security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e91fc4486e57fc40e30d12253694de4c80a9e4ea
blue-team-tools/tools/config/mitre/techniques.json
T

11435 lines
225 KiB
JSON
Raw Blame History

[
{
"technique_id": "T0800",
"technique": "Activate Firmware Update Mode",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0800",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0801",
"technique": "Monitor Process State",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0801",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Data Historian",
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0802",
"technique": "Automated Collection",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0802",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay",
"Control Server"
]
},
{
"technique_id": "T0803",
"technique": "Block Command Message",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0803",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Device Configuration/Parameters"
]
},
{
"technique_id": "T0804",
"technique": "Block Reporting Message",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0804",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Input/Output Server",
"Device Configuration/Parameters"
]
},
{
"technique_id": "T0805",
"technique": "Block Serial COM",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0805",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Input/Output Server",
"Device Configuration/Parameters"
]
},
{
"technique_id": "T0806",
"technique": "Brute Force I/O",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0806",
"tactic": [
"Impair Process Control"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0807",
"technique": "Command-Line Interface",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0807",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface",
"Input/Output Server"
]
},
{
"technique_id": "T0809",
"technique": "Data Destruction",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0809",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Human-Machine Interface",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0811",
"technique": "Data from Information Repositories",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0811",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Engineering Workstation",
"Human-Machine Interface"
]
},
{
"technique_id": "T0812",
"technique": "Default Credentials",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0812",
"tactic": [
"Lateral Movement"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay",
"Control Server",
"Engineering Workstation"
]
},
{
"technique_id": "T0813",
"technique": "Denial of Control",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T813",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T0814",
"technique": "Denial of Service",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0814",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0815",
"technique": "Denial of View",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0815",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0816",
"technique": "Device Restart/Shutdown",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0816",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0817",
"technique": "Drive-by Compromise",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0817",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0819",
"technique": "Exploit Public-Facing Application",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0819",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface"
]
},
{
"technique_id": "T0820",
"technique": "Exploitation for Evasion",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0820",
"tactic": [
"Evasion"
],
"domain": [
"ICS"
],
"platform": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0821",
"technique": "Modify Controller Tasking",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0821",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0822",
"technique": "External Remote Services",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0822",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Input/Output Server"
]
},
{
"technique_id": "T0823",
"technique": "Graphical User Interface",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0823",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface"
]
},
{
"technique_id": "T0826",
"technique": "Loss of Availability",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0826",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T0827",
"technique": "Loss of Control",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0827",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0828",
"technique": "Loss of Productivity and Revenue",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0828",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0829",
"technique": "Loss of View",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0829",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Engineering Workstation"
]
},
{
"technique_id": "T0830",
"technique": "Man in the Middle",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0830",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface"
]
},
{
"technique_id": "T0831",
"technique": "Manipulation of Control",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0831",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0832",
"technique": "Manipulation of View",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0832",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation",
"Human-Machine Interface",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0834",
"technique": "Native API",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0834",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface",
"Input/Output Server",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0835",
"technique": "Manipulate I/O Image",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T835",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0836",
"technique": "Modify Parameter",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0836",
"tactic": [
"Impair Process Control"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay",
"Human-Machine Interface"
]
},
{
"technique_id": "T0837",
"technique": "Loss of Protection",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0837",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0838",
"technique": "Modify Alarm Settings",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0838",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED",
"Device Configuration/Parameters"
]
},
{
"technique_id": "T0839",
"technique": "Module Firmware",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0839",
"tactic": [
"Persistence",
"Impair Process Control"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0840",
"technique": "Network Connection Enumeration",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0840",
"tactic": [
"Discovery"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface"
]
},
{
"technique_id": "T0842",
"technique": "Network Sniffing",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0842",
"tactic": [
"Discovery"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0843",
"technique": "Program Download",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0843",
"tactic": [
"Lateral Movement"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0845",
"technique": "Program Upload",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0845",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0846",
"technique": "Remote System Discovery",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0846",
"tactic": [
"Discovery"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface"
]
},
{
"technique_id": "T0847",
"technique": "Replication Through Removable Media",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0847",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Data Historian",
"Control Server"
]
},
{
"technique_id": "T0848",
"technique": "Rogue Master",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0848",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Engineering Workstation"
]
},
{
"technique_id": "T0849",
"technique": "Masquerading",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0849",
"tactic": [
"Evasion"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server"
]
},
{
"technique_id": "T0851",
"technique": "Rootkit",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0851",
"tactic": [
"Evasion",
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0852",
"technique": "Screen Capture",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0852",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface"
]
},
{
"technique_id": "T0853",
"technique": "Scripting",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0853",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation"
]
},
{
"technique_id": "T0855",
"technique": "Unauthorized Command Message",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0855",
"tactic": [
"Impair Process Control"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0856",
"technique": "Spoof Reporting Message",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0856",
"tactic": [
"Evasion",
"Impair Process Control"
],
"domain": [
"ICS"
],
"platform": [
"Control Server"
]
},
{
"technique_id": "T0857",
"technique": "System Firmware",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0857",
"tactic": [
"Persistence",
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED",
"Input/Output Server"
]
},
{
"technique_id": "T0858",
"technique": "Change Operating Mode",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0858",
"tactic": [
"Execution",
"Evasion"
],
"domain": [
"ICS"
],
"platform": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0859",
"technique": "Valid Accounts",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0859",
"tactic": [
"Persistence",
"Lateral Movement"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Engineering Workstation",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface",
"Input/Output Server",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0860",
"technique": "Wireless Compromise",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0860",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Field Controller/RTU/PLC/IED",
"Input/Output Server"
]
},
{
"technique_id": "T0861",
"technique": "Point & Tag Identification",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0861",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Data Historian",
"Control Server",
"Human-Machine Interface"
]
},
{
"technique_id": "T0862",
"technique": "Supply Chain Compromise",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0862",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface",
"Input/Output Server",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0863",
"technique": "User Execution",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0863",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation",
"Human-Machine Interface"
]
},
{
"technique_id": "T0864",
"technique": "Transient Cyber Asset",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0864",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation"
]
},
{
"technique_id": "T0865",
"technique": "Spearphishing Attachment",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0865",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation",
"Human-Machine Interface",
"Control Server",
"Data Historian"
]
},
{
"technique_id": "T0866",
"technique": "Exploitation of Remote Services",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0866",
"tactic": [
"Lateral Movement",
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Data Historian",
"Engineering Workstation"
]
},
{
"technique_id": "T0867",
"technique": "Lateral Tool Transfer",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0867",
"tactic": [
"Lateral Movement"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Data Historian"
]
},
{
"technique_id": "T0868",
"technique": "Detect Operating Mode",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0868",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0869",
"technique": "Standard Application Layer Protocol",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0869",
"tactic": [
"Command and Control"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Data Historian",
"Engineering Workstation"
]
},
{
"technique_id": "T0871",
"technique": "Execution through API",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0871",
"tactic": [
"Execution"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0872",
"technique": "Indicator Removal on Host",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0872",
"tactic": [
"Evasion"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0873",
"technique": "Project File Infection",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0873",
"tactic": [
"Persistence"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation",
"Human-Machine Interface"
]
},
{
"technique_id": "T0874",
"technique": "Hooking",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0874",
"tactic": [
"Execution",
"Privilege Escalation"
],
"domain": [
"ICS"
],
"platform": [
"Engineering Workstation"
]
},
{
"technique_id": "T0877",
"technique": "I/O Image",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0877",
"tactic": [
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0878",
"technique": "Alarm Suppression",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0878",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED",
"Safety Instrumented System/Protection Relay",
"Device Configuration/Parameters"
]
},
{
"technique_id": "T0879",
"technique": "Damage to Property",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0879",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0880",
"technique": "Loss of Safety",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0880",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0881",
"technique": "Service Stop",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0881",
"tactic": [
"Inhibit Response Function"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Data Historian",
"Engineering Workstation"
]
},
{
"technique_id": "T0882",
"technique": "Theft of Operational Information",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0882",
"tactic": [
"Impact"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0883",
"technique": "Internet Accessible Device",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0883",
"tactic": [
"Initial Access"
],
"domain": [
"ICS"
],
"platform": [
"Control Server",
"Data Historian",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface",
"Input/Output Server",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T0884",
"technique": "Connection Proxy",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0884",
"tactic": [
"Command and Control"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0885",
"technique": "Commonly Used Port",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0885",
"tactic": [
"Command and Control"
],
"domain": [
"ICS"
],
"platform": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED",
"Human-Machine Interface",
"Control Server",
"Engineering Workstation"
]
},
{
"technique_id": "T0886",
"technique": "Remote Services",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0886",
"tactic": [
"Initial Access",
"Lateral Movement"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Control Server",
"Engineering Workstation"
]
},
{
"technique_id": "T0887",
"technique": "Wireless Sniffing",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0887",
"tactic": [
"Discovery",
"Collection"
],
"domain": [
"ICS"
],
"platform": [
"None"
]
},
{
"technique_id": "T0888",
"technique": "Remote System Information Discovery",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0888",
"tactic": [
"Discovery"
],
"domain": [
"ICS"
],
"platform": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0889",
"technique": "Modify Program",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0889",
"tactic": [
"Persistence"
],
"domain": [
"ICS"
],
"platform": [
"Field Controller/RTU/PLC/IED"
]
},
{
"technique_id": "T0890",
"technique": "Exploitation for Privilege Escalation",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0890",
"tactic": [
"Privilege Escalation"
],
"domain": [
"ICS"
],
"platform": [
"Human-Machine Interface",
"Safety Instrumented System/Protection Relay"
]
},
{
"technique_id": "T1001",
"technique": "Data Obfuscation",
"url": "https://attack.mitre.org/techniques/T1001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1001.001",
"technique": "Data Obfuscation: Junk Data",
"url": "https://attack.mitre.org/techniques/T1001/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1001.002",
"technique": "Data Obfuscation: Steganography",
"url": "https://attack.mitre.org/techniques/T1001/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1001.003",
"technique": "Data Obfuscation: Protocol Impersonation",
"url": "https://attack.mitre.org/techniques/T1001/003",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1003",
"technique": "OS Credential Dumping",
"url": "https://attack.mitre.org/techniques/T1003",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1003.001",
"technique": "OS Credential Dumping: LSASS Memory",
"url": "https://attack.mitre.org/techniques/T1003/001",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1003.002",
"technique": "OS Credential Dumping: Security Account Manager",
"url": "https://attack.mitre.org/techniques/T1003/002",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1003.003",
"technique": "OS Credential Dumping: NTDS",
"url": "https://attack.mitre.org/techniques/T1003/003",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1003.004",
"technique": "OS Credential Dumping: LSA Secrets",
"url": "https://attack.mitre.org/techniques/T1003/004",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1003.005",
"technique": "OS Credential Dumping: Cached Domain Credentials",
"url": "https://attack.mitre.org/techniques/T1003/005",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1003.006",
"technique": "OS Credential Dumping: DCSync",
"url": "https://attack.mitre.org/techniques/T1003/006",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1003.007",
"technique": "OS Credential Dumping: Proc Filesystem",
"url": "https://attack.mitre.org/techniques/T1003/007",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1003.008",
"technique": "OS Credential Dumping: /etc/passwd and /etc/shadow",
"url": "https://attack.mitre.org/techniques/T1003/008",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1005",
"technique": "Data from Local System",
"url": "https://attack.mitre.org/techniques/T1005",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1006",
"technique": "Direct Volume Access",
"url": "https://attack.mitre.org/techniques/T1006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1007",
"technique": "System Service Discovery",
"url": "https://attack.mitre.org/techniques/T1007",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS"
]
},
{
"technique_id": "T1008",
"technique": "Fallback Channels",
"url": "https://attack.mitre.org/techniques/T1008",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1010",
"technique": "Application Window Discovery",
"url": "https://attack.mitre.org/techniques/T1010",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows"
]
},
{
"technique_id": "T1011",
"technique": "Exfiltration Over Other Network Medium",
"url": "https://attack.mitre.org/techniques/T1011",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1011.001",
"technique": "Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth",
"url": "https://attack.mitre.org/techniques/T1011/001",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1012",
"technique": "Query Registry",
"url": "https://attack.mitre.org/techniques/T1012",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1014",
"technique": "Rootkit",
"url": "https://attack.mitre.org/techniques/T1014",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1016",
"technique": "System Network Configuration Discovery",
"url": "https://attack.mitre.org/techniques/T1016",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1016.001",
"technique": "System Network Configuration Discovery: Internet Connection Discovery",
"url": "https://attack.mitre.org/techniques/T1016/001",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1018",
"technique": "Remote System Discovery",
"url": "https://attack.mitre.org/techniques/T1018",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1020",
"technique": "Automated Exfiltration",
"url": "https://attack.mitre.org/techniques/T1020",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1020.001",
"technique": "Automated Exfiltration: Traffic Duplication",
"url": "https://attack.mitre.org/techniques/T1020/001",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1021",
"technique": "Remote Services",
"url": "https://attack.mitre.org/techniques/T1021",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1021.001",
"technique": "Remote Services: Remote Desktop Protocol",
"url": "https://attack.mitre.org/techniques/T1021/001",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1021.002",
"technique": "Remote Services: SMB/Windows Admin Shares",
"url": "https://attack.mitre.org/techniques/T1021/002",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1021.003",
"technique": "Remote Services: Distributed Component Object Model",
"url": "https://attack.mitre.org/techniques/T1021/003",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1021.004",
"technique": "Remote Services: SSH",
"url": "https://attack.mitre.org/techniques/T1021/004",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1021.005",
"technique": "Remote Services: VNC",
"url": "https://attack.mitre.org/techniques/T1021/005",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1021.006",
"technique": "Remote Services: Windows Remote Management",
"url": "https://attack.mitre.org/techniques/T1021/006",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1025",
"technique": "Data from Removable Media",
"url": "https://attack.mitre.org/techniques/T1025",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1027",
"technique": "Obfuscated Files or Information",
"url": "https://attack.mitre.org/techniques/T1027",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1027.001",
"technique": "Obfuscated Files or Information: Binary Padding",
"url": "https://attack.mitre.org/techniques/T1027/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1027.002",
"technique": "Obfuscated Files or Information: Software Packing",
"url": "https://attack.mitre.org/techniques/T1027/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows"
]
},
{
"technique_id": "T1027.003",
"technique": "Obfuscated Files or Information: Steganography",
"url": "https://attack.mitre.org/techniques/T1027/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1027.004",
"technique": "Obfuscated Files or Information: Compile After Delivery",
"url": "https://attack.mitre.org/techniques/T1027/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1027.005",
"technique": "Obfuscated Files or Information: Indicator Removal from Tools",
"url": "https://attack.mitre.org/techniques/T1027/005",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1027.006",
"technique": "Obfuscated Files or Information: HTML Smuggling",
"url": "https://attack.mitre.org/techniques/T1027/006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1029",
"technique": "Scheduled Transfer",
"url": "https://attack.mitre.org/techniques/T1029",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1030",
"technique": "Data Transfer Size Limits",
"url": "https://attack.mitre.org/techniques/T1030",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1033",
"technique": "System Owner/User Discovery",
"url": "https://attack.mitre.org/techniques/T1033",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1036",
"technique": "Masquerading",
"url": "https://attack.mitre.org/techniques/T1036",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Containers"
]
},
{
"technique_id": "T1036.001",
"technique": "Masquerading: Invalid Code Signature",
"url": "https://attack.mitre.org/techniques/T1036/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows"
]
},
{
"technique_id": "T1036.002",
"technique": "Masquerading: Right-to-Left Override",
"url": "https://attack.mitre.org/techniques/T1036/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1036.003",
"technique": "Masquerading: Rename System Utilities",
"url": "https://attack.mitre.org/techniques/T1036/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1036.004",
"technique": "Masquerading: Masquerade Task or Service",
"url": "https://attack.mitre.org/techniques/T1036/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1036.005",
"technique": "Masquerading: Match Legitimate Name or Location",
"url": "https://attack.mitre.org/techniques/T1036/005",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Containers"
]
},
{
"technique_id": "T1036.006",
"technique": "Masquerading: Space after Filename",
"url": "https://attack.mitre.org/techniques/T1036/006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1036.007",
"technique": "Masquerading: Double File Extension",
"url": "https://attack.mitre.org/techniques/T1036/007",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1037",
"technique": "Boot or Logon Initialization Scripts",
"url": "https://attack.mitre.org/techniques/T1037",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows",
"Linux"
]
},
{
"technique_id": "T1037.001",
"technique": "Boot or Logon Initialization Scripts: Logon Script (Windows)",
"url": "https://attack.mitre.org/techniques/T1037/001",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1037.002",
"technique": "Boot or Logon Initialization Scripts: Logon Script (Mac)",
"url": "https://attack.mitre.org/techniques/T1037/002",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1037.003",
"technique": "Boot or Logon Initialization Scripts: Network Logon Script",
"url": "https://attack.mitre.org/techniques/T1037/003",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1037.004",
"technique": "Boot or Logon Initialization Scripts: RC Scripts",
"url": "https://attack.mitre.org/techniques/T1037/004",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Linux"
]
},
{
"technique_id": "T1037.005",
"technique": "Boot or Logon Initialization Scripts: Startup Items",
"url": "https://attack.mitre.org/techniques/T1037/005",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1039",
"technique": "Data from Network Shared Drive",
"url": "https://attack.mitre.org/techniques/T1039",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1040",
"technique": "Network Sniffing",
"url": "https://attack.mitre.org/techniques/T1040",
"tactic": [
"Credential Access",
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1041",
"technique": "Exfiltration Over C2 Channel",
"url": "https://attack.mitre.org/techniques/T1041",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1046",
"technique": "Network Service Scanning",
"url": "https://attack.mitre.org/techniques/T1046",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS",
"Containers"
]
},
{
"technique_id": "T1047",
"technique": "Windows Management Instrumentation",
"url": "https://attack.mitre.org/techniques/T1047",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1048",
"technique": "Exfiltration Over Alternative Protocol",
"url": "https://attack.mitre.org/techniques/T1048",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1048.001",
"technique": "Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
"url": "https://attack.mitre.org/techniques/T1048/001",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1048.002",
"technique": "Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
"url": "https://attack.mitre.org/techniques/T1048/002",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1048.003",
"technique": "Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol",
"url": "https://attack.mitre.org/techniques/T1048/003",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1049",
"technique": "System Network Connections Discovery",
"url": "https://attack.mitre.org/techniques/T1049",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1052",
"technique": "Exfiltration Over Physical Medium",
"url": "https://attack.mitre.org/techniques/T1052",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1052.001",
"technique": "Exfiltration Over Physical Medium: Exfiltration over USB",
"url": "https://attack.mitre.org/techniques/T1052/001",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1053",
"technique": "Scheduled Task/Job",
"url": "https://attack.mitre.org/techniques/T1053",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS",
"Containers"
]
},
{
"technique_id": "T1053.001",
"technique": "Scheduled Task/Job: At (Linux)",
"url": "https://attack.mitre.org/techniques/T1053/001",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1053.002",
"technique": "Scheduled Task/Job: At (Windows)",
"url": "https://attack.mitre.org/techniques/T1053/002",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1053.003",
"technique": "Scheduled Task/Job: Cron",
"url": "https://attack.mitre.org/techniques/T1053/003",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1053.005",
"technique": "Scheduled Task/Job: Scheduled Task",
"url": "https://attack.mitre.org/techniques/T1053/005",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1053.006",
"technique": "Scheduled Task/Job: Systemd Timers",
"url": "https://attack.mitre.org/techniques/T1053/006",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1053.007",
"technique": "Scheduled Task/Job: Container Orchestration Job",
"url": "https://attack.mitre.org/techniques/T1053/007",
"tactic": [
"Execution",
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Containers"
]
},
{
"technique_id": "T1055",
"technique": "Process Injection",
"url": "https://attack.mitre.org/techniques/T1055",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1055.001",
"technique": "Process Injection: Dynamic-link Library Injection",
"url": "https://attack.mitre.org/techniques/T1055/001",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.002",
"technique": "Process Injection: Portable Executable Injection",
"url": "https://attack.mitre.org/techniques/T1055/002",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.003",
"technique": "Process Injection: Thread Execution Hijacking",
"url": "https://attack.mitre.org/techniques/T1055/003",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.004",
"technique": "Process Injection: Asynchronous Procedure Call",
"url": "https://attack.mitre.org/techniques/T1055/004",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.005",
"technique": "Process Injection: Thread Local Storage",
"url": "https://attack.mitre.org/techniques/T1055/005",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.008",
"technique": "Process Injection: Ptrace System Calls",
"url": "https://attack.mitre.org/techniques/T1055/008",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1055.009",
"technique": "Process Injection: Proc Memory",
"url": "https://attack.mitre.org/techniques/T1055/009",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1055.011",
"technique": "Process Injection: Extra Window Memory Injection",
"url": "https://attack.mitre.org/techniques/T1055/011",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.012",
"technique": "Process Injection: Process Hollowing",
"url": "https://attack.mitre.org/techniques/T1055/012",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.013",
"technique": "Process Injection: Process Doppelg\u00e4nging",
"url": "https://attack.mitre.org/techniques/T1055/013",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1055.014",
"technique": "Process Injection: VDSO Hijacking",
"url": "https://attack.mitre.org/techniques/T1055/014",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1056",
"technique": "Input Capture",
"url": "https://attack.mitre.org/techniques/T1056",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1056.001",
"technique": "Input Capture: Keylogging",
"url": "https://attack.mitre.org/techniques/T1056/001",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux",
"Network"
]
},
{
"technique_id": "T1056.002",
"technique": "Input Capture: GUI Input Capture",
"url": "https://attack.mitre.org/techniques/T1056/002",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows",
"Linux"
]
},
{
"technique_id": "T1056.003",
"technique": "Input Capture: Web Portal Capture",
"url": "https://attack.mitre.org/techniques/T1056/003",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1056.004",
"technique": "Input Capture: Credential API Hooking",
"url": "https://attack.mitre.org/techniques/T1056/004",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1057",
"technique": "Process Discovery",
"url": "https://attack.mitre.org/techniques/T1057",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1059",
"technique": "Command and Scripting Interpreter",
"url": "https://attack.mitre.org/techniques/T1059",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1059.001",
"technique": "Command and Scripting Interpreter: PowerShell",
"url": "https://attack.mitre.org/techniques/T1059/001",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1059.002",
"technique": "Command and Scripting Interpreter: AppleScript",
"url": "https://attack.mitre.org/techniques/T1059/002",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1059.003",
"technique": "Command and Scripting Interpreter: Windows Command Shell",
"url": "https://attack.mitre.org/techniques/T1059/003",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1059.004",
"technique": "Command and Scripting Interpreter: Unix Shell",
"url": "https://attack.mitre.org/techniques/T1059/004",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Linux"
]
},
{
"technique_id": "T1059.005",
"technique": "Command and Scripting Interpreter: Visual Basic",
"url": "https://attack.mitre.org/techniques/T1059/005",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1059.006",
"technique": "Command and Scripting Interpreter: Python",
"url": "https://attack.mitre.org/techniques/T1059/006",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1059.007",
"technique": "Command and Scripting Interpreter: JavaScript",
"url": "https://attack.mitre.org/techniques/T1059/007",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1059.008",
"technique": "Command and Scripting Interpreter: Network Device CLI",
"url": "https://attack.mitre.org/techniques/T1059/008",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1068",
"technique": "Exploitation for Privilege Escalation",
"url": "https://attack.mitre.org/techniques/T1068",
"tactic": [
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Containers"
]
},
{
"technique_id": "T1069",
"technique": "Permission Groups Discovery",
"url": "https://attack.mitre.org/techniques/T1069",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1069.001",
"technique": "Permission Groups Discovery: Local Groups",
"url": "https://attack.mitre.org/techniques/T1069/001",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1069.002",
"technique": "Permission Groups Discovery: Domain Groups",
"url": "https://attack.mitre.org/techniques/T1069/002",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1069.003",
"technique": "Permission Groups Discovery: Cloud Groups",
"url": "https://attack.mitre.org/techniques/T1069/003",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Google Workspace"
]
},
{
"technique_id": "T1070",
"technique": "Indicator Removal on Host",
"url": "https://attack.mitre.org/techniques/T1070",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Containers"
]
},
{
"technique_id": "T1070.001",
"technique": "Indicator Removal on Host: Clear Windows Event Logs",
"url": "https://attack.mitre.org/techniques/T1070/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1070.002",
"technique": "Indicator Removal on Host: Clear Linux or Mac System Logs",
"url": "https://attack.mitre.org/techniques/T1070/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1070.003",
"technique": "Indicator Removal on Host: Clear Command History",
"url": "https://attack.mitre.org/techniques/T1070/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1070.004",
"technique": "Indicator Removal on Host: File Deletion",
"url": "https://attack.mitre.org/techniques/T1070/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1070.005",
"technique": "Indicator Removal on Host: Network Share Connection Removal",
"url": "https://attack.mitre.org/techniques/T1070/005",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1070.006",
"technique": "Indicator Removal on Host: Timestomp",
"url": "https://attack.mitre.org/techniques/T1070/006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1071",
"technique": "Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1071",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1071.001",
"technique": "Application Layer Protocol: Web Protocols",
"url": "https://attack.mitre.org/techniques/T1071/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1071.002",
"technique": "Application Layer Protocol: File Transfer Protocols",
"url": "https://attack.mitre.org/techniques/T1071/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1071.003",
"technique": "Application Layer Protocol: Mail Protocols",
"url": "https://attack.mitre.org/techniques/T1071/003",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1071.004",
"technique": "Application Layer Protocol: DNS",
"url": "https://attack.mitre.org/techniques/T1071/004",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1072",
"technique": "Software Deployment Tools",
"url": "https://attack.mitre.org/techniques/T1072",
"tactic": [
"Execution",
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1074",
"technique": "Data Staged",
"url": "https://attack.mitre.org/techniques/T1074",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1074.001",
"technique": "Data Staged: Local Data Staging",
"url": "https://attack.mitre.org/techniques/T1074/001",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1074.002",
"technique": "Data Staged: Remote Data Staging",
"url": "https://attack.mitre.org/techniques/T1074/002",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1078",
"technique": "Valid Accounts",
"url": "https://attack.mitre.org/techniques/T1078",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1078.001",
"technique": "Valid Accounts: Default Accounts",
"url": "https://attack.mitre.org/techniques/T1078/001",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1078.002",
"technique": "Valid Accounts: Domain Accounts",
"url": "https://attack.mitre.org/techniques/T1078/002",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1078.003",
"technique": "Valid Accounts: Local Accounts",
"url": "https://attack.mitre.org/techniques/T1078/003",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Containers"
]
},
{
"technique_id": "T1078.004",
"technique": "Valid Accounts: Cloud Accounts",
"url": "https://attack.mitre.org/techniques/T1078/004",
"tactic": [
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Google Workspace"
]
},
{
"technique_id": "T1080",
"technique": "Taint Shared Content",
"url": "https://attack.mitre.org/techniques/T1080",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365",
"SaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1082",
"technique": "System Information Discovery",
"url": "https://attack.mitre.org/techniques/T1082",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1083",
"technique": "File and Directory Discovery",
"url": "https://attack.mitre.org/techniques/T1083",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1087",
"technique": "Account Discovery",
"url": "https://attack.mitre.org/techniques/T1087",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1087.001",
"technique": "Account Discovery: Local Account",
"url": "https://attack.mitre.org/techniques/T1087/001",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1087.002",
"technique": "Account Discovery: Domain Account",
"url": "https://attack.mitre.org/techniques/T1087/002",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1087.003",
"technique": "Account Discovery: Email Account",
"url": "https://attack.mitre.org/techniques/T1087/003",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365",
"Google Workspace"
]
},
{
"technique_id": "T1087.004",
"technique": "Account Discovery: Cloud Account",
"url": "https://attack.mitre.org/techniques/T1087/004",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Google Workspace"
]
},
{
"technique_id": "T1090",
"technique": "Proxy",
"url": "https://attack.mitre.org/techniques/T1090",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1090.001",
"technique": "Proxy: Internal Proxy",
"url": "https://attack.mitre.org/techniques/T1090/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1090.002",
"technique": "Proxy: External Proxy",
"url": "https://attack.mitre.org/techniques/T1090/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1090.003",
"technique": "Proxy: Multi-hop Proxy",
"url": "https://attack.mitre.org/techniques/T1090/003",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1090.004",
"technique": "Proxy: Domain Fronting",
"url": "https://attack.mitre.org/techniques/T1090/004",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1091",
"technique": "Replication Through Removable Media",
"url": "https://attack.mitre.org/techniques/T1091",
"tactic": [
"Lateral Movement",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1092",
"technique": "Communication Through Removable Media",
"url": "https://attack.mitre.org/techniques/T1092",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1095",
"technique": "Non-Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1095",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS",
"Network"
]
},
{
"technique_id": "T1098",
"technique": "Account Manipulation",
"url": "https://attack.mitre.org/techniques/T1098",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1098.001",
"technique": "Account Manipulation: Additional Cloud Credentials",
"url": "https://attack.mitre.org/techniques/T1098/001",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS",
"Azure AD"
]
},
{
"technique_id": "T1098.002",
"technique": "Account Manipulation: Exchange Email Delegate Permissions",
"url": "https://attack.mitre.org/techniques/T1098/002",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1098.003",
"technique": "Account Manipulation: Add Office 365 Global Administrator Role",
"url": "https://attack.mitre.org/techniques/T1098/003",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Office 365"
]
},
{
"technique_id": "T1098.004",
"technique": "Account Manipulation: SSH Authorized Keys",
"url": "https://attack.mitre.org/techniques/T1098/004",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1102",
"technique": "Web Service",
"url": "https://attack.mitre.org/techniques/T1102",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1102.001",
"technique": "Web Service: Dead Drop Resolver",
"url": "https://attack.mitre.org/techniques/T1102/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1102.002",
"technique": "Web Service: Bidirectional Communication",
"url": "https://attack.mitre.org/techniques/T1102/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1102.003",
"technique": "Web Service: One-Way Communication",
"url": "https://attack.mitre.org/techniques/T1102/003",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1104",
"technique": "Multi-Stage Channels",
"url": "https://attack.mitre.org/techniques/T1104",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1105",
"technique": "Ingress Tool Transfer",
"url": "https://attack.mitre.org/techniques/T1105",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1106",
"technique": "Native API",
"url": "https://attack.mitre.org/techniques/T1106",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1110",
"technique": "Brute Force",
"url": "https://attack.mitre.org/techniques/T1110",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1110.001",
"technique": "Brute Force: Password Guessing",
"url": "https://attack.mitre.org/techniques/T1110/001",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1110.002",
"technique": "Brute Force: Password Cracking",
"url": "https://attack.mitre.org/techniques/T1110/002",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Office 365",
"Azure AD"
]
},
{
"technique_id": "T1110.003",
"technique": "Brute Force: Password Spraying",
"url": "https://attack.mitre.org/techniques/T1110/003",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1110.004",
"technique": "Brute Force: Credential Stuffing",
"url": "https://attack.mitre.org/techniques/T1110/004",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1111",
"technique": "Two-Factor Authentication Interception",
"url": "https://attack.mitre.org/techniques/T1111",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1112",
"technique": "Modify Registry",
"url": "https://attack.mitre.org/techniques/T1112",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1113",
"technique": "Screen Capture",
"url": "https://attack.mitre.org/techniques/T1113",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1114",
"technique": "Email Collection",
"url": "https://attack.mitre.org/techniques/T1114",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365",
"Google Workspace",
"macOS",
"Linux"
]
},
{
"technique_id": "T1114.001",
"technique": "Email Collection: Local Email Collection",
"url": "https://attack.mitre.org/techniques/T1114/001",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1114.002",
"technique": "Email Collection: Remote Email Collection",
"url": "https://attack.mitre.org/techniques/T1114/002",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Office 365",
"Windows",
"Google Workspace"
]
},
{
"technique_id": "T1114.003",
"technique": "Email Collection: Email Forwarding Rule",
"url": "https://attack.mitre.org/techniques/T1114/003",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Office 365",
"Windows",
"Google Workspace",
"macOS",
"Linux"
]
},
{
"technique_id": "T1115",
"technique": "Clipboard Data",
"url": "https://attack.mitre.org/techniques/T1115",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1119",
"technique": "Automated Collection",
"url": "https://attack.mitre.org/techniques/T1119",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1120",
"technique": "Peripheral Device Discovery",
"url": "https://attack.mitre.org/techniques/T1120",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS"
]
},
{
"technique_id": "T1123",
"technique": "Audio Capture",
"url": "https://attack.mitre.org/techniques/T1123",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1124",
"technique": "System Time Discovery",
"url": "https://attack.mitre.org/techniques/T1124",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1125",
"technique": "Video Capture",
"url": "https://attack.mitre.org/techniques/T1125",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS"
]
},
{
"technique_id": "T1127",
"technique": "Trusted Developer Utilities Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1127",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1127.001",
"technique": "Trusted Developer Utilities Proxy Execution: MSBuild",
"url": "https://attack.mitre.org/techniques/T1127/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1129",
"technique": "Shared Modules",
"url": "https://attack.mitre.org/techniques/T1129",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1132",
"technique": "Data Encoding",
"url": "https://attack.mitre.org/techniques/T1132",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1132.001",
"technique": "Data Encoding: Standard Encoding",
"url": "https://attack.mitre.org/techniques/T1132/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1132.002",
"technique": "Data Encoding: Non-Standard Encoding",
"url": "https://attack.mitre.org/techniques/T1132/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1133",
"technique": "External Remote Services",
"url": "https://attack.mitre.org/techniques/T1133",
"tactic": [
"Persistence",
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"Containers",
"macOS"
]
},
{
"technique_id": "T1134",
"technique": "Access Token Manipulation",
"url": "https://attack.mitre.org/techniques/T1134",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1134.001",
"technique": "Access Token Manipulation: Token Impersonation/Theft",
"url": "https://attack.mitre.org/techniques/T1134/001",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1134.002",
"technique": "Access Token Manipulation: Create Process with Token",
"url": "https://attack.mitre.org/techniques/T1134/002",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1134.003",
"technique": "Access Token Manipulation: Make and Impersonate Token",
"url": "https://attack.mitre.org/techniques/T1134/003",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1134.004",
"technique": "Access Token Manipulation: Parent PID Spoofing",
"url": "https://attack.mitre.org/techniques/T1134/004",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1134.005",
"technique": "Access Token Manipulation: SID-History Injection",
"url": "https://attack.mitre.org/techniques/T1134/005",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1135",
"technique": "Network Share Discovery",
"url": "https://attack.mitre.org/techniques/T1135",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows",
"Linux"
]
},
{
"technique_id": "T1136",
"technique": "Create Account",
"url": "https://attack.mitre.org/techniques/T1136",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1136.001",
"technique": "Create Account: Local Account",
"url": "https://attack.mitre.org/techniques/T1136/001",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1136.002",
"technique": "Create Account: Domain Account",
"url": "https://attack.mitre.org/techniques/T1136/002",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1136.003",
"technique": "Create Account: Cloud Account",
"url": "https://attack.mitre.org/techniques/T1136/003",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"Office 365",
"IaaS",
"Google Workspace"
]
},
{
"technique_id": "T1137",
"technique": "Office Application Startup",
"url": "https://attack.mitre.org/techniques/T1137",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1137.001",
"technique": "Office Application Startup: Office Template Macros",
"url": "https://attack.mitre.org/techniques/T1137/001",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1137.002",
"technique": "Office Application Startup: Office Test",
"url": "https://attack.mitre.org/techniques/T1137/002",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1137.003",
"technique": "Office Application Startup: Outlook Forms",
"url": "https://attack.mitre.org/techniques/T1137/003",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1137.004",
"technique": "Office Application Startup: Outlook Home Page",
"url": "https://attack.mitre.org/techniques/T1137/004",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1137.005",
"technique": "Office Application Startup: Outlook Rules",
"url": "https://attack.mitre.org/techniques/T1137/005",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1137.006",
"technique": "Office Application Startup: Add-ins",
"url": "https://attack.mitre.org/techniques/T1137/006",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1140",
"technique": "Deobfuscate/Decode Files or Information",
"url": "https://attack.mitre.org/techniques/T1140",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1176",
"technique": "Browser Extensions",
"url": "https://attack.mitre.org/techniques/T1176",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1185",
"technique": "Browser Session Hijacking",
"url": "https://attack.mitre.org/techniques/T1185",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1187",
"technique": "Forced Authentication",
"url": "https://attack.mitre.org/techniques/T1187",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1189",
"technique": "Drive-by Compromise",
"url": "https://attack.mitre.org/techniques/T1189",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS",
"SaaS"
]
},
{
"technique_id": "T1190",
"technique": "Exploit Public-Facing Application",
"url": "https://attack.mitre.org/techniques/T1190",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Network",
"Linux",
"macOS",
"Containers"
]
},
{
"technique_id": "T1195",
"technique": "Supply Chain Compromise",
"url": "https://attack.mitre.org/techniques/T1195",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1195.001",
"technique": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools",
"url": "https://attack.mitre.org/techniques/T1195/001",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1195.002",
"technique": "Supply Chain Compromise: Compromise Software Supply Chain",
"url": "https://attack.mitre.org/techniques/T1195/002",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1195.003",
"technique": "Supply Chain Compromise: Compromise Hardware Supply Chain",
"url": "https://attack.mitre.org/techniques/T1195/003",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1197",
"technique": "BITS Jobs",
"url": "https://attack.mitre.org/techniques/T1197",
"tactic": [
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1199",
"technique": "Trusted Relationship",
"url": "https://attack.mitre.org/techniques/T1199",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"SaaS",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1200",
"technique": "Hardware Additions",
"url": "https://attack.mitre.org/techniques/T1200",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1201",
"technique": "Password Policy Discovery",
"url": "https://attack.mitre.org/techniques/T1201",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS",
"IaaS"
]
},
{
"technique_id": "T1202",
"technique": "Indirect Command Execution",
"url": "https://attack.mitre.org/techniques/T1202",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1203",
"technique": "Exploitation for Client Execution",
"url": "https://attack.mitre.org/techniques/T1203",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1204",
"technique": "User Execution",
"url": "https://attack.mitre.org/techniques/T1204",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS",
"IaaS",
"Containers"
]
},
{
"technique_id": "T1204.001",
"technique": "User Execution: Malicious Link",
"url": "https://attack.mitre.org/techniques/T1204/001",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1204.002",
"technique": "User Execution: Malicious File",
"url": "https://attack.mitre.org/techniques/T1204/002",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1204.003",
"technique": "User Execution: Malicious Image",
"url": "https://attack.mitre.org/techniques/T1204/003",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS",
"Containers"
]
},
{
"technique_id": "T1205",
"technique": "Traffic Signaling",
"url": "https://attack.mitre.org/techniques/T1205",
"tactic": [
"Defense Evasion",
"Persistence",
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1205.001",
"technique": "Traffic Signaling: Port Knocking",
"url": "https://attack.mitre.org/techniques/T1205/001",
"tactic": [
"Defense Evasion",
"Persistence",
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Network"
]
},
{
"technique_id": "T1207",
"technique": "Rogue Domain Controller",
"url": "https://attack.mitre.org/techniques/T1207",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1210",
"technique": "Exploitation of Remote Services",
"url": "https://attack.mitre.org/techniques/T1210",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1211",
"technique": "Exploitation for Defense Evasion",
"url": "https://attack.mitre.org/techniques/T1211",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1212",
"technique": "Exploitation for Credential Access",
"url": "https://attack.mitre.org/techniques/T1212",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1213",
"technique": "Data from Information Repositories",
"url": "https://attack.mitre.org/techniques/T1213",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS",
"SaaS",
"Office 365",
"Google Workspace",
"IaaS"
]
},
{
"technique_id": "T1213.001",
"technique": "Data from Information Repositories: Confluence",
"url": "https://attack.mitre.org/techniques/T1213/001",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"SaaS"
]
},
{
"technique_id": "T1213.002",
"technique": "Data from Information Repositories: Sharepoint",
"url": "https://attack.mitre.org/techniques/T1213/002",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365"
]
},
{
"technique_id": "T1213.003",
"technique": "Data from Information Repositories: Code Repositories",
"url": "https://attack.mitre.org/techniques/T1213/003",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"SaaS"
]
},
{
"technique_id": "T1216",
"technique": "Signed Script Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1216",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1216.001",
"technique": "Signed Script Proxy Execution: PubPrn",
"url": "https://attack.mitre.org/techniques/T1216/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1217",
"technique": "Browser Bookmark Discovery",
"url": "https://attack.mitre.org/techniques/T1217",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1218",
"technique": "Signed Binary Proxy Execution",
"url": "https://attack.mitre.org/techniques/T1218",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.001",
"technique": "Signed Binary Proxy Execution: Compiled HTML File",
"url": "https://attack.mitre.org/techniques/T1218/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.002",
"technique": "Signed Binary Proxy Execution: Control Panel",
"url": "https://attack.mitre.org/techniques/T1218/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.003",
"technique": "Signed Binary Proxy Execution: CMSTP",
"url": "https://attack.mitre.org/techniques/T1218/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.004",
"technique": "Signed Binary Proxy Execution: InstallUtil",
"url": "https://attack.mitre.org/techniques/T1218/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.005",
"technique": "Signed Binary Proxy Execution: Mshta",
"url": "https://attack.mitre.org/techniques/T1218/005",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.007",
"technique": "Signed Binary Proxy Execution: Msiexec",
"url": "https://attack.mitre.org/techniques/T1218/007",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.008",
"technique": "Signed Binary Proxy Execution: Odbcconf",
"url": "https://attack.mitre.org/techniques/T1218/008",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.009",
"technique": "Signed Binary Proxy Execution: Regsvcs/Regasm",
"url": "https://attack.mitre.org/techniques/T1218/009",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.010",
"technique": "Signed Binary Proxy Execution: Regsvr32",
"url": "https://attack.mitre.org/techniques/T1218/010",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.011",
"technique": "Signed Binary Proxy Execution: Rundll32",
"url": "https://attack.mitre.org/techniques/T1218/011",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.012",
"technique": "Signed Binary Proxy Execution: Verclsid",
"url": "https://attack.mitre.org/techniques/T1218/012",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.013",
"technique": "Signed Binary Proxy Execution: Mavinject",
"url": "https://attack.mitre.org/techniques/T1218/013",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1218.014",
"technique": "Signed Binary Proxy Execution: MMC",
"url": "https://attack.mitre.org/techniques/T1218/014",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1219",
"technique": "Remote Access Software",
"url": "https://attack.mitre.org/techniques/T1219",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1220",
"technique": "XSL Script Processing",
"url": "https://attack.mitre.org/techniques/T1220",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1221",
"technique": "Template Injection",
"url": "https://attack.mitre.org/techniques/T1221",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1222",
"technique": "File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1222.001",
"technique": "File and Directory Permissions Modification: Windows File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1222.002",
"technique": "File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification",
"url": "https://attack.mitre.org/techniques/T1222/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Linux"
]
},
{
"technique_id": "T1398",
"technique": "Modify OS Kernel or Boot Partition",
"url": "https://attack.mitre.org/techniques/T1398",
"tactic": [
"Defense Evasion",
"Persistence"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1399",
"technique": "Modify Trusted Execution Environment",
"url": "https://attack.mitre.org/techniques/T1399",
"tactic": [
"Defense Evasion",
"Persistence"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1400",
"technique": "Modify System Partition",
"url": "https://attack.mitre.org/techniques/T1400",
"tactic": [
"Defense Evasion",
"Persistence",
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1401",
"technique": "Device Administrator Permissions",
"url": "https://attack.mitre.org/techniques/T1401",
"tactic": [
"Privilege Escalation"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1402",
"technique": "Broadcast Receivers",
"url": "https://attack.mitre.org/techniques/T1402",
"tactic": [
"Persistence",
"Execution"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1403",
"technique": "Modify Cached Executable Code",
"url": "https://attack.mitre.org/techniques/T1403",
"tactic": [
"Persistence"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1404",
"technique": "Exploit OS Vulnerability",
"url": "https://attack.mitre.org/techniques/T1404",
"tactic": [
"Privilege Escalation"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1405",
"technique": "Exploit TEE Vulnerability",
"url": "https://attack.mitre.org/techniques/T1405",
"tactic": [
"Credential Access",
"Privilege Escalation"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1406",
"technique": "Obfuscated Files or Information",
"url": "https://attack.mitre.org/techniques/T1406",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1407",
"technique": "Download New Code at Runtime",
"url": "https://attack.mitre.org/techniques/T1407",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1408",
"technique": "Disguise Root/Jailbreak Indicators",
"url": "https://attack.mitre.org/techniques/T1408",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1409",
"technique": "Access Stored Application Data",
"url": "https://attack.mitre.org/techniques/T1409",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1410",
"technique": "Network Traffic Capture or Redirection",
"url": "https://attack.mitre.org/techniques/T1410",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1411",
"technique": "Input Prompt",
"url": "https://attack.mitre.org/techniques/T1411",
"tactic": [
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1412",
"technique": "Capture SMS Messages",
"url": "https://attack.mitre.org/techniques/T1412",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1413",
"technique": "Access Sensitive Data in Device Logs",
"url": "https://attack.mitre.org/techniques/T1413",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1414",
"technique": "Capture Clipboard Data",
"url": "https://attack.mitre.org/techniques/T1414",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1416",
"technique": "URI Hijacking",
"url": "https://attack.mitre.org/techniques/T1416",
"tactic": [
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1417",
"technique": "Input Capture",
"url": "https://attack.mitre.org/techniques/T1417",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1418",
"technique": "Application Discovery",
"url": "https://attack.mitre.org/techniques/T1418",
"tactic": [
"Defense Evasion",
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1420",
"technique": "File and Directory Discovery",
"url": "https://attack.mitre.org/techniques/T1420",
"tactic": [
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1421",
"technique": "System Network Connections Discovery",
"url": "https://attack.mitre.org/techniques/T1421",
"tactic": [
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1422",
"technique": "System Network Configuration Discovery",
"url": "https://attack.mitre.org/techniques/T1422",
"tactic": [
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1423",
"technique": "Network Service Scanning",
"url": "https://attack.mitre.org/techniques/T1423",
"tactic": [
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1424",
"technique": "Process Discovery",
"url": "https://attack.mitre.org/techniques/T1424",
"tactic": [
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1426",
"technique": "System Information Discovery",
"url": "https://attack.mitre.org/techniques/T1426",
"tactic": [
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1427",
"technique": "Attack PC via USB Connection",
"url": "https://attack.mitre.org/techniques/T1427",
"tactic": [
"Lateral Movement"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1428",
"technique": "Exploit Enterprise Resources",
"url": "https://attack.mitre.org/techniques/T1428",
"tactic": [
"Lateral Movement"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1429",
"technique": "Capture Audio",
"url": "https://attack.mitre.org/techniques/T1429",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1430",
"technique": "Location Tracking",
"url": "https://attack.mitre.org/techniques/T1430",
"tactic": [
"Collection",
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1432",
"technique": "Access Contact List",
"url": "https://attack.mitre.org/techniques/T1432",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1433",
"technique": "Access Call Log",
"url": "https://attack.mitre.org/techniques/T1433",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1435",
"technique": "Access Calendar Entries",
"url": "https://attack.mitre.org/techniques/T1435",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1436",
"technique": "Commonly Used Port",
"url": "https://attack.mitre.org/techniques/T1436",
"tactic": [
"Command and Control",
"Exfiltration"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1437",
"technique": "Standard Application Layer Protocol",
"url": "https://attack.mitre.org/techniques/T1437",
"tactic": [
"Command and Control",
"Exfiltration"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1438",
"technique": "Alternate Network Mediums",
"url": "https://attack.mitre.org/techniques/T1438",
"tactic": [
"Command and Control",
"Exfiltration"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1439",
"technique": "Eavesdrop on Insecure Network Communication",
"url": "https://attack.mitre.org/techniques/T1439",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1444",
"technique": "Masquerade as Legitimate Application",
"url": "https://attack.mitre.org/techniques/T1444",
"tactic": [
"Initial Access",
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1446",
"technique": "Device Lockout",
"url": "https://attack.mitre.org/techniques/T1446",
"tactic": [
"Impact",
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1447",
"technique": "Delete Device Data",
"url": "https://attack.mitre.org/techniques/T1447",
"tactic": [
"Impact",
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1448",
"technique": "Carrier Billing Fraud",
"url": "https://attack.mitre.org/techniques/T1448",
"tactic": [
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1449",
"technique": "Exploit SS7 to Redirect Phone Calls/SMS",
"url": "https://attack.mitre.org/techniques/T1449",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1450",
"technique": "Exploit SS7 to Track Device Location",
"url": "https://attack.mitre.org/techniques/T1450",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1451",
"technique": "SIM Card Swap",
"url": "https://attack.mitre.org/techniques/T1451",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1452",
"technique": "Manipulate App Store Rankings or Ratings",
"url": "https://attack.mitre.org/techniques/T1452",
"tactic": [
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1456",
"technique": "Drive-by Compromise",
"url": "https://attack.mitre.org/techniques/T1456",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1458",
"technique": "Exploit via Charging Station or PC",
"url": "https://attack.mitre.org/techniques/T1458",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1461",
"technique": "Lockscreen Bypass",
"url": "https://attack.mitre.org/techniques/T1461",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1463",
"technique": "Manipulate Device Communication",
"url": "https://attack.mitre.org/techniques/T1463",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1464",
"technique": "Jamming or Denial of Service",
"url": "https://attack.mitre.org/techniques/T1464",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1465",
"technique": "Rogue Wi-Fi Access Points",
"url": "https://attack.mitre.org/techniques/T1465",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1466",
"technique": "Downgrade to Insecure Protocols",
"url": "https://attack.mitre.org/techniques/T1466",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1467",
"technique": "Rogue Cellular Base Station",
"url": "https://attack.mitre.org/techniques/T1467",
"tactic": [
"Network Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1468",
"technique": "Remotely Track Device Without Authorization",
"url": "https://attack.mitre.org/techniques/T1468",
"tactic": [
"Remote Service Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1469",
"technique": "Remotely Wipe Data Without Authorization",
"url": "https://attack.mitre.org/techniques/T1469",
"tactic": [
"Remote Service Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1470",
"technique": "Obtain Device Cloud Backups",
"url": "https://attack.mitre.org/techniques/T1470",
"tactic": [
"Remote Service Effects"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1471",
"technique": "Data Encrypted for Impact",
"url": "https://attack.mitre.org/techniques/T1471",
"tactic": [
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1472",
"technique": "Generate Fraudulent Advertising Revenue",
"url": "https://attack.mitre.org/techniques/T1472",
"tactic": [
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1474",
"technique": "Supply Chain Compromise",
"url": "https://attack.mitre.org/techniques/T1474",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1475",
"technique": "Deliver Malicious App via Authorized App Store",
"url": "https://attack.mitre.org/techniques/T1475",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1476",
"technique": "Deliver Malicious App via Other Means",
"url": "https://attack.mitre.org/techniques/T1476",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1477",
"technique": "Exploit via Radio Interfaces",
"url": "https://attack.mitre.org/techniques/T1477",
"tactic": [
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1478",
"technique": "Install Insecure or Malicious Configuration",
"url": "https://attack.mitre.org/techniques/T1478",
"tactic": [
"Defense Evasion",
"Initial Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1480",
"technique": "Execution Guardrails",
"url": "https://attack.mitre.org/techniques/T1480",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1480.001",
"technique": "Execution Guardrails: Environmental Keying",
"url": "https://attack.mitre.org/techniques/T1480/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1481",
"technique": "Web Service",
"url": "https://attack.mitre.org/techniques/T1481",
"tactic": [
"Command and Control"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1482",
"technique": "Domain Trust Discovery",
"url": "https://attack.mitre.org/techniques/T1482",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1484",
"technique": "Domain Policy Modification",
"url": "https://attack.mitre.org/techniques/T1484",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD"
]
},
{
"technique_id": "T1484.001",
"technique": "Domain Policy Modification: Group Policy Modification",
"url": "https://attack.mitre.org/techniques/T1484/001",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1484.002",
"technique": "Domain Policy Modification: Domain Trust Modification",
"url": "https://attack.mitre.org/techniques/T1484/002",
"tactic": [
"Defense Evasion",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD"
]
},
{
"technique_id": "T1485",
"technique": "Data Destruction",
"url": "https://attack.mitre.org/techniques/T1485",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1486",
"technique": "Data Encrypted for Impact",
"url": "https://attack.mitre.org/techniques/T1486",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"IaaS"
]
},
{
"technique_id": "T1489",
"technique": "Service Stop",
"url": "https://attack.mitre.org/techniques/T1489",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1490",
"technique": "Inhibit System Recovery",
"url": "https://attack.mitre.org/techniques/T1490",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1491",
"technique": "Defacement",
"url": "https://attack.mitre.org/techniques/T1491",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1491.001",
"technique": "Defacement: Internal Defacement",
"url": "https://attack.mitre.org/techniques/T1491/001",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1491.002",
"technique": "Defacement: External Defacement",
"url": "https://attack.mitre.org/techniques/T1491/002",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS"
]
},
{
"technique_id": "T1495",
"technique": "Firmware Corruption",
"url": "https://attack.mitre.org/techniques/T1495",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1496",
"technique": "Resource Hijacking",
"url": "https://attack.mitre.org/techniques/T1496",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS",
"Containers"
]
},
{
"technique_id": "T1497",
"technique": "Virtualization/Sandbox Evasion",
"url": "https://attack.mitre.org/techniques/T1497",
"tactic": [
"Defense Evasion",
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1497.001",
"technique": "Virtualization/Sandbox Evasion: System Checks",
"url": "https://attack.mitre.org/techniques/T1497/001",
"tactic": [
"Defense Evasion",
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1497.002",
"technique": "Virtualization/Sandbox Evasion: User Activity Based Checks",
"url": "https://attack.mitre.org/techniques/T1497/002",
"tactic": [
"Defense Evasion",
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1497.003",
"technique": "Virtualization/Sandbox Evasion: Time Based Evasion",
"url": "https://attack.mitre.org/techniques/T1497/003",
"tactic": [
"Defense Evasion",
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1498",
"technique": "Network Denial of Service",
"url": "https://attack.mitre.org/techniques/T1498",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1498.001",
"technique": "Network Denial of Service: Direct Network Flood",
"url": "https://attack.mitre.org/techniques/T1498/001",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1498.002",
"technique": "Network Denial of Service: Reflection Amplification",
"url": "https://attack.mitre.org/techniques/T1498/002",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1499",
"technique": "Endpoint Denial of Service",
"url": "https://attack.mitre.org/techniques/T1499",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1499.001",
"technique": "Endpoint Denial of Service: OS Exhaustion Flood",
"url": "https://attack.mitre.org/techniques/T1499/001",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1499.002",
"technique": "Endpoint Denial of Service: Service Exhaustion Flood",
"url": "https://attack.mitre.org/techniques/T1499/002",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1499.003",
"technique": "Endpoint Denial of Service: Application Exhaustion Flood",
"url": "https://attack.mitre.org/techniques/T1499/003",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1499.004",
"technique": "Endpoint Denial of Service: Application or System Exploitation",
"url": "https://attack.mitre.org/techniques/T1499/004",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1505",
"technique": "Server Software Component",
"url": "https://attack.mitre.org/techniques/T1505",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1505.001",
"technique": "Server Software Component: SQL Stored Procedures",
"url": "https://attack.mitre.org/techniques/T1505/001",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux"
]
},
{
"technique_id": "T1505.002",
"technique": "Server Software Component: Transport Agent",
"url": "https://attack.mitre.org/techniques/T1505/002",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows"
]
},
{
"technique_id": "T1505.003",
"technique": "Server Software Component: Web Shell",
"url": "https://attack.mitre.org/techniques/T1505/003",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1505.004",
"technique": "Server Software Component: IIS Components",
"url": "https://attack.mitre.org/techniques/T1505/004",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1507",
"technique": "Network Information Discovery",
"url": "https://attack.mitre.org/techniques/T1507",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1508",
"technique": "Suppress Application Icon",
"url": "https://attack.mitre.org/techniques/T1508",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1509",
"technique": "Uncommonly Used Port",
"url": "https://attack.mitre.org/techniques/T1509",
"tactic": [
"Command and Control"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1510",
"technique": "Clipboard Modification",
"url": "https://attack.mitre.org/techniques/T1510",
"tactic": [
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1512",
"technique": "Capture Camera",
"url": "https://attack.mitre.org/techniques/T1512",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1513",
"technique": "Screen Capture",
"url": "https://attack.mitre.org/techniques/T1513",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1516",
"technique": "Input Injection",
"url": "https://attack.mitre.org/techniques/T1516",
"tactic": [
"Defense Evasion",
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1517",
"technique": "Access Notifications",
"url": "https://attack.mitre.org/techniques/T1517",
"tactic": [
"Collection",
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1518",
"technique": "Software Discovery",
"url": "https://attack.mitre.org/techniques/T1518",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1518.001",
"technique": "Software Discovery: Security Software Discovery",
"url": "https://attack.mitre.org/techniques/T1518/001",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace"
]
},
{
"technique_id": "T1520",
"technique": "Domain Generation Algorithms",
"url": "https://attack.mitre.org/techniques/T1520",
"tactic": [
"Command and Control"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1521",
"technique": "Standard Cryptographic Protocol",
"url": "https://attack.mitre.org/techniques/T1521",
"tactic": [
"Command and Control"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1523",
"technique": "Evade Analysis Environment",
"url": "https://attack.mitre.org/techniques/T1523",
"tactic": [
"Defense Evasion",
"Discovery"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1525",
"technique": "Implant Internal Image",
"url": "https://attack.mitre.org/techniques/T1525",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS",
"Containers"
]
},
{
"technique_id": "T1526",
"technique": "Cloud Service Discovery",
"url": "https://attack.mitre.org/techniques/T1526",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Google Workspace"
]
},
{
"technique_id": "T1528",
"technique": "Steal Application Access Token",
"url": "https://attack.mitre.org/techniques/T1528",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"SaaS",
"Office 365",
"Azure AD",
"Google Workspace"
]
},
{
"technique_id": "T1529",
"technique": "System Shutdown/Reboot",
"url": "https://attack.mitre.org/techniques/T1529",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1530",
"technique": "Data from Cloud Storage Object",
"url": "https://attack.mitre.org/techniques/T1530",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1531",
"technique": "Account Access Removal",
"url": "https://attack.mitre.org/techniques/T1531",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1532",
"technique": "Data Encrypted",
"url": "https://attack.mitre.org/techniques/T1532",
"tactic": [
"Exfiltration"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1533",
"technique": "Data from Local System",
"url": "https://attack.mitre.org/techniques/T1533",
"tactic": [
"Collection"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1534",
"technique": "Internal Spearphishing",
"url": "https://attack.mitre.org/techniques/T1534",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux",
"Office 365",
"SaaS",
"Google Workspace"
]
},
{
"technique_id": "T1535",
"technique": "Unused/Unsupported Cloud Regions",
"url": "https://attack.mitre.org/techniques/T1535",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1537",
"technique": "Transfer Data to Cloud Account",
"url": "https://attack.mitre.org/techniques/T1537",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1538",
"technique": "Cloud Service Dashboard",
"url": "https://attack.mitre.org/techniques/T1538",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"Office 365",
"IaaS",
"Google Workspace"
]
},
{
"technique_id": "T1539",
"technique": "Steal Web Session Cookie",
"url": "https://attack.mitre.org/techniques/T1539",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Office 365",
"SaaS",
"Google Workspace"
]
},
{
"technique_id": "T1540",
"technique": "Code Injection",
"url": "https://attack.mitre.org/techniques/T1540",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1541",
"technique": "Foreground Persistence",
"url": "https://attack.mitre.org/techniques/T1541",
"tactic": [
"Collection",
"Persistence"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1542",
"technique": "Pre-OS Boot",
"url": "https://attack.mitre.org/techniques/T1542",
"tactic": [
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"Network"
]
},
{
"technique_id": "T1542.001",
"technique": "Pre-OS Boot: System Firmware",
"url": "https://attack.mitre.org/techniques/T1542/001",
"tactic": [
"Persistence",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1542.002",
"technique": "Pre-OS Boot: Component Firmware",
"url": "https://attack.mitre.org/techniques/T1542/002",
"tactic": [
"Persistence",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1542.003",
"technique": "Pre-OS Boot: Bootkit",
"url": "https://attack.mitre.org/techniques/T1542/003",
"tactic": [
"Persistence",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows"
]
},
{
"technique_id": "T1542.004",
"technique": "Pre-OS Boot: ROMMONkit",
"url": "https://attack.mitre.org/techniques/T1542/004",
"tactic": [
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1542.005",
"technique": "Pre-OS Boot: TFTP Boot",
"url": "https://attack.mitre.org/techniques/T1542/005",
"tactic": [
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1543",
"technique": "Create or Modify System Process",
"url": "https://attack.mitre.org/techniques/T1543",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1543.001",
"technique": "Create or Modify System Process: Launch Agent",
"url": "https://attack.mitre.org/techniques/T1543/001",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1543.002",
"technique": "Create or Modify System Process: Systemd Service",
"url": "https://attack.mitre.org/techniques/T1543/002",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1543.003",
"technique": "Create or Modify System Process: Windows Service",
"url": "https://attack.mitre.org/techniques/T1543/003",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1543.004",
"technique": "Create or Modify System Process: Launch Daemon",
"url": "https://attack.mitre.org/techniques/T1543/004",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1544",
"technique": "Remote File Copy",
"url": "https://attack.mitre.org/techniques/T1544",
"tactic": [
"Command and Control"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1546",
"technique": "Event Triggered Execution",
"url": "https://attack.mitre.org/techniques/T1546",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1546.001",
"technique": "Event Triggered Execution: Change Default File Association",
"url": "https://attack.mitre.org/techniques/T1546/001",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.002",
"technique": "Event Triggered Execution: Screensaver",
"url": "https://attack.mitre.org/techniques/T1546/002",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.003",
"technique": "Event Triggered Execution: Windows Management Instrumentation Event Subscription",
"url": "https://attack.mitre.org/techniques/T1546/003",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.004",
"technique": "Event Triggered Execution: Unix Shell Configuration Modification",
"url": "https://attack.mitre.org/techniques/T1546/004",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1546.005",
"technique": "Event Triggered Execution: Trap",
"url": "https://attack.mitre.org/techniques/T1546/005",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Linux"
]
},
{
"technique_id": "T1546.006",
"technique": "Event Triggered Execution: LC_LOAD_DYLIB Addition",
"url": "https://attack.mitre.org/techniques/T1546/006",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1546.007",
"technique": "Event Triggered Execution: Netsh Helper DLL",
"url": "https://attack.mitre.org/techniques/T1546/007",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.008",
"technique": "Event Triggered Execution: Accessibility Features",
"url": "https://attack.mitre.org/techniques/T1546/008",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.009",
"technique": "Event Triggered Execution: AppCert DLLs",
"url": "https://attack.mitre.org/techniques/T1546/009",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.010",
"technique": "Event Triggered Execution: AppInit DLLs",
"url": "https://attack.mitre.org/techniques/T1546/010",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.011",
"technique": "Event Triggered Execution: Application Shimming",
"url": "https://attack.mitre.org/techniques/T1546/011",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.012",
"technique": "Event Triggered Execution: Image File Execution Options Injection",
"url": "https://attack.mitre.org/techniques/T1546/012",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.013",
"technique": "Event Triggered Execution: PowerShell Profile",
"url": "https://attack.mitre.org/techniques/T1546/013",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1546.014",
"technique": "Event Triggered Execution: Emond",
"url": "https://attack.mitre.org/techniques/T1546/014",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1546.015",
"technique": "Event Triggered Execution: Component Object Model Hijacking",
"url": "https://attack.mitre.org/techniques/T1546/015",
"tactic": [
"Privilege Escalation",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547",
"technique": "Boot or Logon Autostart Execution",
"url": "https://attack.mitre.org/techniques/T1547",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1547.001",
"technique": "Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder",
"url": "https://attack.mitre.org/techniques/T1547/001",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.002",
"technique": "Boot or Logon Autostart Execution: Authentication Package",
"url": "https://attack.mitre.org/techniques/T1547/002",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.003",
"technique": "Boot or Logon Autostart Execution: Time Providers",
"url": "https://attack.mitre.org/techniques/T1547/003",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.004",
"technique": "Boot or Logon Autostart Execution: Winlogon Helper DLL",
"url": "https://attack.mitre.org/techniques/T1547/004",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.005",
"technique": "Boot or Logon Autostart Execution: Security Support Provider",
"url": "https://attack.mitre.org/techniques/T1547/005",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.006",
"technique": "Boot or Logon Autostart Execution: Kernel Modules and Extensions",
"url": "https://attack.mitre.org/techniques/T1547/006",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Linux"
]
},
{
"technique_id": "T1547.007",
"technique": "Boot or Logon Autostart Execution: Re-opened Applications",
"url": "https://attack.mitre.org/techniques/T1547/007",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1547.008",
"technique": "Boot or Logon Autostart Execution: LSASS Driver",
"url": "https://attack.mitre.org/techniques/T1547/008",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.009",
"technique": "Boot or Logon Autostart Execution: Shortcut Modification",
"url": "https://attack.mitre.org/techniques/T1547/009",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.010",
"technique": "Boot or Logon Autostart Execution: Port Monitors",
"url": "https://attack.mitre.org/techniques/T1547/010",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.011",
"technique": "Boot or Logon Autostart Execution: Plist Modification",
"url": "https://attack.mitre.org/techniques/T1547/011",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1547.012",
"technique": "Boot or Logon Autostart Execution: Print Processors",
"url": "https://attack.mitre.org/techniques/T1547/012",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.013",
"technique": "Boot or Logon Autostart Execution: XDG Autostart Entries",
"url": "https://attack.mitre.org/techniques/T1547/013",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux"
]
},
{
"technique_id": "T1547.014",
"technique": "Boot or Logon Autostart Execution: Active Setup",
"url": "https://attack.mitre.org/techniques/T1547/014",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1547.015",
"technique": "Boot or Logon Autostart Execution: Login Items",
"url": "https://attack.mitre.org/techniques/T1547/015",
"tactic": [
"Persistence",
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1548",
"technique": "Abuse Elevation Control Mechanism",
"url": "https://attack.mitre.org/techniques/T1548",
"tactic": [
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1548.001",
"technique": "Abuse Elevation Control Mechanism: Setuid and Setgid",
"url": "https://attack.mitre.org/techniques/T1548/001",
"tactic": [
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1548.002",
"technique": "Abuse Elevation Control Mechanism: Bypass User Account Control",
"url": "https://attack.mitre.org/techniques/T1548/002",
"tactic": [
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1548.003",
"technique": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching",
"url": "https://attack.mitre.org/techniques/T1548/003",
"tactic": [
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1548.004",
"technique": "Abuse Elevation Control Mechanism: Elevated Execution with Prompt",
"url": "https://attack.mitre.org/techniques/T1548/004",
"tactic": [
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1550",
"technique": "Use Alternate Authentication Material",
"url": "https://attack.mitre.org/techniques/T1550",
"tactic": [
"Defense Evasion",
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365",
"SaaS",
"Google Workspace",
"IaaS"
]
},
{
"technique_id": "T1550.001",
"technique": "Use Alternate Authentication Material: Application Access Token",
"url": "https://attack.mitre.org/techniques/T1550/001",
"tactic": [
"Defense Evasion",
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Office 365",
"SaaS",
"Google Workspace"
]
},
{
"technique_id": "T1550.002",
"technique": "Use Alternate Authentication Material: Pass the Hash",
"url": "https://attack.mitre.org/techniques/T1550/002",
"tactic": [
"Defense Evasion",
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1550.003",
"technique": "Use Alternate Authentication Material: Pass the Ticket",
"url": "https://attack.mitre.org/techniques/T1550/003",
"tactic": [
"Defense Evasion",
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1550.004",
"technique": "Use Alternate Authentication Material: Web Session Cookie",
"url": "https://attack.mitre.org/techniques/T1550/004",
"tactic": [
"Defense Evasion",
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Office 365",
"SaaS",
"Google Workspace",
"IaaS"
]
},
{
"technique_id": "T1552",
"technique": "Unsecured Credentials",
"url": "https://attack.mitre.org/techniques/T1552",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Linux",
"macOS",
"Google Workspace",
"Containers"
]
},
{
"technique_id": "T1552.001",
"technique": "Unsecured Credentials: Credentials In Files",
"url": "https://attack.mitre.org/techniques/T1552/001",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"IaaS",
"Linux",
"macOS",
"Containers"
]
},
{
"technique_id": "T1552.002",
"technique": "Unsecured Credentials: Credentials in Registry",
"url": "https://attack.mitre.org/techniques/T1552/002",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1552.003",
"technique": "Unsecured Credentials: Bash History",
"url": "https://attack.mitre.org/techniques/T1552/003",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1552.004",
"technique": "Unsecured Credentials: Private Keys",
"url": "https://attack.mitre.org/techniques/T1552/004",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1552.005",
"technique": "Unsecured Credentials: Cloud Instance Metadata API",
"url": "https://attack.mitre.org/techniques/T1552/005",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1552.006",
"technique": "Unsecured Credentials: Group Policy Preferences",
"url": "https://attack.mitre.org/techniques/T1552/006",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1552.007",
"technique": "Unsecured Credentials: Container API",
"url": "https://attack.mitre.org/techniques/T1552/007",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Containers"
]
},
{
"technique_id": "T1553",
"technique": "Subvert Trust Controls",
"url": "https://attack.mitre.org/techniques/T1553",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1553.001",
"technique": "Subvert Trust Controls: Gatekeeper Bypass",
"url": "https://attack.mitre.org/techniques/T1553/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1553.002",
"technique": "Subvert Trust Controls: Code Signing",
"url": "https://attack.mitre.org/techniques/T1553/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows"
]
},
{
"technique_id": "T1553.003",
"technique": "Subvert Trust Controls: SIP and Trust Provider Hijacking",
"url": "https://attack.mitre.org/techniques/T1553/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1553.004",
"technique": "Subvert Trust Controls: Install Root Certificate",
"url": "https://attack.mitre.org/techniques/T1553/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1553.005",
"technique": "Subvert Trust Controls: Mark-of-the-Web Bypass",
"url": "https://attack.mitre.org/techniques/T1553/005",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1553.006",
"technique": "Subvert Trust Controls: Code Signing Policy Modification",
"url": "https://attack.mitre.org/techniques/T1553/006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS"
]
},
{
"technique_id": "T1554",
"technique": "Compromise Client Software Binary",
"url": "https://attack.mitre.org/techniques/T1554",
"tactic": [
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1555",
"technique": "Credentials from Password Stores",
"url": "https://attack.mitre.org/techniques/T1555",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1555.001",
"technique": "Credentials from Password Stores: Keychain",
"url": "https://attack.mitre.org/techniques/T1555/001",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1555.002",
"technique": "Credentials from Password Stores: Securityd Memory",
"url": "https://attack.mitre.org/techniques/T1555/002",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1555.003",
"technique": "Credentials from Password Stores: Credentials from Web Browsers",
"url": "https://attack.mitre.org/techniques/T1555/003",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1555.004",
"technique": "Credentials from Password Stores: Windows Credential Manager",
"url": "https://attack.mitre.org/techniques/T1555/004",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1555.005",
"technique": "Credentials from Password Stores: Password Managers",
"url": "https://attack.mitre.org/techniques/T1555/005",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1556",
"technique": "Modify Authentication Process",
"url": "https://attack.mitre.org/techniques/T1556",
"tactic": [
"Credential Access",
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS",
"Network"
]
},
{
"technique_id": "T1556.001",
"technique": "Modify Authentication Process: Domain Controller Authentication",
"url": "https://attack.mitre.org/techniques/T1556/001",
"tactic": [
"Credential Access",
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1556.002",
"technique": "Modify Authentication Process: Password Filter DLL",
"url": "https://attack.mitre.org/techniques/T1556/002",
"tactic": [
"Credential Access",
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1556.003",
"technique": "Modify Authentication Process: Pluggable Authentication Modules",
"url": "https://attack.mitre.org/techniques/T1556/003",
"tactic": [
"Credential Access",
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1556.004",
"technique": "Modify Authentication Process: Network Device Authentication",
"url": "https://attack.mitre.org/techniques/T1556/004",
"tactic": [
"Credential Access",
"Defense Evasion",
"Persistence"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1557",
"technique": "Adversary-in-the-Middle",
"url": "https://attack.mitre.org/techniques/T1557",
"tactic": [
"Credential Access",
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1557.001",
"technique": "Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay",
"url": "https://attack.mitre.org/techniques/T1557/001",
"tactic": [
"Credential Access",
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1557.002",
"technique": "Adversary-in-the-Middle: ARP Cache Poisoning",
"url": "https://attack.mitre.org/techniques/T1557/002",
"tactic": [
"Credential Access",
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1558",
"technique": "Steal or Forge Kerberos Tickets",
"url": "https://attack.mitre.org/techniques/T1558",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1558.001",
"technique": "Steal or Forge Kerberos Tickets: Golden Ticket",
"url": "https://attack.mitre.org/techniques/T1558/001",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1558.002",
"technique": "Steal or Forge Kerberos Tickets: Silver Ticket",
"url": "https://attack.mitre.org/techniques/T1558/002",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1558.003",
"technique": "Steal or Forge Kerberos Tickets: Kerberoasting",
"url": "https://attack.mitre.org/techniques/T1558/003",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1558.004",
"technique": "Steal or Forge Kerberos Tickets: AS-REP Roasting",
"url": "https://attack.mitre.org/techniques/T1558/004",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1559",
"technique": "Inter-Process Communication",
"url": "https://attack.mitre.org/techniques/T1559",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS"
]
},
{
"technique_id": "T1559.001",
"technique": "Inter-Process Communication: Component Object Model",
"url": "https://attack.mitre.org/techniques/T1559/001",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1559.002",
"technique": "Inter-Process Communication: Dynamic Data Exchange",
"url": "https://attack.mitre.org/techniques/T1559/002",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1560",
"technique": "Archive Collected Data",
"url": "https://attack.mitre.org/techniques/T1560",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1560.001",
"technique": "Archive Collected Data: Archive via Utility",
"url": "https://attack.mitre.org/techniques/T1560/001",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1560.002",
"technique": "Archive Collected Data: Archive via Library",
"url": "https://attack.mitre.org/techniques/T1560/002",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1560.003",
"technique": "Archive Collected Data: Archive via Custom Method",
"url": "https://attack.mitre.org/techniques/T1560/003",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1561",
"technique": "Disk Wipe",
"url": "https://attack.mitre.org/techniques/T1561",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1561.001",
"technique": "Disk Wipe: Disk Content Wipe",
"url": "https://attack.mitre.org/techniques/T1561/001",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1561.002",
"technique": "Disk Wipe: Disk Structure Wipe",
"url": "https://attack.mitre.org/techniques/T1561/002",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1562",
"technique": "Impair Defenses",
"url": "https://attack.mitre.org/techniques/T1562",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365",
"IaaS",
"Linux",
"macOS",
"Containers",
"Network"
]
},
{
"technique_id": "T1562.001",
"technique": "Impair Defenses: Disable or Modify Tools",
"url": "https://attack.mitre.org/techniques/T1562/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux",
"Containers",
"IaaS"
]
},
{
"technique_id": "T1562.002",
"technique": "Impair Defenses: Disable Windows Event Logging",
"url": "https://attack.mitre.org/techniques/T1562/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1562.003",
"technique": "Impair Defenses: Impair Command History Logging",
"url": "https://attack.mitre.org/techniques/T1562/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1562.004",
"technique": "Impair Defenses: Disable or Modify System Firewall",
"url": "https://attack.mitre.org/techniques/T1562/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1562.006",
"technique": "Impair Defenses: Indicator Blocking",
"url": "https://attack.mitre.org/techniques/T1562/006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1562.007",
"technique": "Impair Defenses: Disable or Modify Cloud Firewall",
"url": "https://attack.mitre.org/techniques/T1562/007",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1562.008",
"technique": "Impair Defenses: Disable Cloud Logs",
"url": "https://attack.mitre.org/techniques/T1562/008",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1562.009",
"technique": "Impair Defenses: Safe Mode Boot",
"url": "https://attack.mitre.org/techniques/T1562/009",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1562.010",
"technique": "Impair Defenses: Downgrade Attack",
"url": "https://attack.mitre.org/techniques/T1562/010",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1563",
"technique": "Remote Service Session Hijacking",
"url": "https://attack.mitre.org/techniques/T1563",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1563.001",
"technique": "Remote Service Session Hijacking: SSH Hijacking",
"url": "https://attack.mitre.org/techniques/T1563/001",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1563.002",
"technique": "Remote Service Session Hijacking: RDP Hijacking",
"url": "https://attack.mitre.org/techniques/T1563/002",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1564",
"technique": "Hide Artifacts",
"url": "https://attack.mitre.org/techniques/T1564",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Office 365"
]
},
{
"technique_id": "T1564.001",
"technique": "Hide Artifacts: Hidden Files and Directories",
"url": "https://attack.mitre.org/techniques/T1564/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS",
"Linux"
]
},
{
"technique_id": "T1564.002",
"technique": "Hide Artifacts: Hidden Users",
"url": "https://attack.mitre.org/techniques/T1564/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows"
]
},
{
"technique_id": "T1564.003",
"technique": "Hide Artifacts: Hidden Window",
"url": "https://attack.mitre.org/techniques/T1564/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows"
]
},
{
"technique_id": "T1564.004",
"technique": "Hide Artifacts: NTFS File Attributes",
"url": "https://attack.mitre.org/techniques/T1564/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1564.005",
"technique": "Hide Artifacts: Hidden File System",
"url": "https://attack.mitre.org/techniques/T1564/005",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1564.006",
"technique": "Hide Artifacts: Run Virtual Instance",
"url": "https://attack.mitre.org/techniques/T1564/006",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1564.007",
"technique": "Hide Artifacts: VBA Stomping",
"url": "https://attack.mitre.org/techniques/T1564/007",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1564.008",
"technique": "Hide Artifacts: Email Hiding Rules",
"url": "https://attack.mitre.org/techniques/T1564/008",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Office 365",
"Linux",
"macOS"
]
},
{
"technique_id": "T1564.009",
"technique": "Hide Artifacts: Resource Forking",
"url": "https://attack.mitre.org/techniques/T1564/009",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1565",
"technique": "Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1565.001",
"technique": "Data Manipulation: Stored Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565/001",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1565.002",
"technique": "Data Manipulation: Transmitted Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565/002",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1565.003",
"technique": "Data Manipulation: Runtime Data Manipulation",
"url": "https://attack.mitre.org/techniques/T1565/003",
"tactic": [
"Impact"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1566",
"technique": "Phishing",
"url": "https://attack.mitre.org/techniques/T1566",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"SaaS",
"Office 365",
"Google Workspace"
]
},
{
"technique_id": "T1566.001",
"technique": "Phishing: Spearphishing Attachment",
"url": "https://attack.mitre.org/techniques/T1566/001",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Windows",
"Linux"
]
},
{
"technique_id": "T1566.002",
"technique": "Phishing: Spearphishing Link",
"url": "https://attack.mitre.org/techniques/T1566/002",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"Office 365",
"SaaS",
"Google Workspace"
]
},
{
"technique_id": "T1566.003",
"technique": "Phishing: Spearphishing via Service",
"url": "https://attack.mitre.org/techniques/T1566/003",
"tactic": [
"Initial Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1567",
"technique": "Exfiltration Over Web Service",
"url": "https://attack.mitre.org/techniques/T1567",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1567.001",
"technique": "Exfiltration Over Web Service: Exfiltration to Code Repository",
"url": "https://attack.mitre.org/techniques/T1567/001",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1567.002",
"technique": "Exfiltration Over Web Service: Exfiltration to Cloud Storage",
"url": "https://attack.mitre.org/techniques/T1567/002",
"tactic": [
"Exfiltration"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1568",
"technique": "Dynamic Resolution",
"url": "https://attack.mitre.org/techniques/T1568",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1568.001",
"technique": "Dynamic Resolution: Fast Flux DNS",
"url": "https://attack.mitre.org/techniques/T1568/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1568.002",
"technique": "Dynamic Resolution: Domain Generation Algorithms",
"url": "https://attack.mitre.org/techniques/T1568/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1568.003",
"technique": "Dynamic Resolution: DNS Calculation",
"url": "https://attack.mitre.org/techniques/T1568/003",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1569",
"technique": "System Services",
"url": "https://attack.mitre.org/techniques/T1569",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"macOS"
]
},
{
"technique_id": "T1569.001",
"technique": "System Services: Launchctl",
"url": "https://attack.mitre.org/techniques/T1569/001",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1569.002",
"technique": "System Services: Service Execution",
"url": "https://attack.mitre.org/techniques/T1569/002",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1570",
"technique": "Lateral Tool Transfer",
"url": "https://attack.mitre.org/techniques/T1570",
"tactic": [
"Lateral Movement"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1571",
"technique": "Non-Standard Port",
"url": "https://attack.mitre.org/techniques/T1571",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1572",
"technique": "Protocol Tunneling",
"url": "https://attack.mitre.org/techniques/T1572",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1573",
"technique": "Encrypted Channel",
"url": "https://attack.mitre.org/techniques/T1573",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1573.001",
"technique": "Encrypted Channel: Symmetric Cryptography",
"url": "https://attack.mitre.org/techniques/T1573/001",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"Windows",
"macOS"
]
},
{
"technique_id": "T1573.002",
"technique": "Encrypted Channel: Asymmetric Cryptography",
"url": "https://attack.mitre.org/techniques/T1573/002",
"tactic": [
"Command and Control"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1574",
"technique": "Hijack Execution Flow",
"url": "https://attack.mitre.org/techniques/T1574",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows"
]
},
{
"technique_id": "T1574.001",
"technique": "Hijack Execution Flow: DLL Search Order Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/001",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.002",
"technique": "Hijack Execution Flow: DLL Side-Loading",
"url": "https://attack.mitre.org/techniques/T1574/002",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.004",
"technique": "Hijack Execution Flow: Dylib Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/004",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS"
]
},
{
"technique_id": "T1574.005",
"technique": "Hijack Execution Flow: Executable Installer File Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1574/005",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.006",
"technique": "Hijack Execution Flow: Dynamic Linker Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/006",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS"
]
},
{
"technique_id": "T1574.007",
"technique": "Hijack Execution Flow: Path Interception by PATH Environment Variable",
"url": "https://attack.mitre.org/techniques/T1574/007",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.008",
"technique": "Hijack Execution Flow: Path Interception by Search Order Hijacking",
"url": "https://attack.mitre.org/techniques/T1574/008",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.009",
"technique": "Hijack Execution Flow: Path Interception by Unquoted Path",
"url": "https://attack.mitre.org/techniques/T1574/009",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.010",
"technique": "Hijack Execution Flow: Services File Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1574/010",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.011",
"technique": "Hijack Execution Flow: Services Registry Permissions Weakness",
"url": "https://attack.mitre.org/techniques/T1574/011",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1574.012",
"technique": "Hijack Execution Flow: COR_PROFILER",
"url": "https://attack.mitre.org/techniques/T1574/012",
"tactic": [
"Persistence",
"Privilege Escalation",
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1575",
"technique": "Native Code",
"url": "https://attack.mitre.org/techniques/T1575",
"tactic": [
"Defense Evasion",
"Execution"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1576",
"technique": "Uninstall Malicious Application",
"url": "https://attack.mitre.org/techniques/T1576",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1577",
"technique": "Compromise Application Executable",
"url": "https://attack.mitre.org/techniques/T1577",
"tactic": [
"Persistence"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1578",
"technique": "Modify Cloud Compute Infrastructure",
"url": "https://attack.mitre.org/techniques/T1578",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1578.001",
"technique": "Modify Cloud Compute Infrastructure: Create Snapshot",
"url": "https://attack.mitre.org/techniques/T1578/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1578.002",
"technique": "Modify Cloud Compute Infrastructure: Create Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1578/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1578.003",
"technique": "Modify Cloud Compute Infrastructure: Delete Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1578/003",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1578.004",
"technique": "Modify Cloud Compute Infrastructure: Revert Cloud Instance",
"url": "https://attack.mitre.org/techniques/T1578/004",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1579",
"technique": "Keychain",
"url": "https://attack.mitre.org/techniques/T1579",
"tactic": [
"Credential Access"
],
"domain": [
"Mobile"
],
"platform": [
"iOS"
]
},
{
"technique_id": "T1580",
"technique": "Cloud Infrastructure Discovery",
"url": "https://attack.mitre.org/techniques/T1580",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1581",
"technique": "Geofencing",
"url": "https://attack.mitre.org/techniques/T1581",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1582",
"technique": "SMS Control",
"url": "https://attack.mitre.org/techniques/T1582",
"tactic": [
"Impact"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1583",
"technique": "Acquire Infrastructure",
"url": "https://attack.mitre.org/techniques/T1583",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1583.001",
"technique": "Acquire Infrastructure: Domains",
"url": "https://attack.mitre.org/techniques/T1583/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1583.002",
"technique": "Acquire Infrastructure: DNS Server",
"url": "https://attack.mitre.org/techniques/T1583/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1583.003",
"technique": "Acquire Infrastructure: Virtual Private Server",
"url": "https://attack.mitre.org/techniques/T1583/003",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1583.004",
"technique": "Acquire Infrastructure: Server",
"url": "https://attack.mitre.org/techniques/T1583/004",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1583.005",
"technique": "Acquire Infrastructure: Botnet",
"url": "https://attack.mitre.org/techniques/T1583/005",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1583.006",
"technique": "Acquire Infrastructure: Web Services",
"url": "https://attack.mitre.org/techniques/T1583/006",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584",
"technique": "Compromise Infrastructure",
"url": "https://attack.mitre.org/techniques/T1584",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584.001",
"technique": "Compromise Infrastructure: Domains",
"url": "https://attack.mitre.org/techniques/T1584/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584.002",
"technique": "Compromise Infrastructure: DNS Server",
"url": "https://attack.mitre.org/techniques/T1584/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584.003",
"technique": "Compromise Infrastructure: Virtual Private Server",
"url": "https://attack.mitre.org/techniques/T1584/003",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584.004",
"technique": "Compromise Infrastructure: Server",
"url": "https://attack.mitre.org/techniques/T1584/004",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584.005",
"technique": "Compromise Infrastructure: Botnet",
"url": "https://attack.mitre.org/techniques/T1584/005",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1584.006",
"technique": "Compromise Infrastructure: Web Services",
"url": "https://attack.mitre.org/techniques/T1584/006",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1585",
"technique": "Establish Accounts",
"url": "https://attack.mitre.org/techniques/T1585",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1585.001",
"technique": "Establish Accounts: Social Media Accounts",
"url": "https://attack.mitre.org/techniques/T1585/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1585.002",
"technique": "Establish Accounts: Email Accounts",
"url": "https://attack.mitre.org/techniques/T1585/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1586",
"technique": "Compromise Accounts",
"url": "https://attack.mitre.org/techniques/T1586",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1586.001",
"technique": "Compromise Accounts: Social Media Accounts",
"url": "https://attack.mitre.org/techniques/T1586/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1586.002",
"technique": "Compromise Accounts: Email Accounts",
"url": "https://attack.mitre.org/techniques/T1586/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1587",
"technique": "Develop Capabilities",
"url": "https://attack.mitre.org/techniques/T1587",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1587.001",
"technique": "Develop Capabilities: Malware",
"url": "https://attack.mitre.org/techniques/T1587/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1587.002",
"technique": "Develop Capabilities: Code Signing Certificates",
"url": "https://attack.mitre.org/techniques/T1587/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1587.003",
"technique": "Develop Capabilities: Digital Certificates",
"url": "https://attack.mitre.org/techniques/T1587/003",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1587.004",
"technique": "Develop Capabilities: Exploits",
"url": "https://attack.mitre.org/techniques/T1587/004",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588",
"technique": "Obtain Capabilities",
"url": "https://attack.mitre.org/techniques/T1588",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588.001",
"technique": "Obtain Capabilities: Malware",
"url": "https://attack.mitre.org/techniques/T1588/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588.002",
"technique": "Obtain Capabilities: Tool",
"url": "https://attack.mitre.org/techniques/T1588/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588.003",
"technique": "Obtain Capabilities: Code Signing Certificates",
"url": "https://attack.mitre.org/techniques/T1588/003",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588.004",
"technique": "Obtain Capabilities: Digital Certificates",
"url": "https://attack.mitre.org/techniques/T1588/004",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588.005",
"technique": "Obtain Capabilities: Exploits",
"url": "https://attack.mitre.org/techniques/T1588/005",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1588.006",
"technique": "Obtain Capabilities: Vulnerabilities",
"url": "https://attack.mitre.org/techniques/T1588/006",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1589",
"technique": "Gather Victim Identity Information",
"url": "https://attack.mitre.org/techniques/T1589",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1589.001",
"technique": "Gather Victim Identity Information: Credentials",
"url": "https://attack.mitre.org/techniques/T1589/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1589.002",
"technique": "Gather Victim Identity Information: Email Addresses",
"url": "https://attack.mitre.org/techniques/T1589/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1589.003",
"technique": "Gather Victim Identity Information: Employee Names",
"url": "https://attack.mitre.org/techniques/T1589/003",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590",
"technique": "Gather Victim Network Information",
"url": "https://attack.mitre.org/techniques/T1590",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590.001",
"technique": "Gather Victim Network Information: Domain Properties",
"url": "https://attack.mitre.org/techniques/T1590/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590.002",
"technique": "Gather Victim Network Information: DNS",
"url": "https://attack.mitre.org/techniques/T1590/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590.003",
"technique": "Gather Victim Network Information: Network Trust Dependencies",
"url": "https://attack.mitre.org/techniques/T1590/003",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590.004",
"technique": "Gather Victim Network Information: Network Topology",
"url": "https://attack.mitre.org/techniques/T1590/004",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590.005",
"technique": "Gather Victim Network Information: IP Addresses",
"url": "https://attack.mitre.org/techniques/T1590/005",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1590.006",
"technique": "Gather Victim Network Information: Network Security Appliances",
"url": "https://attack.mitre.org/techniques/T1590/006",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1591",
"technique": "Gather Victim Org Information",
"url": "https://attack.mitre.org/techniques/T1591",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1591.001",
"technique": "Gather Victim Org Information: Determine Physical Locations",
"url": "https://attack.mitre.org/techniques/T1591/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1591.002",
"technique": "Gather Victim Org Information: Business Relationships",
"url": "https://attack.mitre.org/techniques/T1591/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1591.003",
"technique": "Gather Victim Org Information: Identify Business Tempo",
"url": "https://attack.mitre.org/techniques/T1591/003",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1591.004",
"technique": "Gather Victim Org Information: Identify Roles",
"url": "https://attack.mitre.org/techniques/T1591/004",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1592",
"technique": "Gather Victim Host Information",
"url": "https://attack.mitre.org/techniques/T1592",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1592.001",
"technique": "Gather Victim Host Information: Hardware",
"url": "https://attack.mitre.org/techniques/T1592/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1592.002",
"technique": "Gather Victim Host Information: Software",
"url": "https://attack.mitre.org/techniques/T1592/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1592.003",
"technique": "Gather Victim Host Information: Firmware",
"url": "https://attack.mitre.org/techniques/T1592/003",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1592.004",
"technique": "Gather Victim Host Information: Client Configurations",
"url": "https://attack.mitre.org/techniques/T1592/004",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1593",
"technique": "Search Open Websites/Domains",
"url": "https://attack.mitre.org/techniques/T1593",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1593.001",
"technique": "Search Open Websites/Domains: Social Media",
"url": "https://attack.mitre.org/techniques/T1593/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1593.002",
"technique": "Search Open Websites/Domains: Search Engines",
"url": "https://attack.mitre.org/techniques/T1593/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1594",
"technique": "Search Victim-Owned Websites",
"url": "https://attack.mitre.org/techniques/T1594",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1595",
"technique": "Active Scanning",
"url": "https://attack.mitre.org/techniques/T1595",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1595.001",
"technique": "Active Scanning: Scanning IP Blocks",
"url": "https://attack.mitre.org/techniques/T1595/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1595.002",
"technique": "Active Scanning: Vulnerability Scanning",
"url": "https://attack.mitre.org/techniques/T1595/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1596",
"technique": "Search Open Technical Databases",
"url": "https://attack.mitre.org/techniques/T1596",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1596.001",
"technique": "Search Open Technical Databases: DNS/Passive DNS",
"url": "https://attack.mitre.org/techniques/T1596/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1596.002",
"technique": "Search Open Technical Databases: WHOIS",
"url": "https://attack.mitre.org/techniques/T1596/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1596.003",
"technique": "Search Open Technical Databases: Digital Certificates",
"url": "https://attack.mitre.org/techniques/T1596/003",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1596.004",
"technique": "Search Open Technical Databases: CDNs",
"url": "https://attack.mitre.org/techniques/T1596/004",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1596.005",
"technique": "Search Open Technical Databases: Scan Databases",
"url": "https://attack.mitre.org/techniques/T1596/005",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1597",
"technique": "Search Closed Sources",
"url": "https://attack.mitre.org/techniques/T1597",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1597.001",
"technique": "Search Closed Sources: Threat Intel Vendors",
"url": "https://attack.mitre.org/techniques/T1597/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1597.002",
"technique": "Search Closed Sources: Purchase Technical Data",
"url": "https://attack.mitre.org/techniques/T1597/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1598",
"technique": "Phishing for Information",
"url": "https://attack.mitre.org/techniques/T1598",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1598.001",
"technique": "Phishing for Information: Spearphishing Service",
"url": "https://attack.mitre.org/techniques/T1598/001",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1598.002",
"technique": "Phishing for Information: Spearphishing Attachment",
"url": "https://attack.mitre.org/techniques/T1598/002",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1598.003",
"technique": "Phishing for Information: Spearphishing Link",
"url": "https://attack.mitre.org/techniques/T1598/003",
"tactic": [
"Reconnaissance"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1599",
"technique": "Network Boundary Bridging",
"url": "https://attack.mitre.org/techniques/T1599",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1599.001",
"technique": "Network Boundary Bridging: Network Address Translation Traversal",
"url": "https://attack.mitre.org/techniques/T1599/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1600",
"technique": "Weaken Encryption",
"url": "https://attack.mitre.org/techniques/T1600",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1600.001",
"technique": "Weaken Encryption: Reduce Key Space",
"url": "https://attack.mitre.org/techniques/T1600/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1600.002",
"technique": "Weaken Encryption: Disable Crypto Hardware",
"url": "https://attack.mitre.org/techniques/T1600/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1601",
"technique": "Modify System Image",
"url": "https://attack.mitre.org/techniques/T1601",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1601.001",
"technique": "Modify System Image: Patch System Image",
"url": "https://attack.mitre.org/techniques/T1601/001",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1601.002",
"technique": "Modify System Image: Downgrade System Image",
"url": "https://attack.mitre.org/techniques/T1601/002",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1602",
"technique": "Data from Configuration Repository",
"url": "https://attack.mitre.org/techniques/T1602",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1602.001",
"technique": "Data from Configuration Repository: SNMP (MIB Dump)",
"url": "https://attack.mitre.org/techniques/T1602/001",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1602.002",
"technique": "Data from Configuration Repository: Network Device Configuration Dump",
"url": "https://attack.mitre.org/techniques/T1602/002",
"tactic": [
"Collection"
],
"domain": [
"Enterprise"
],
"platform": [
"Network"
]
},
{
"technique_id": "T1603",
"technique": "Scheduled Task/Job",
"url": "https://attack.mitre.org/techniques/T1603",
"tactic": [
"Execution",
"Persistence"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1604",
"technique": "Proxy Through Victim",
"url": "https://attack.mitre.org/techniques/T1604",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1605",
"technique": "Command-Line Interface",
"url": "https://attack.mitre.org/techniques/T1605",
"tactic": [
"Execution"
],
"domain": [
"Mobile"
],
"platform": [
"Android",
"iOS"
]
},
{
"technique_id": "T1606",
"technique": "Forge Web Credentials",
"url": "https://attack.mitre.org/techniques/T1606",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"SaaS",
"Windows",
"macOS",
"Linux",
"Azure AD",
"Office 365",
"Google Workspace",
"IaaS"
]
},
{
"technique_id": "T1606.001",
"technique": "Forge Web Credentials: Web Cookies",
"url": "https://attack.mitre.org/techniques/T1606/001",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Linux",
"macOS",
"Windows",
"SaaS",
"IaaS"
]
},
{
"technique_id": "T1606.002",
"technique": "Forge Web Credentials: SAML Tokens",
"url": "https://attack.mitre.org/techniques/T1606/002",
"tactic": [
"Credential Access"
],
"domain": [
"Enterprise"
],
"platform": [
"Azure AD",
"SaaS",
"Windows",
"Office 365",
"Google Workspace",
"IaaS"
]
},
{
"technique_id": "T1608",
"technique": "Stage Capabilities",
"url": "https://attack.mitre.org/techniques/T1608",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1608.001",
"technique": "Stage Capabilities: Upload Malware",
"url": "https://attack.mitre.org/techniques/T1608/001",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1608.002",
"technique": "Stage Capabilities: Upload Tool",
"url": "https://attack.mitre.org/techniques/T1608/002",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1608.003",
"technique": "Stage Capabilities: Install Digital Certificate",
"url": "https://attack.mitre.org/techniques/T1608/003",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1608.004",
"technique": "Stage Capabilities: Drive-by Target",
"url": "https://attack.mitre.org/techniques/T1608/004",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1608.005",
"technique": "Stage Capabilities: Link Target",
"url": "https://attack.mitre.org/techniques/T1608/005",
"tactic": [
"Resource Development"
],
"domain": [
"Enterprise"
],
"platform": [
"PRE"
]
},
{
"technique_id": "T1609",
"technique": "Container Administration Command",
"url": "https://attack.mitre.org/techniques/T1609",
"tactic": [
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Containers"
]
},
{
"technique_id": "T1610",
"technique": "Deploy Container",
"url": "https://attack.mitre.org/techniques/T1610",
"tactic": [
"Defense Evasion",
"Execution"
],
"domain": [
"Enterprise"
],
"platform": [
"Containers"
]
},
{
"technique_id": "T1611",
"technique": "Escape to Host",
"url": "https://attack.mitre.org/techniques/T1611",
"tactic": [
"Privilege Escalation"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"Containers"
]
},
{
"technique_id": "T1612",
"technique": "Build Image on Host",
"url": "https://attack.mitre.org/techniques/T1612",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"Containers"
]
},
{
"technique_id": "T1613",
"technique": "Container and Resource Discovery",
"url": "https://attack.mitre.org/techniques/T1613",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Containers"
]
},
{
"technique_id": "T1614",
"technique": "System Location Discovery",
"url": "https://attack.mitre.org/techniques/T1614",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS",
"IaaS"
]
},
{
"technique_id": "T1614.001",
"technique": "System Location Discovery: System Language Discovery",
"url": "https://attack.mitre.org/techniques/T1614/001",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows",
"Linux",
"macOS"
]
},
{
"technique_id": "T1615",
"technique": "Group Policy Discovery",
"url": "https://attack.mitre.org/techniques/T1615",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"Windows"
]
},
{
"technique_id": "T1616",
"technique": "Call Control",
"url": "https://attack.mitre.org/techniques/T1616",
"tactic": [
"Collection",
"Impact",
"Command and Control"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1617",
"technique": "Hooking",
"url": "https://attack.mitre.org/techniques/T1617",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1618",
"technique": "User Evasion",
"url": "https://attack.mitre.org/techniques/T1618",
"tactic": [
"Defense Evasion"
],
"domain": [
"Mobile"
],
"platform": [
"Android"
]
},
{
"technique_id": "T1619",
"technique": "Cloud Storage Object Discovery",
"url": "https://attack.mitre.org/techniques/T1619",
"tactic": [
"Discovery"
],
"domain": [
"Enterprise"
],
"platform": [
"IaaS"
]
},
{
"technique_id": "T1620",
"technique": "Reflective Code Loading",
"url": "https://attack.mitre.org/techniques/T1620",
"tactic": [
"Defense Evasion"
],
"domain": [
"Enterprise"
],
"platform": [
"macOS",
"Linux",
"Windows"
]
}
]
Reference in New Issue View Git Blame Copy Permalink