techniques/T1401",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1404",
"technique": "Exploit OS Vulnerability",
"url": "https://attack.mitre.org/techniques/T1404",
"tactic": [
"Privilege Escalation"
]
},
{
"technique_id": "T1403",
"technique": "Modify Cached Executable Code",
"url": "https://attack.mitre.org/techniques/T1403",
"tactic": [
"Persistence"
]
},
{
"technique_id": "T1442",
"technique": "Fake Developer Accounts",
"url": "https://attack.mitre.org/techniques/T1442",
"tactic": []
},
{
"technique_id": "T1419",
"technique": "Device Type Discovery",
"url": "https://attack.mitre.org/techniques/T1419",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1418",
"technique": "Application Discovery",
"url": "https://attack.mitre.org/techniques/T1418",
"tactic": [
"Defense Evasion",
"Discovery"
]
},
{
"technique_id": "T1417",
"technique": "Input Capture",
"url": "https://attack.mitre.org/techniques/T1417",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1438",
"technique": "Alternate Network Mediums",
"url": "https://attack.mitre.org/techniques/T1438",
"tactic": [
"Command And Control",
"Exfiltration"
]
},
{
"technique_id": "T1423",
"technique": "Network Service Scanning",
"url": "https://attack.mitre.org/techniques/T1423",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1440",
"technique": "Detect App Analysis Environment",
"url": "https://attack.mitre.org/techniques/T1440",
"tactic": []
},
{
"technique_id": "T1439",
"technique": "Eavesdrop on Insecure Network Communication",
"url": "https://attack.mitre.org/techniques/T1439",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1464",
"technique": "Jamming or Denial of Service",
"url": "https://attack.mitre.org/techniques/T1464",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1463",
"technique": "Manipulate Device Communication",
"url": "https://attack.mitre.org/techniques/T1463",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1462",
"technique": "Malicious Software Development Tools",
"url": "https://attack.mitre.org/techniques/T1462",
"tactic": []
},
{
"technique_id": "T1461",
"technique": "Lockscreen Bypass",
"url": "https://attack.mitre.org/techniques/T1461",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1460",
"technique": "Biometric Spoofing",
"url": "https://attack.mitre.org/techniques/T1460",
"tactic": []
},
{
"technique_id": "T1459",
"technique": "Device Unlock Code Guessing or Brute Force",
"url": "https://attack.mitre.org/techniques/T1459",
"tactic": []
},
{
"technique_id": "T1458",
"technique": "Exploit via Charging Station or PC",
"url": "https://attack.mitre.org/techniques/T1458",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1405",
"technique": "Exploit TEE Vulnerability",
"url": "https://attack.mitre.org/techniques/T1405",
"tactic": [
"Credential Access",
"Privilege Escalation"
]
},
{
"technique_id": "T1467",
"technique": "Rogue Cellular Base Station",
"url": "https://attack.mitre.org/techniques/T1467",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1420",
"technique": "File and Directory Discovery",
"url": "https://attack.mitre.org/techniques/T1420",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1466",
"technique": "Downgrade to Insecure Protocols",
"url": "https://attack.mitre.org/techniques/T1466",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1465",
"technique": "Rogue Wi-Fi Access Points",
"url": "https://attack.mitre.org/techniques/T1465",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1468",
"technique": "Remotely Track Device Without Authorization",
"url": "https://attack.mitre.org/techniques/T1468",
"tactic": [
"Remote Service Effects"
]
},
{
"technique_id": "T1435",
"technique": "Access Calendar Entries",
"url": "https://attack.mitre.org/techniques/T1435",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1451",
"technique": "SIM Card Swap",
"url": "https://attack.mitre.org/techniques/T1451",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1414",
"technique": "Capture Clipboard Data",
"url": "https://attack.mitre.org/techniques/T1414",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1457",
"technique": "Malicious Media Content",
"url": "https://attack.mitre.org/techniques/T1457",
"tactic": []
},
{
"technique_id": "T1426",
"technique": "System Information Discovery",
"url": "https://attack.mitre.org/techniques/T1426",
"tactic": [
"Discovery"
]
},
{
"technique_id": "T1472",
"technique": "Generate Fraudulent Advertising Revenue",
"url": "https://attack.mitre.org/techniques/T1472",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1399",
"technique": "Modify Trusted Execution Environment",
"url": "https://attack.mitre.org/techniques/T1399",
"tactic": [
"Defense Evasion",
"Persistence"
]
},
{
"technique_id": "T1470",
"technique": "Obtain Device Cloud Backups",
"url": "https://attack.mitre.org/techniques/T1470",
"tactic": [
"Remote Service Effects"
]
},
{
"technique_id": "T1446",
"technique": "Device Lockout",
"url": "https://attack.mitre.org/techniques/T1446",
"tactic": [
"Impact",
"Defense Evasion"
]
},
{
"technique_id": "T1415",
"technique": "URL Scheme Hijacking",
"url": "https://attack.mitre.org/techniques/T1415",
"tactic": [
"Credential Access"
]
},
{
"technique_id": "T1413",
"technique": "Access Sensitive Data in Device Logs",
"url": "https://attack.mitre.org/techniques/T1413",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1436",
"technique": "Commonly Used Port",
"url": "https://attack.mitre.org/techniques/T1436",
"tactic": [
"Command And Control",
"Exfiltration"
]
},
{
"technique_id": "T1445",
"technique": "Abuse of iOS Enterprise App Signing Key",
"url": "https://attack.mitre.org/techniques/T1445",
"tactic": []
},
{
"technique_id": "T1412",
"technique": "Capture SMS Messages",
"url": "https://attack.mitre.org/techniques/T1412",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1409",
"technique": "Access Stored Application Data",
"url": "https://attack.mitre.org/techniques/T1409",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1410",
"technique": "Network Traffic Capture or Redirection",
"url": "https://attack.mitre.org/techniques/T1410",
"tactic": [
"Collection",
"Credential Access"
]
},
{
"technique_id": "T1407",
"technique": "Download New Code at Runtime",
"url": "https://attack.mitre.org/techniques/T1407",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1408",
"technique": "Disguise Root/Jailbreak Indicators",
"url": "https://attack.mitre.org/techniques/T1408",
"tactic": [
"Defense Evasion"
]
},
{
"technique_id": "T1427",
"technique": "Attack PC via USB Connection",
"url": "https://attack.mitre.org/techniques/T1427",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1428",
"technique": "Exploit Enterprise Resources",
"url": "https://attack.mitre.org/techniques/T1428",
"tactic": [
"Lateral Movement"
]
},
{
"technique_id": "T1429",
"technique": "Capture Audio",
"url": "https://attack.mitre.org/techniques/T1429",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1430",
"technique": "Location Tracking",
"url": "https://attack.mitre.org/techniques/T1430",
"tactic": [
"Collection",
"Discovery"
]
},
{
"technique_id": "T1431",
"technique": "App Delivered via Web Download",
"url": "https://attack.mitre.org/techniques/T1431",
"tactic": []
},
{
"technique_id": "T1432",
"technique": "Access Contact List",
"url": "https://attack.mitre.org/techniques/T1432",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1433",
"technique": "Access Call Log",
"url": "https://attack.mitre.org/techniques/T1433",
"tactic": [
"Collection"
]
},
{
"technique_id": "T1434",
"technique": "App Delivered via Email Attachment",
"url": "https://attack.mitre.org/techniques/T1434",
"tactic": []
},
{
"technique_id": "T1471",
"technique": "Data Encrypted for Impact",
"url": "https://attack.mitre.org/techniques/T1471",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1450",
"technique": "Exploit SS7 to Track Device Location",
"url": "https://attack.mitre.org/techniques/T1450",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1473",
"technique": "Malicious or Vulnerable Built-in Device Functionality",
"url": "https://attack.mitre.org/techniques/T1473",
"tactic": []
},
{
"technique_id": "T1448",
"technique": "Premium SMS Toll Fraud",
"url": "https://attack.mitre.org/techniques/T1448",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1453",
"technique": "Abuse Accessibility Features",
"url": "https://attack.mitre.org/techniques/T1453",
"tactic": [
"Collection",
"Credential Access",
"Impact",
"Defense Evasion"
]
},
{
"technique_id": "T1454",
"technique": "Malicious SMS Message",
"url": "https://attack.mitre.org/techniques/T1454",
"tactic": []
},
{
"technique_id": "T1469",
"technique": "Remotely Wipe Data Without Authorization",
"url": "https://attack.mitre.org/techniques/T1469",
"tactic": [
"Remote Service Effects"
]
},
{
"technique_id": "T1452",
"technique": "Manipulate App Store Rankings or Ratings",
"url": "https://attack.mitre.org/techniques/T1452",
"tactic": [
"Impact"
]
},
{
"technique_id": "T1455",
"technique": "Exploit Baseband Vulnerability",
"url": "https://attack.mitre.org/techniques/T1455",
"tactic": []
},
{
"technique_id": "T1456",
"technique": "Drive-by Compromise",
"url": "https://attack.mitre.org/techniques/T1456",
"tactic": [
"Initial Access"
]
},
{
"technique_id": "T1449",
"technique": "Exploit SS7 to Redirect Phone Calls/SMS",
"url": "https://attack.mitre.org/techniques/T1449",
"tactic": [
"Network Effects"
]
},
{
"technique_id": "T1441",
"technique": "Stolen Developer Credentials or Signing Keys",
"url": "https://attack.mitre.org/techniques/T1441",
"tactic": []
}
]
Reference in New Issue View Git Blame Copy Permalink