[ { "name": "Extra Window Memory Injection", "id": "T1055.011", "url": "https://attack.mitre.org/techniques/T1055/011" }, { "name": "Scheduled Task", "id": "T1053.005", "url": "https://attack.mitre.org/techniques/T1053/005" }, { "name": "Socket Filters", "id": "T1205.002", "url": "https://attack.mitre.org/techniques/T1205/002" }, { "name": "Indicator Removal from Tools", "id": "T1066", "url": "https://attack.mitre.org/techniques/T1066" }, { "name": "Archive via Utility", "id": "T1560.001", "url": "https://attack.mitre.org/techniques/T1560/001" }, { "name": "VNC", "id": "T1021.005", "url": "https://attack.mitre.org/techniques/T1021/005" }, { "name": "Windows Management Instrumentation", "id": "T1047", "url": "https://attack.mitre.org/techniques/T1047" }, { "name": "Malicious Shell Modification", "id": "T1156", "url": "https://attack.mitre.org/techniques/T1156" }, { "name": "Screen Capture", "id": "T1113", "url": "https://attack.mitre.org/techniques/T1113" }, { "name": "Fileless Storage", "id": "T1027.011", "url": "https://attack.mitre.org/techniques/T1027/011" }, { "name": "Bootkit", "id": "T1067", "url": "https://attack.mitre.org/techniques/T1067" }, { "name": "Boot or Logon Initialization Scripts", "id": "T1037", "url": "https://attack.mitre.org/techniques/T1037" }, { "name": "Adversary-in-the-Middle", "id": "T1557", "url": "https://attack.mitre.org/techniques/T1557" }, { "name": "System Owner/User Discovery", "id": "T1033", "url": "https://attack.mitre.org/techniques/T1033" }, { "name": "Acquire Infrastructure", "id": "T1583", "url": "https://attack.mitre.org/techniques/T1583" }, { "name": "Rundll32", "id": "T1218.011", "url": "https://attack.mitre.org/techniques/T1218/011" }, { "name": "Container and Resource Discovery", "id": "T1613", "url": "https://attack.mitre.org/techniques/T1613" }, { "name": "Serverless", "id": "T1583.007", "url": "https://attack.mitre.org/techniques/T1583/007" }, { "name": "Hidden Window", "id": "T1143", "url": "https://attack.mitre.org/techniques/T1143" }, { "name": "LC_LOAD_DYLIB Addition", "id": "T1161", "url": "https://attack.mitre.org/techniques/T1161" }, { "name": "Standard Encoding", "id": "T1132.001", "url": "https://attack.mitre.org/techniques/T1132/001" }, { "name": "Embedded Payloads", "id": "T1027.009", "url": "https://attack.mitre.org/techniques/T1027/009" }, { "name": "Plist Modification", "id": "T1150", "url": "https://attack.mitre.org/techniques/T1150" }, { "name": "Pluggable Authentication Modules", "id": "T1556.003", "url": "https://attack.mitre.org/techniques/T1556/003" }, { "name": "Revert Cloud Instance", "id": "T1578.004", "url": "https://attack.mitre.org/techniques/T1578/004" }, { "name": "HISTCONTROL", "id": "T1148", "url": "https://attack.mitre.org/techniques/T1148" }, { "name": "Gather Victim Host Information", "id": "T1592", "url": "https://attack.mitre.org/techniques/T1592" }, { "name": "Digital Certificates", "id": "T1596.003", "url": "https://attack.mitre.org/techniques/T1596/003" }, { "name": "Keylogging", "id": "T1056.001", "url": "https://attack.mitre.org/techniques/T1056/001" }, { "name": "File/Path Exclusions", "id": "T1564.012", "url": "https://attack.mitre.org/techniques/T1564/012" }, { "name": "Linux and Mac File and Directory Permissions Modification", "id": "T1222.002", "url": "https://attack.mitre.org/techniques/T1222/002" }, { "name": "Password Guessing", "id": "T1110.001", "url": "https://attack.mitre.org/techniques/T1110/001" }, { "name": "PubPrn", "id": "T1216.001", "url": "https://attack.mitre.org/techniques/T1216/001" }, { "name": "Purchase Technical Data", "id": "T1597.002", "url": "https://attack.mitre.org/techniques/T1597/002" }, { "name": "OS Credential Dumping", "id": "T1003", "url": "https://attack.mitre.org/techniques/T1003" }, { "name": "Shared Modules", "id": "T1129", "url": "https://attack.mitre.org/techniques/T1129" }, { "name": "Data from Configuration Repository", "id": "T1602", "url": "https://attack.mitre.org/techniques/T1602" }, { "name": "Disk Structure Wipe", "id": "T1561.002", "url": "https://attack.mitre.org/techniques/T1561/002" }, { "name": "Direct Network Flood", "id": "T1498.001", "url": "https://attack.mitre.org/techniques/T1498/001" }, { "name": "Stored Data Manipulation", "id": "T1492", "url": "https://attack.mitre.org/techniques/T1492" }, { "name": "Path Interception by PATH Environment Variable", "id": "T1574.007", "url": "https://attack.mitre.org/techniques/T1574/007" }, { "name": "Sharepoint", "id": "T1213.002", "url": "https://attack.mitre.org/techniques/T1213/002" }, { "name": "Direct Volume Access", "id": "T1006", "url": "https://attack.mitre.org/techniques/T1006" }, { "name": "File System Permissions Weakness", "id": "T1044", "url": "https://attack.mitre.org/techniques/T1044" }, { "name": "Artificial Intelligence", "id": "T1588.007", "url": "https://attack.mitre.org/techniques/T1588/007" }, { "name": "Modify Cloud Resource Hierarchy", "id": "T1666", "url": "https://attack.mitre.org/techniques/T1666" }, { "name": "Email Hiding Rules", "id": "T1564.008", "url": "https://attack.mitre.org/techniques/T1564/008" }, { "name": "External Defacement", "id": "T1491.002", "url": "https://attack.mitre.org/techniques/T1491/002" }, { "name": "Encrypted/Encoded File", "id": "T1027.013", "url": "https://attack.mitre.org/techniques/T1027/013" }, { "name": "LLMNR/NBT-NS Poisoning and Relay", "id": "T1171", "url": "https://attack.mitre.org/techniques/T1171" }, { "name": "IP Addresses", "id": "T1590.005", "url": "https://attack.mitre.org/techniques/T1590/005" }, { "name": "OS Exhaustion Flood", "id": "T1499.001", "url": "https://attack.mitre.org/techniques/T1499/001" }, { "name": "Rootkit", "id": "T1014", "url": "https://attack.mitre.org/techniques/T1014" }, { "name": "PowerShell Profile", "id": "T1546.013", "url": "https://attack.mitre.org/techniques/T1546/013" }, { "name": "JavaScript", "id": "T1059.007", "url": "https://attack.mitre.org/techniques/T1059/007" }, { "name": "DNS", "id": "T1590.002", "url": "https://attack.mitre.org/techniques/T1590/002" }, { "name": "Systemd Service", "id": "T1501", "url": "https://attack.mitre.org/techniques/T1501" }, { "name": "Lifecycle-Triggered Deletion", "id": "T1485.001", "url": "https://attack.mitre.org/techniques/T1485/001" }, { "name": "Elevated Execution with Prompt", "id": "T1514", "url": "https://attack.mitre.org/techniques/T1514" }, { "name": "Audio Capture", "id": "T1123", "url": "https://attack.mitre.org/techniques/T1123" }, { "name": "Create or Modify System Process", "id": "T1543", "url": "https://attack.mitre.org/techniques/T1543" }, { "name": "External Remote Services", "id": "T1133", "url": "https://attack.mitre.org/techniques/T1133" }, { "name": "Component Firmware", "id": "T1109", "url": "https://attack.mitre.org/techniques/T1109" }, { "name": "LC_LOAD_DYLIB Addition", "id": "T1546.006", "url": "https://attack.mitre.org/techniques/T1546/006" }, { "name": "Steal Web Session Cookie", "id": "T1539", "url": "https://attack.mitre.org/techniques/T1539" }, { "name": "Container Orchestration Job", "id": "T1053.007", "url": "https://attack.mitre.org/techniques/T1053/007" }, { "name": "Domain Generation Algorithms", "id": "T1568.002", "url": "https://attack.mitre.org/techniques/T1568/002" }, { "name": "Double File Extension", "id": "T1036.007", "url": "https://attack.mitre.org/techniques/T1036/007" }, { "name": "Bypass User Account Control", "id": "T1548.002", "url": "https://attack.mitre.org/techniques/T1548/002" }, { "name": "Timestomp", "id": "T1099", "url": "https://attack.mitre.org/techniques/T1099" }, { "name": "SMS Pumping", "id": "T1496.003", "url": "https://attack.mitre.org/techniques/T1496/003" }, { "name": "Internet Connection Discovery", "id": "T1016.001", "url": "https://attack.mitre.org/techniques/T1016/001" }, { "name": "Sudo and Sudo Caching", "id": "T1548.003", "url": "https://attack.mitre.org/techniques/T1548/003" }, { "name": "Archive via Custom Method", "id": "T1560.003", "url": "https://attack.mitre.org/techniques/T1560/003" }, { "name": "Modify Cloud Compute Infrastructure", "id": "T1578", "url": "https://attack.mitre.org/techniques/T1578" }, { "name": "Network Devices", "id": "T1584.008", "url": "https://attack.mitre.org/techniques/T1584/008" }, { "name": "Malvertising", "id": "T1583.008", "url": "https://attack.mitre.org/techniques/T1583/008" }, { "name": "Permission Groups Discovery", "id": "T1069", "url": "https://attack.mitre.org/techniques/T1069" }, { "name": "Email Collection", "id": "T1114", "url": "https://attack.mitre.org/techniques/T1114" }, { "name": "Security Account Manager", "id": "T1003.002", "url": "https://attack.mitre.org/techniques/T1003/002" }, { "name": "WHOIS", "id": "T1596.002", "url": "https://attack.mitre.org/techniques/T1596/002" }, { "name": "System Firmware", "id": "T1542.001", "url": "https://attack.mitre.org/techniques/T1542/001" }, { "name": "Search Victim-Owned Websites", "id": "T1594", "url": "https://attack.mitre.org/techniques/T1594" }, { "name": "Cloud Groups", "id": "T1069.003", "url": "https://attack.mitre.org/techniques/T1069/003" }, { "name": "Services Registry Permissions Weakness", "id": "T1574.011", "url": "https://attack.mitre.org/techniques/T1574/011" }, { "name": "DNS/Passive DNS", "id": "T1596.001", "url": "https://attack.mitre.org/techniques/T1596/001" }, { "name": "Application Exhaustion Flood", "id": "T1499.003", "url": "https://attack.mitre.org/techniques/T1499/003" }, { "name": "Rc.common", "id": "T1163", "url": "https://attack.mitre.org/techniques/T1163" }, { "name": "Compromise Software Dependencies and Development Tools", "id": "T1195.001", "url": "https://attack.mitre.org/techniques/T1195/001" }, { "name": "Digital Certificates", "id": "T1588.004", "url": "https://attack.mitre.org/techniques/T1588/004" }, { "name": "DNS Server", "id": "T1583.002", "url": "https://attack.mitre.org/techniques/T1583/002" }, { "name": "Disk Wipe", "id": "T1561", "url": "https://attack.mitre.org/techniques/T1561" }, { "name": "DNS", "id": "T1071.004", "url": "https://attack.mitre.org/techniques/T1071/004" }, { "name": "Cloud Instance Metadata API", "id": "T1552.005", "url": "https://attack.mitre.org/techniques/T1552/005" }, { "name": "Securityd Memory", "id": "T1555.002", "url": "https://attack.mitre.org/techniques/T1555/002" }, { "name": "Group Policy Discovery", "id": "T1615", "url": "https://attack.mitre.org/techniques/T1615" }, { "name": "Bootkit", "id": "T1542.003", "url": "https://attack.mitre.org/techniques/T1542/003" }, { "name": "Data from Removable Media", "id": "T1025", "url": "https://attack.mitre.org/techniques/T1025" }, { "name": "Code Signing", "id": "T1116", "url": "https://attack.mitre.org/techniques/T1116" }, { "name": "Mavinject", "id": "T1218.013", "url": "https://attack.mitre.org/techniques/T1218/013" }, { "name": "Cloud Instance Metadata API", "id": "T1522", "url": "https://attack.mitre.org/techniques/T1522" }, { "name": "Process Hollowing", "id": "T1093", "url": "https://attack.mitre.org/techniques/T1093" }, { "name": "Local Data Staging", "id": "T1074.001", "url": "https://attack.mitre.org/techniques/T1074/001" }, { "name": "Match Legitimate Resource Name or Location", "id": "T1036.005", "url": "https://attack.mitre.org/techniques/T1036/005" }, { "name": "Domain Fronting", "id": "T1172", "url": "https://attack.mitre.org/techniques/T1172" }, { "name": "Digital Certificates", "id": "T1587.003", "url": "https://attack.mitre.org/techniques/T1587/003" }, { "name": "Stored Data Manipulation", "id": "T1565.001", "url": "https://attack.mitre.org/techniques/T1565/001" }, { "name": "Password Cracking", "id": "T1110.002", "url": "https://attack.mitre.org/techniques/T1110/002" }, { "name": "SID-History Injection", "id": "T1178", "url": "https://attack.mitre.org/techniques/T1178" }, { "name": "Local Email Collection", "id": "T1114.001", "url": "https://attack.mitre.org/techniques/T1114/001" }, { "name": "Keychain", "id": "T1555.001", "url": "https://attack.mitre.org/techniques/T1555/001" }, { "name": "Boot or Logon Autostart Execution", "id": "T1547", "url": "https://attack.mitre.org/techniques/T1547" }, { "name": "LSA Secrets", "id": "T1003.004", "url": "https://attack.mitre.org/techniques/T1003/004" }, { "name": "Port Monitors", "id": "T1013", "url": "https://attack.mitre.org/techniques/T1013" }, { "name": "Weaken Encryption", "id": "T1600", "url": "https://attack.mitre.org/techniques/T1600" }, { "name": "SAML Tokens", "id": "T1606.002", "url": "https://attack.mitre.org/techniques/T1606/002" }, { "name": "Spearphishing Link", "id": "T1192", "url": "https://attack.mitre.org/techniques/T1192" }, { "name": "Masquerade File Type", "id": "T1036.008", "url": "https://attack.mitre.org/techniques/T1036/008" }, { "name": "Service Stop", "id": "T1489", "url": "https://attack.mitre.org/techniques/T1489" }, { "name": "Malware", "id": "T1587.001", "url": "https://attack.mitre.org/techniques/T1587/001" }, { "name": "Regsvcs/Regasm", "id": "T1121", "url": "https://attack.mitre.org/techniques/T1121" }, { "name": "Device Driver Discovery", "id": "T1652", "url": "https://attack.mitre.org/techniques/T1652" }, { "name": "Sudo Caching", "id": "T1206", "url": "https://attack.mitre.org/techniques/T1206" }, { "name": "Domain Account", "id": "T1087.002", "url": "https://attack.mitre.org/techniques/T1087/002" }, { "name": "Active Setup", "id": "T1547.014", "url": "https://attack.mitre.org/techniques/T1547/014" }, { "name": "Hide Artifacts", "id": "T1564", "url": "https://attack.mitre.org/techniques/T1564" }, { "name": "Dynamic Data Exchange", "id": "T1559.002", "url": "https://attack.mitre.org/techniques/T1559/002" }, { "name": "Malicious File", "id": "T1204.002", "url": "https://attack.mitre.org/techniques/T1204/002" }, { "name": "Identify Business Tempo", "id": "T1591.003", "url": "https://attack.mitre.org/techniques/T1591/003" }, { "name": "Security Software Discovery", "id": "T1063", "url": "https://attack.mitre.org/techniques/T1063" }, { "name": "Publish/Subscribe Protocols", "id": "T1071.005", "url": "https://attack.mitre.org/techniques/T1071/005" }, { "name": "Hardware", "id": "T1592.001", "url": "https://attack.mitre.org/techniques/T1592/001" }, { "name": "Taint Shared Content", "id": "T1080", "url": "https://attack.mitre.org/techniques/T1080" }, { "name": "Trust Modification", "id": "T1484.002", "url": "https://attack.mitre.org/techniques/T1484/002" }, { "name": "Databases", "id": "T1213.006", "url": "https://attack.mitre.org/techniques/T1213/006" }, { "name": "Symmetric Cryptography", "id": "T1573.001", "url": "https://attack.mitre.org/techniques/T1573/001" }, { "name": "Local Account", "id": "T1087.001", "url": "https://attack.mitre.org/techniques/T1087/001" }, { "name": "Securityd Memory", "id": "T1167", "url": "https://attack.mitre.org/techniques/T1167" }, { "name": "Social Media Accounts", "id": "T1586.001", "url": "https://attack.mitre.org/techniques/T1586/001" }, { "name": "Browser Extensions", "id": "T1176.001", "url": "https://attack.mitre.org/techniques/T1176/001" }, { "name": "Application Access Token", "id": "T1527", "url": "https://attack.mitre.org/techniques/T1527" }, { "name": "Safe Mode Boot", "id": "T1562.009", "url": "https://attack.mitre.org/techniques/T1562/009" }, { "name": "Screensaver", "id": "T1180", "url": "https://attack.mitre.org/techniques/T1180" }, { "name": "TFTP Boot", "id": "T1542.005", "url": "https://attack.mitre.org/techniques/T1542/005" }, { "name": "Windows Service", "id": "T1543.003", "url": "https://attack.mitre.org/techniques/T1543/003" }, { "name": "Fast Flux DNS", "id": "T1568.001", "url": "https://attack.mitre.org/techniques/T1568/001" }, { "name": "System Checks", "id": "T1497.001", "url": "https://attack.mitre.org/techniques/T1497/001" }, { "name": "Cron", "id": "T1053.003", "url": "https://attack.mitre.org/techniques/T1053/003" }, { "name": "Domain Groups", "id": "T1069.002", "url": "https://attack.mitre.org/techniques/T1069/002" }, { "name": "Vulnerabilities", "id": "T1588.006", "url": "https://attack.mitre.org/techniques/T1588/006" }, { "name": "Spearphishing Link", "id": "T1566.002", "url": "https://attack.mitre.org/techniques/T1566/002" }, { "name": "Startup Items", "id": "T1165", "url": "https://attack.mitre.org/techniques/T1165" }, { "name": "Clear Linux or Mac System Logs", "id": "T1070.002", "url": "https://attack.mitre.org/techniques/T1070/002" }, { "name": "Application or System Exploitation", "id": "T1499.004", "url": "https://attack.mitre.org/techniques/T1499/004" }, { "name": "Office Application Startup", "id": "T1137", "url": "https://attack.mitre.org/techniques/T1137" }, { "name": "InstallUtil", "id": "T1218.004", "url": "https://attack.mitre.org/techniques/T1218/004" }, { "name": "Spearphishing Link", "id": "T1598.003", "url": "https://attack.mitre.org/techniques/T1598/003" }, { "name": "SSH", "id": "T1021.004", "url": "https://attack.mitre.org/techniques/T1021/004" }, { "name": "Additional Cloud Roles", "id": "T1098.003", "url": "https://attack.mitre.org/techniques/T1098/003" }, { "name": "Print Processors", "id": "T1547.012", "url": "https://attack.mitre.org/techniques/T1547/012" }, { "name": "Disabling Security Tools", "id": "T1089", "url": "https://attack.mitre.org/techniques/T1089" }, { "name": "Disk Structure Wipe", "id": "T1487", "url": "https://attack.mitre.org/techniques/T1487" }, { "name": "Spearphishing Attachment", "id": "T1566.001", "url": "https://attack.mitre.org/techniques/T1566/001" }, { "name": "Credentials in Registry", "id": "T1214", "url": "https://attack.mitre.org/techniques/T1214" }, { "name": "Stripped Payloads", "id": "T1027.008", "url": "https://attack.mitre.org/techniques/T1027/008" }, { "name": "Component Object Model", "id": "T1559.001", "url": "https://attack.mitre.org/techniques/T1559/001" }, { "name": "DLL", "id": "T1574.001", "url": "https://attack.mitre.org/techniques/T1574/001" }, { "name": "Automated Collection", "id": "T1119", "url": "https://attack.mitre.org/techniques/T1119" }, { "name": "Clipboard Data", "id": "T1115", "url": "https://attack.mitre.org/techniques/T1115" }, { "name": "Proc Filesystem", "id": "T1003.007", "url": "https://attack.mitre.org/techniques/T1003/007" }, { "name": "Botnet", "id": "T1583.005", "url": "https://attack.mitre.org/techniques/T1583/005" }, { "name": "Password Managers", "id": "T1555.005", "url": "https://attack.mitre.org/techniques/T1555/005" }, { "name": "AppInit DLLs", "id": "T1103", "url": "https://attack.mitre.org/techniques/T1103" }, { "name": "Gatekeeper Bypass", "id": "T1553.001", "url": "https://attack.mitre.org/techniques/T1553/001" }, { "name": "ESXi Administration Command", "id": "T1675", "url": "https://attack.mitre.org/techniques/T1675" }, { "name": "Drive-by Target", "id": "T1608.004", "url": "https://attack.mitre.org/techniques/T1608/004" }, { "name": "System Service Discovery", "id": "T1007", "url": "https://attack.mitre.org/techniques/T1007" }, { "name": "Network Sniffing", "id": "T1040", "url": "https://attack.mitre.org/techniques/T1040" }, { "name": "Application Deployment Software", "id": "T1017", "url": "https://attack.mitre.org/techniques/T1017" }, { "name": "Code Signing", "id": "T1553.002", "url": "https://attack.mitre.org/techniques/T1553/002" }, { "name": "Data from Cloud Storage", "id": "T1530", "url": "https://attack.mitre.org/techniques/T1530" }, { "name": "Runtime Data Manipulation", "id": "T1565.003", "url": "https://attack.mitre.org/techniques/T1565/003" }, { "name": "Credentials in Registry", "id": "T1552.002", "url": "https://attack.mitre.org/techniques/T1552/002" }, { "name": "Network Share Discovery", "id": "T1135", "url": "https://attack.mitre.org/techniques/T1135" }, { "name": "Peripheral Device Discovery", "id": "T1120", "url": "https://attack.mitre.org/techniques/T1120" }, { "name": "Break Process Trees", "id": "T1036.009", "url": "https://attack.mitre.org/techniques/T1036/009" }, { "name": "Network Topology", "id": "T1590.004", "url": "https://attack.mitre.org/techniques/T1590/004" }, { "name": "Code Signing Certificates", "id": "T1587.002", "url": "https://attack.mitre.org/techniques/T1587/002" }, { "name": "Windows File and Directory Permissions Modification", "id": "T1222.001", "url": "https://attack.mitre.org/techniques/T1222/001" }, { "name": "Add-ins", "id": "T1137.006", "url": "https://attack.mitre.org/techniques/T1137/006" }, { "name": "Transport Agent", "id": "T1505.002", "url": "https://attack.mitre.org/techniques/T1505/002" }, { "name": "System Information Discovery", "id": "T1082", "url": "https://attack.mitre.org/techniques/T1082" }, { "name": "Application Layer Protocol", "id": "T1071", "url": "https://attack.mitre.org/techniques/T1071" }, { "name": "AppDomainManager", "id": "T1574.014", "url": "https://attack.mitre.org/techniques/T1574/014" }, { "name": "Remote Data Staging", "id": "T1074.002", "url": "https://attack.mitre.org/techniques/T1074/002" }, { "name": "Additional Container Cluster Roles", "id": "T1098.006", "url": "https://attack.mitre.org/techniques/T1098/006" }, { "name": "Scheduled Task/Job", "id": "T1053", "url": "https://attack.mitre.org/techniques/T1053" }, { "name": "Msiexec", "id": "T1218.007", "url": "https://attack.mitre.org/techniques/T1218/007" }, { "name": "Login Item", "id": "T1162", "url": "https://attack.mitre.org/techniques/T1162" }, { "name": "Network Trust Dependencies", "id": "T1590.003", "url": "https://attack.mitre.org/techniques/T1590/003" }, { "name": "Reflection Amplification", "id": "T1498.002", "url": "https://attack.mitre.org/techniques/T1498/002" }, { "name": "Password Filter DLL", "id": "T1556.002", "url": "https://attack.mitre.org/techniques/T1556/002" }, { "name": "Terminal Services DLL", "id": "T1505.005", "url": "https://attack.mitre.org/techniques/T1505/005" }, { "name": "AppleScript", "id": "T1059.002", "url": "https://attack.mitre.org/techniques/T1059/002" }, { "name": "Software Extensions", "id": "T1176", "url": "https://attack.mitre.org/techniques/T1176" }, { "name": "Service Exhaustion Flood", "id": "T1499.002", "url": "https://attack.mitre.org/techniques/T1499/002" }, { "name": "Compromise Hardware Supply Chain", "id": "T1195.003", "url": "https://attack.mitre.org/techniques/T1195/003" }, { "name": "Native API", "id": "T1106", "url": "https://attack.mitre.org/techniques/T1106" }, { "name": "Ccache Files", "id": "T1558.005", "url": "https://attack.mitre.org/techniques/T1558/005" }, { "name": "Clear Network Connection History and Configurations", "id": "T1070.007", "url": "https://attack.mitre.org/techniques/T1070/007" }, { "name": "AS-REP Roasting", "id": "T1558.004", "url": "https://attack.mitre.org/techniques/T1558/004" }, { "name": "Service Registry Permissions Weakness", "id": "T1058", "url": "https://attack.mitre.org/techniques/T1058" }, { "name": "Virtual Private Server", "id": "T1584.003", "url": "https://attack.mitre.org/techniques/T1584/003" }, { "name": "AutoHotKey & AutoIT", "id": "T1059.010", "url": "https://attack.mitre.org/techniques/T1059/010" }, { "name": "Reduce Key Space", "id": "T1600.001", "url": "https://attack.mitre.org/techniques/T1600/001" }, { "name": "Clear Command History", "id": "T1070.003", "url": "https://attack.mitre.org/techniques/T1070/003" }, { "name": "Indirect Command Execution", "id": "T1202", "url": "https://attack.mitre.org/techniques/T1202" }, { "name": "Custom Cryptographic Protocol", "id": "T1024", "url": "https://attack.mitre.org/techniques/T1024" }, { "name": "Revert Cloud Instance", "id": "T1536", "url": "https://attack.mitre.org/techniques/T1536" }, { "name": "Replication Through Removable Media", "id": "T1091", "url": "https://attack.mitre.org/techniques/T1091" }, { "name": "Data from Local System", "id": "T1005", "url": "https://attack.mitre.org/techniques/T1005" }, { "name": "Deobfuscate/Decode Files or Information", "id": "T1140", "url": "https://attack.mitre.org/techniques/T1140" }, { "name": "Outlook Rules", "id": "T1137.005", "url": "https://attack.mitre.org/techniques/T1137/005" }, { "name": "Impair Defenses", "id": "T1562", "url": "https://attack.mitre.org/techniques/T1562" }, { "name": "Cloud Accounts", "id": "T1586.003", "url": "https://attack.mitre.org/techniques/T1586/003" }, { "name": "Email Accounts", "id": "T1586.002", "url": "https://attack.mitre.org/techniques/T1586/002" }, { "name": "Additional Local or Domain Groups", "id": "T1098.007", "url": "https://attack.mitre.org/techniques/T1098/007" }, { "name": "Upload Malware", "id": "T1608.001", "url": "https://attack.mitre.org/techniques/T1608/001" }, { "name": "Supply Chain Compromise", "id": "T1195", "url": "https://attack.mitre.org/techniques/T1195" }, { "name": "Exploit Public-Facing Application", "id": "T1190", "url": "https://attack.mitre.org/techniques/T1190" }, { "name": "Steal or Forge Kerberos Tickets", "id": "T1558", "url": "https://attack.mitre.org/techniques/T1558" }, { "name": "Credentials from Password Stores", "id": "T1555", "url": "https://attack.mitre.org/techniques/T1555" }, { "name": "Exfiltration Over Web Service", "id": "T1567", "url": "https://attack.mitre.org/techniques/T1567" }, { "name": "Remote Access Tools", "id": "T1219", "url": "https://attack.mitre.org/techniques/T1219" }, { "name": "Domains", "id": "T1583.001", "url": "https://attack.mitre.org/techniques/T1583/001" }, { "name": "Archive via Library", "id": "T1560.002", "url": "https://attack.mitre.org/techniques/T1560/002" }, { "name": "Thread Execution Hijacking", "id": "T1055.003", "url": "https://attack.mitre.org/techniques/T1055/003" }, { "name": "Multilayer Encryption", "id": "T1079", "url": "https://attack.mitre.org/techniques/T1079" }, { "name": "Masquerading", "id": "T1036", "url": "https://attack.mitre.org/techniques/T1036" }, { "name": "Application Shimming", "id": "T1546.011", "url": "https://attack.mitre.org/techniques/T1546/011" }, { "name": "Unsecured Credentials", "id": "T1552", "url": "https://attack.mitre.org/techniques/T1552" }, { "name": "Port Monitors", "id": "T1547.010", "url": "https://attack.mitre.org/techniques/T1547/010" }, { "name": "Clear Mailbox Data", "id": "T1070.008", "url": "https://attack.mitre.org/techniques/T1070/008" }, { "name": "Login Hook", "id": "T1037.002", "url": "https://attack.mitre.org/techniques/T1037/002" }, { "name": "Content Injection", "id": "T1659", "url": "https://attack.mitre.org/techniques/T1659" }, { "name": "Process Injection", "id": "T1055", "url": "https://attack.mitre.org/techniques/T1055" }, { "name": "Exfiltration Over Webhook", "id": "T1567.004", "url": "https://attack.mitre.org/techniques/T1567/004" }, { "name": "Bash History", "id": "T1139", "url": "https://attack.mitre.org/techniques/T1139" }, { "name": "Traffic Signaling", "id": "T1205", "url": "https://attack.mitre.org/techniques/T1205" }, { "name": "Direct Cloud VM Connections", "id": "T1021.008", "url": "https://attack.mitre.org/techniques/T1021/008" }, { "name": "Credentials from Web Browsers", "id": "T1503", "url": "https://attack.mitre.org/techniques/T1503" }, { "name": "System Binary Proxy Execution", "id": "T1218", "url": "https://attack.mitre.org/techniques/T1218" }, { "name": "Source", "id": "T1153", "url": "https://attack.mitre.org/techniques/T1153" }, { "name": "DLL Search Order Hijacking", "id": "T1038", "url": "https://attack.mitre.org/techniques/T1038" }, { "name": "New Service", "id": "T1050", "url": "https://attack.mitre.org/techniques/T1050" }, { "name": "Timestomp", "id": "T1070.006", "url": "https://attack.mitre.org/techniques/T1070/006" }, { "name": "Evil Twin", "id": "T1557.004", "url": "https://attack.mitre.org/techniques/T1557/004" }, { "name": "Reflective Code Loading", "id": "T1620", "url": "https://attack.mitre.org/techniques/T1620" }, { "name": "Wi-Fi Discovery", "id": "T1016.002", "url": "https://attack.mitre.org/techniques/T1016/002" }, { "name": "Mutual Exclusion", "id": "T1480.002", "url": "https://attack.mitre.org/techniques/T1480/002" }, { "name": "Ignore Process Interrupts", "id": "T1564.011", "url": "https://attack.mitre.org/techniques/T1564/011" }, { "name": "Escape to Host", "id": "T1611", "url": "https://attack.mitre.org/techniques/T1611" }, { "name": "Backup Software Discovery", "id": "T1518.002", "url": "https://attack.mitre.org/techniques/T1518/002" }, { "name": "Shortcut Modification", "id": "T1547.009", "url": "https://attack.mitre.org/techniques/T1547/009" }, { "name": "Application Window Discovery", "id": "T1010", "url": "https://attack.mitre.org/techniques/T1010" }, { "name": "Systemctl", "id": "T1569.003", "url": "https://attack.mitre.org/techniques/T1569/003" }, { "name": "Standard Cryptographic Protocol", "id": "T1032", "url": "https://attack.mitre.org/techniques/T1032" }, { "name": "Email Account", "id": "T1087.003", "url": "https://attack.mitre.org/techniques/T1087/003" }, { "name": "Hypervisor", "id": "T1062", "url": "https://attack.mitre.org/techniques/T1062" }, { "name": "Time Based Checks", "id": "T1497.003", "url": "https://attack.mitre.org/techniques/T1497/003" }, { "name": "AppCert DLLs", "id": "T1182", "url": "https://attack.mitre.org/techniques/T1182" }, { "name": "CMSTP", "id": "T1218.003", "url": "https://attack.mitre.org/techniques/T1218/003" }, { "name": "SSH Hijacking", "id": "T1563.001", "url": "https://attack.mitre.org/techniques/T1563/001" }, { "name": "Disable Windows Event Logging", "id": "T1562.002", "url": "https://attack.mitre.org/techniques/T1562/002" }, { "name": "Scheduled Transfer", "id": "T1029", "url": "https://attack.mitre.org/techniques/T1029" }, { "name": "SMB/Windows Admin Shares", "id": "T1021.002", "url": "https://attack.mitre.org/techniques/T1021/002" }, { "name": "Implant Internal Image", "id": "T1525", "url": "https://attack.mitre.org/techniques/T1525" }, { "name": "Protocol Tunneling", "id": "T1572", "url": "https://attack.mitre.org/techniques/T1572" }, { "name": "Control Panel", "id": "T1218.002", "url": "https://attack.mitre.org/techniques/T1218/002" }, { "name": "Network Address Translation Traversal", "id": "T1599.001", "url": "https://attack.mitre.org/techniques/T1599/001" }, { "name": "Upload Tool", "id": "T1608.002", "url": "https://attack.mitre.org/techniques/T1608/002" }, { "name": "Security Support Provider", "id": "T1547.005", "url": "https://attack.mitre.org/techniques/T1547/005" }, { "name": "Overwrite Process Arguments", "id": "T1036.011", "url": "https://attack.mitre.org/techniques/T1036/011" }, { "name": "Winlogon Helper DLL", "id": "T1004", "url": "https://attack.mitre.org/techniques/T1004" }, { "name": "Binary Padding", "id": "T1009", "url": "https://attack.mitre.org/techniques/T1009" }, { "name": "Use Alternate Authentication Material", "id": "T1550", "url": "https://attack.mitre.org/techniques/T1550" }, { "name": "Remote Desktop Protocol", "id": "T1076", "url": "https://attack.mitre.org/techniques/T1076" }, { "name": "Threat Intel Vendors", "id": "T1597.001", "url": "https://attack.mitre.org/techniques/T1597/001" }, { "name": "Exfiltration Over Other Network Medium", "id": "T1011", "url": "https://attack.mitre.org/techniques/T1011" }, { "name": "Network Device Configuration Dump", "id": "T1602.002", "url": "https://attack.mitre.org/techniques/T1602/002" }, { "name": "Gather Victim Identity Information", "id": "T1589", "url": "https://attack.mitre.org/techniques/T1589" }, { "name": "Authentication Package", "id": "T1131", "url": "https://attack.mitre.org/techniques/T1131" }, { "name": "Extra Window Memory Injection", "id": "T1181", "url": "https://attack.mitre.org/techniques/T1181" }, { "name": "Disable or Modify System Firewall", "id": "T1562.004", "url": "https://attack.mitre.org/techniques/T1562/004" }, { "name": "Archive Collected Data", "id": "T1560", "url": "https://attack.mitre.org/techniques/T1560" }, { "name": "Launchctl", "id": "T1152", "url": "https://attack.mitre.org/techniques/T1152" }, { "name": "SIP and Trust Provider Hijacking", "id": "T1553.003", "url": "https://attack.mitre.org/techniques/T1553/003" }, { "name": "Domain Generation Algorithms", "id": "T1483", "url": "https://attack.mitre.org/techniques/T1483" }, { "name": "Browser Session Hijacking", "id": "T1185", "url": "https://attack.mitre.org/techniques/T1185" }, { "name": "Remote Services", "id": "T1021", "url": "https://attack.mitre.org/techniques/T1021" }, { "name": "Mail Protocols", "id": "T1071.003", "url": "https://attack.mitre.org/techniques/T1071/003" }, { "name": "Hybrid Identity", "id": "T1556.007", "url": "https://attack.mitre.org/techniques/T1556/007" }, { "name": "Vulnerability Scanning", "id": "T1595.002", "url": "https://attack.mitre.org/techniques/T1595/002" }, { "name": "Cloud API", "id": "T1059.009", "url": "https://attack.mitre.org/techniques/T1059/009" }, { "name": "Search Open Technical Databases", "id": "T1596", "url": "https://attack.mitre.org/techniques/T1596" }, { "name": "Electron Applications", "id": "T1218.015", "url": "https://attack.mitre.org/techniques/T1218/015" }, { "name": "Disable or Modify Linux Audit System", "id": "T1562.012", "url": "https://attack.mitre.org/techniques/T1562/012" }, { "name": "Rogue Domain Controller", "id": "T1207", "url": "https://attack.mitre.org/techniques/T1207" }, { "name": "Code Signing Policy Modification", "id": "T1553.006", "url": "https://attack.mitre.org/techniques/T1553/006" }, { "name": "Deploy Container", "id": "T1610", "url": "https://attack.mitre.org/techniques/T1610" }, { "name": "File Deletion", "id": "T1107", "url": "https://attack.mitre.org/techniques/T1107" }, { "name": "Private Keys", "id": "T1145", "url": "https://attack.mitre.org/techniques/T1145" }, { "name": "Modify Registry", "id": "T1112", "url": "https://attack.mitre.org/techniques/T1112" }, { "name": "Launch Daemon", "id": "T1543.004", "url": "https://attack.mitre.org/techniques/T1543/004" }, { "name": "Cloud Infrastructure Discovery", "id": "T1580", "url": "https://attack.mitre.org/techniques/T1580" }, { "name": "Credentials from Web Browsers", "id": "T1555.003", "url": "https://attack.mitre.org/techniques/T1555/003" }, { "name": "Path Interception by Search Order Hijacking", "id": "T1574.008", "url": "https://attack.mitre.org/techniques/T1574/008" }, { "name": "Defacement", "id": "T1491", "url": "https://attack.mitre.org/techniques/T1491" }, { "name": "Unused/Unsupported Cloud Regions", "id": "T1535", "url": "https://attack.mitre.org/techniques/T1535" }, { "name": "DHCP Spoofing", "id": "T1557.003", "url": "https://attack.mitre.org/techniques/T1557/003" }, { "name": "AppleScript", "id": "T1155", "url": "https://attack.mitre.org/techniques/T1155" }, { "name": "Remote Service Session Hijacking", "id": "T1563", "url": "https://attack.mitre.org/techniques/T1563" }, { "name": "Bind Mounts", "id": "T1564.013", "url": "https://attack.mitre.org/techniques/T1564/013" }, { "name": "Binary Padding", "id": "T1027.001", "url": "https://attack.mitre.org/techniques/T1027/001" }, { "name": "Web Shell", "id": "T1505.003", "url": "https://attack.mitre.org/techniques/T1505/003" }, { "name": "Group Policy Modification", "id": "T1484.001", "url": "https://attack.mitre.org/techniques/T1484/001" }, { "name": "Browser Information Discovery", "id": "T1217", "url": "https://attack.mitre.org/techniques/T1217" }, { "name": "Private Keys", "id": "T1552.004", "url": "https://attack.mitre.org/techniques/T1552/004" }, { "name": "Server", "id": "T1583.004", "url": "https://attack.mitre.org/techniques/T1583/004" }, { "name": "Windows Remote Management", "id": "T1021.006", "url": "https://attack.mitre.org/techniques/T1021/006" }, { "name": "Exfiltration Over Bluetooth", "id": "T1011.001", "url": "https://attack.mitre.org/techniques/T1011/001" }, { "name": "Default Accounts", "id": "T1078.001", "url": "https://attack.mitre.org/techniques/T1078/001" }, { "name": "Time Providers", "id": "T1547.003", "url": "https://attack.mitre.org/techniques/T1547/003" }, { "name": "Image File Execution Options Injection", "id": "T1183", "url": "https://attack.mitre.org/techniques/T1183" }, { "name": "Rundll32", "id": "T1085", "url": "https://attack.mitre.org/techniques/T1085" }, { "name": "Modify Existing Service", "id": "T1031", "url": "https://attack.mitre.org/techniques/T1031" }, { "name": "Trap", "id": "T1546.005", "url": "https://attack.mitre.org/techniques/T1546/005" }, { "name": "Dynamic Linker Hijacking", "id": "T1574.006", "url": "https://attack.mitre.org/techniques/T1574/006" }, { "name": "Local Account", "id": "T1136.001", "url": "https://attack.mitre.org/techniques/T1136/001" }, { "name": "Search Threat Vendor Data", "id": "T1681", "url": "https://attack.mitre.org/techniques/T1681" }, { "name": "Input Injection", "id": "T1674", "url": "https://attack.mitre.org/techniques/T1674" }, { "name": "Communication Through Removable Media", "id": "T1092", "url": "https://attack.mitre.org/techniques/T1092" }, { "name": "Clear Windows Event Logs", "id": "T1070.001", "url": "https://attack.mitre.org/techniques/T1070/001" }, { "name": "Email Accounts", "id": "T1585.002", "url": "https://attack.mitre.org/techniques/T1585/002" }, { "name": "LLMNR/NBT-NS Poisoning and SMB Relay", "id": "T1557.001", "url": "https://attack.mitre.org/techniques/T1557/001" }, { "name": "File and Directory Permissions Modification", "id": "T1222", "url": "https://attack.mitre.org/techniques/T1222" }, { "name": "LSASS Memory", "id": "T1003.001", "url": "https://attack.mitre.org/techniques/T1003/001" }, { "name": "At (Linux)", "id": "T1053.001", "url": "https://attack.mitre.org/techniques/T1053/001" }, { "name": "IDE Extensions", "id": "T1176.002", "url": "https://attack.mitre.org/techniques/T1176/002" }, { "name": "Hooking", "id": "T1179", "url": "https://attack.mitre.org/techniques/T1179" }, { "name": "Active Scanning", "id": "T1595", "url": "https://attack.mitre.org/techniques/T1595" }, { "name": "Junk Code Insertion", "id": "T1027.016", "url": "https://attack.mitre.org/techniques/T1027/016" }, { "name": "Plist Modification", "id": "T1547.011", "url": "https://attack.mitre.org/techniques/T1547/011" }, { "name": "Abuse Elevation Control Mechanism", "id": "T1548", "url": "https://attack.mitre.org/techniques/T1548" }, { "name": "Create Process with Token", "id": "T1134.002", "url": "https://attack.mitre.org/techniques/T1134/002" }, { "name": "Setuid and Setgid", "id": "T1548.001", "url": "https://attack.mitre.org/techniques/T1548/001" }, { "name": "Winlogon Helper DLL", "id": "T1547.004", "url": "https://attack.mitre.org/techniques/T1547/004" }, { "name": "System Firmware", "id": "T1019", "url": "https://attack.mitre.org/techniques/T1019" }, { "name": "Distributed Component Object Model", "id": "T1021.003", "url": "https://attack.mitre.org/techniques/T1021/003" }, { "name": "Change Default File Association", "id": "T1042", "url": "https://attack.mitre.org/techniques/T1042" }, { "name": "Regsvr32", "id": "T1117", "url": "https://attack.mitre.org/techniques/T1117" }, { "name": "Password Spraying", "id": "T1110.003", "url": "https://attack.mitre.org/techniques/T1110/003" }, { "name": "External Proxy", "id": "T1090.002", "url": "https://attack.mitre.org/techniques/T1090/002" }, { "name": "Web Portal Capture", "id": "T1056.003", "url": "https://attack.mitre.org/techniques/T1056/003" }, { "name": "Email Addresses", "id": "T1589.002", "url": "https://attack.mitre.org/techniques/T1589/002" }, { "name": "Re-opened Applications", "id": "T1164", "url": "https://attack.mitre.org/techniques/T1164" }, { "name": "Indicator Blocking", "id": "T1054", "url": "https://attack.mitre.org/techniques/T1054" }, { "name": "Spearphishing Voice", "id": "T1598.004", "url": "https://attack.mitre.org/techniques/T1598/004" }, { "name": "Redundant Access", "id": "T1108", "url": "https://attack.mitre.org/techniques/T1108" }, { "name": "Spearphishing Attachment", "id": "T1193", "url": "https://attack.mitre.org/techniques/T1193" }, { "name": "Cached Domain Credentials", "id": "T1003.005", "url": "https://attack.mitre.org/techniques/T1003/005" }, { "name": "SSH Authorized Keys", "id": "T1098.004", "url": "https://attack.mitre.org/techniques/T1098/004" }, { "name": "Virtual Machine Discovery", "id": "T1673", "url": "https://attack.mitre.org/techniques/T1673" }, { "name": "Kernel Modules and Extensions", "id": "T1215", "url": "https://attack.mitre.org/techniques/T1215" }, { "name": "Security Support Provider", "id": "T1101", "url": "https://attack.mitre.org/techniques/T1101" }, { "name": "Network Security Appliances", "id": "T1590.006", "url": "https://attack.mitre.org/techniques/T1590/006" }, { "name": "Image File Execution Options Injection", "id": "T1546.012", "url": "https://attack.mitre.org/techniques/T1546/012" }, { "name": "Odbcconf", "id": "T1218.008", "url": "https://attack.mitre.org/techniques/T1218/008" }, { "name": "Search Engines", "id": "T1593.002", "url": "https://attack.mitre.org/techniques/T1593/002" }, { "name": "LSASS Driver", "id": "T1177", "url": "https://attack.mitre.org/techniques/T1177" }, { "name": "Business Relationships", "id": "T1591.002", "url": "https://attack.mitre.org/techniques/T1591/002" }, { "name": "Temporary Elevated Cloud Access", "id": "T1548.005", "url": "https://attack.mitre.org/techniques/T1548/005" }, { "name": "Video Capture", "id": "T1125", "url": "https://attack.mitre.org/techniques/T1125" }, { "name": "Gatekeeper Bypass", "id": "T1144", "url": "https://attack.mitre.org/techniques/T1144" }, { "name": "Software Packing", "id": "T1045", "url": "https://attack.mitre.org/techniques/T1045" }, { "name": "Process Doppelgänging", "id": "T1055.013", "url": "https://attack.mitre.org/techniques/T1055/013" }, { "name": "System Network Configuration Discovery", "id": "T1016", "url": "https://attack.mitre.org/techniques/T1016" }, { "name": "Delete Cloud Instance", "id": "T1578.003", "url": "https://attack.mitre.org/techniques/T1578/003" }, { "name": "Code Repositories", "id": "T1593.003", "url": "https://attack.mitre.org/techniques/T1593/003" }, { "name": "Executable Installer File Permissions Weakness", "id": "T1574.005", "url": "https://attack.mitre.org/techniques/T1574/005" }, { "name": "Accessibility Features", "id": "T1546.008", "url": "https://attack.mitre.org/techniques/T1546/008" }, { "name": "Bandwidth Hijacking", "id": "T1496.002", "url": "https://attack.mitre.org/techniques/T1496/002" }, { "name": "PowerShell Profile", "id": "T1504", "url": "https://attack.mitre.org/techniques/T1504" }, { "name": "SIP and Trust Provider Hijacking", "id": "T1198", "url": "https://attack.mitre.org/techniques/T1198" }, { "name": "Account Discovery", "id": "T1087", "url": "https://attack.mitre.org/techniques/T1087" }, { "name": "Proxy", "id": "T1090", "url": "https://attack.mitre.org/techniques/T1090" }, { "name": "Command and Scripting Interpreter", "id": "T1059", "url": "https://attack.mitre.org/techniques/T1059" }, { "name": "Malicious Library", "id": "T1204.005", "url": "https://attack.mitre.org/techniques/T1204/005" }, { "name": "Indicator Blocking", "id": "T1562.006", "url": "https://attack.mitre.org/techniques/T1562/006" }, { "name": "Domain Account", "id": "T1136.002", "url": "https://attack.mitre.org/techniques/T1136/002" }, { "name": "Extended Attributes", "id": "T1564.014", "url": "https://attack.mitre.org/techniques/T1564/014" }, { "name": "Employee Names", "id": "T1589.003", "url": "https://attack.mitre.org/techniques/T1589/003" }, { "name": "Poisoned Pipeline Execution", "id": "T1677", "url": "https://attack.mitre.org/techniques/T1677" }, { "name": "Domain Trust Discovery", "id": "T1482", "url": "https://attack.mitre.org/techniques/T1482" }, { "name": "Golden Ticket", "id": "T1558.001", "url": "https://attack.mitre.org/techniques/T1558/001" }, { "name": "Component Object Model and Distributed COM", "id": "T1175", "url": "https://attack.mitre.org/techniques/T1175" }, { "name": "Automated Exfiltration", "id": "T1020", "url": "https://attack.mitre.org/techniques/T1020" }, { "name": "Client Configurations", "id": "T1592.004", "url": "https://attack.mitre.org/techniques/T1592/004" }, { "name": "Disable or Modify Cloud Firewall", "id": "T1562.007", "url": "https://attack.mitre.org/techniques/T1562/007" }, { "name": "IDE Tunneling", "id": "T1219.001", "url": "https://attack.mitre.org/techniques/T1219/001" }, { "name": "Right-to-Left Override", "id": "T1036.002", "url": "https://attack.mitre.org/techniques/T1036/002" }, { "name": "Malware", "id": "T1588.001", "url": "https://attack.mitre.org/techniques/T1588/001" }, { "name": "SVG Smuggling", "id": "T1027.017", "url": "https://attack.mitre.org/techniques/T1027/017" }, { "name": "Component Firmware", "id": "T1542.002", "url": "https://attack.mitre.org/techniques/T1542/002" }, { "name": "Indicator Removal", "id": "T1070", "url": "https://attack.mitre.org/techniques/T1070" }, { "name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol", "id": "T1048.001", "url": "https://attack.mitre.org/techniques/T1048/001" }, { "name": "Office Template Macros", "id": "T1137.001", "url": "https://attack.mitre.org/techniques/T1137/001" }, { "name": "Virtual Private Server", "id": "T1583.003", "url": "https://attack.mitre.org/techniques/T1583/003" }, { "name": "Confluence", "id": "T1213.001", "url": "https://attack.mitre.org/techniques/T1213/001" }, { "name": "Pass the Ticket", "id": "T1550.003", "url": "https://attack.mitre.org/techniques/T1550/003" }, { "name": "Container Administration Command", "id": "T1609", "url": "https://attack.mitre.org/techniques/T1609" }, { "name": "File and Directory Discovery", "id": "T1083", "url": "https://attack.mitre.org/techniques/T1083" }, { "name": "Dynamic Resolution", "id": "T1568", "url": "https://attack.mitre.org/techniques/T1568" }, { "name": "Masquerade Task or Service", "id": "T1036.004", "url": "https://attack.mitre.org/techniques/T1036/004" }, { "name": "Asynchronous Procedure Call", "id": "T1055.004", "url": "https://attack.mitre.org/techniques/T1055/004" }, { "name": "Traffic Duplication", "id": "T1020.001", "url": "https://attack.mitre.org/techniques/T1020/001" }, { "name": "Application Shimming", "id": "T1138", "url": "https://attack.mitre.org/techniques/T1138" }, { "name": "Plist File Modification", "id": "T1647", "url": "https://attack.mitre.org/techniques/T1647" }, { "name": "JamPlus", "id": "T1127.003", "url": "https://attack.mitre.org/techniques/T1127/003" }, { "name": "AppCert DLLs", "id": "T1546.009", "url": "https://attack.mitre.org/techniques/T1546/009" }, { "name": "CMSTP", "id": "T1191", "url": "https://attack.mitre.org/techniques/T1191" }, { "name": "Multi-hop Proxy", "id": "T1188", "url": "https://attack.mitre.org/techniques/T1188" }, { "name": "Email Forwarding Rule", "id": "T1114.003", "url": "https://attack.mitre.org/techniques/T1114/003" }, { "name": "Data Staged", "id": "T1074", "url": "https://attack.mitre.org/techniques/T1074" }, { "name": "Steal or Forge Authentication Certificates", "id": "T1649", "url": "https://attack.mitre.org/techniques/T1649" }, { "name": "Device Registration", "id": "T1098.005", "url": "https://attack.mitre.org/techniques/T1098/005" }, { "name": "System Network Connections Discovery", "id": "T1049", "url": "https://attack.mitre.org/techniques/T1049" }, { "name": "Compromise Infrastructure", "id": "T1584", "url": "https://attack.mitre.org/techniques/T1584" }, { "name": "Mark-of-the-Web Bypass", "id": "T1553.005", "url": "https://attack.mitre.org/techniques/T1553/005" }, { "name": "Disable Crypto Hardware", "id": "T1600.002", "url": "https://attack.mitre.org/techniques/T1600/002" }, { "name": "Pre-OS Boot", "id": "T1542", "url": "https://attack.mitre.org/techniques/T1542" }, { "name": "Scripting", "id": "T1064", "url": "https://attack.mitre.org/techniques/T1064" }, { "name": "Build Image on Host", "id": "T1612", "url": "https://attack.mitre.org/techniques/T1612" }, { "name": "Shared Webroot", "id": "T1051", "url": "https://attack.mitre.org/techniques/T1051" }, { "name": "Portable Executable Injection", "id": "T1055.002", "url": "https://attack.mitre.org/techniques/T1055/002" }, { "name": "Verclsid", "id": "T1218.012", "url": "https://attack.mitre.org/techniques/T1218/012" }, { "name": "Compromise Accounts", "id": "T1586", "url": "https://attack.mitre.org/techniques/T1586" }, { "name": "Launchctl", "id": "T1569.001", "url": "https://attack.mitre.org/techniques/T1569/001" }, { "name": "Botnet", "id": "T1584.005", "url": "https://attack.mitre.org/techniques/T1584/005" }, { "name": "Network Device CLI", "id": "T1059.008", "url": "https://attack.mitre.org/techniques/T1059/008" }, { "name": "Shell History", "id": "T1552.003", "url": "https://attack.mitre.org/techniques/T1552/003" }, { "name": "Downgrade Attack", "id": "T1562.010", "url": "https://attack.mitre.org/techniques/T1562/010" }, { "name": "XPC Services", "id": "T1559.003", "url": "https://attack.mitre.org/techniques/T1559/003" }, { "name": "Virtualization/Sandbox Evasion", "id": "T1497", "url": "https://attack.mitre.org/techniques/T1497" }, { "name": "Web Service", "id": "T1102", "url": "https://attack.mitre.org/techniques/T1102" }, { "name": "Credentials In Files", "id": "T1552.001", "url": "https://attack.mitre.org/techniques/T1552/001" }, { "name": "DNS Calculation", "id": "T1568.003", "url": "https://attack.mitre.org/techniques/T1568/003" }, { "name": "Mshta", "id": "T1218.005", "url": "https://attack.mitre.org/techniques/T1218/005" }, { "name": "Login Items", "id": "T1547.015", "url": "https://attack.mitre.org/techniques/T1547/015" }, { "name": "Stage Capabilities", "id": "T1608", "url": "https://attack.mitre.org/techniques/T1608" }, { "name": "Link Target", "id": "T1608.005", "url": "https://attack.mitre.org/techniques/T1608/005" }, { "name": "Multi-Stage Channels", "id": "T1104", "url": "https://attack.mitre.org/techniques/T1104" }, { "name": "Financial Theft", "id": "T1657", "url": "https://attack.mitre.org/techniques/T1657" }, { "name": "Execution Guardrails", "id": "T1480", "url": "https://attack.mitre.org/techniques/T1480" }, { "name": "Cloud Storage Object Discovery", "id": "T1619", "url": "https://attack.mitre.org/techniques/T1619" }, { "name": "Web Cookies", "id": "T1606.001", "url": "https://attack.mitre.org/techniques/T1606/001" }, { "name": "Log Enumeration", "id": "T1654", "url": "https://attack.mitre.org/techniques/T1654" }, { "name": "Token Impersonation/Theft", "id": "T1134.001", "url": "https://attack.mitre.org/techniques/T1134/001" }, { "name": "Exfiltration to Code Repository", "id": "T1567.001", "url": "https://attack.mitre.org/techniques/T1567/001" }, { "name": "Cloud Services", "id": "T1021.007", "url": "https://attack.mitre.org/techniques/T1021/007" }, { "name": "Port Knocking", "id": "T1205.001", "url": "https://attack.mitre.org/techniques/T1205/001" }, { "name": "LNK Icon Smuggling", "id": "T1027.012", "url": "https://attack.mitre.org/techniques/T1027/012" }, { "name": "Web Services", "id": "T1583.006", "url": "https://attack.mitre.org/techniques/T1583/006" }, { "name": "Steal Application Access Token", "id": "T1528", "url": "https://attack.mitre.org/techniques/T1528" }, { "name": "Spearphishing Attachment", "id": "T1598.002", "url": "https://attack.mitre.org/techniques/T1598/002" }, { "name": "Additional Cloud Credentials", "id": "T1098.001", "url": "https://attack.mitre.org/techniques/T1098/001" }, { "name": "User Execution", "id": "T1204", "url": "https://attack.mitre.org/techniques/T1204" }, { "name": "Internal Defacement", "id": "T1491.001", "url": "https://attack.mitre.org/techniques/T1491/001" }, { "name": "Hidden Users", "id": "T1564.002", "url": "https://attack.mitre.org/techniques/T1564/002" }, { "name": "Make and Impersonate Token", "id": "T1134.003", "url": "https://attack.mitre.org/techniques/T1134/003" }, { "name": "Group Policy Preferences", "id": "T1552.006", "url": "https://attack.mitre.org/techniques/T1552/006" }, { "name": "Control Panel Items", "id": "T1196", "url": "https://attack.mitre.org/techniques/T1196" }, { "name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "id": "T1048.002", "url": "https://attack.mitre.org/techniques/T1048/002" }, { "name": "Cloud Account", "id": "T1087.004", "url": "https://attack.mitre.org/techniques/T1087/004" }, { "name": "Process Discovery", "id": "T1057", "url": "https://attack.mitre.org/techniques/T1057" }, { "name": "Impair Command History Logging", "id": "T1562.003", "url": "https://attack.mitre.org/techniques/T1562/003" }, { "name": "Launchd", "id": "T1053.004", "url": "https://attack.mitre.org/techniques/T1053/004" }, { "name": "Network Provider DLL", "id": "T1556.008", "url": "https://attack.mitre.org/techniques/T1556/008" }, { "name": "Windows Management Instrumentation Event Subscription", "id": "T1546.003", "url": "https://attack.mitre.org/techniques/T1546/003" }, { "name": "CDNs", "id": "T1596.004", "url": "https://attack.mitre.org/techniques/T1596/004" }, { "name": "User Activity Based Checks", "id": "T1497.002", "url": "https://attack.mitre.org/techniques/T1497/002" }, { "name": "Input Prompt", "id": "T1141", "url": "https://attack.mitre.org/techniques/T1141" }, { "name": "Cloud Service Hijacking", "id": "T1496.004", "url": "https://attack.mitre.org/techniques/T1496/004" }, { "name": "Cloud Accounts", "id": "T1585.003", "url": "https://attack.mitre.org/techniques/T1585/003" }, { "name": "Software Deployment Tools", "id": "T1072", "url": "https://attack.mitre.org/techniques/T1072" }, { "name": "Exfiltration Over C2 Channel", "id": "T1041", "url": "https://attack.mitre.org/techniques/T1041" }, { "name": "Parent PID Spoofing", "id": "T1134.004", "url": "https://attack.mitre.org/techniques/T1134/004" }, { "name": "Gather Victim Org Information", "id": "T1591", "url": "https://attack.mitre.org/techniques/T1591" }, { "name": "Registry Run Keys / Startup Folder", "id": "T1060", "url": "https://attack.mitre.org/techniques/T1060" }, { "name": "Forge Web Credentials", "id": "T1606", "url": "https://attack.mitre.org/techniques/T1606" }, { "name": "Multi-Factor Authentication Request Generation", "id": "T1621", "url": "https://attack.mitre.org/techniques/T1621" }, { "name": "Compromise Host Software Binary", "id": "T1554", "url": "https://attack.mitre.org/techniques/T1554" }, { "name": "Chat Messages", "id": "T1552.008", "url": "https://attack.mitre.org/techniques/T1552/008" }, { "name": "PowerShell", "id": "T1059.001", "url": "https://attack.mitre.org/techniques/T1059/001" }, { "name": "Shortcut Modification", "id": "T1023", "url": "https://attack.mitre.org/techniques/T1023" }, { "name": "Change Default File Association", "id": "T1546.001", "url": "https://attack.mitre.org/techniques/T1546/001" }, { "name": "VDSO Hijacking", "id": "T1055.014", "url": "https://attack.mitre.org/techniques/T1055/014" }, { "name": "Multiband Communication", "id": "T1026", "url": "https://attack.mitre.org/techniques/T1026" }, { "name": "File Transfer Protocols", "id": "T1071.002", "url": "https://attack.mitre.org/techniques/T1071/002" }, { "name": "Selective Exclusion", "id": "T1679", "url": "https://attack.mitre.org/techniques/T1679" }, { "name": "Component Object Model Hijacking", "id": "T1122", "url": "https://attack.mitre.org/techniques/T1122" }, { "name": "Accessibility Features", "id": "T1015", "url": "https://attack.mitre.org/techniques/T1015" }, { "name": "Exploitation for Credential Access", "id": "T1212", "url": "https://attack.mitre.org/techniques/T1212" }, { "name": "Emond", "id": "T1546.014", "url": "https://attack.mitre.org/techniques/T1546/014" }, { "name": "One-Way Communication", "id": "T1102.003", "url": "https://attack.mitre.org/techniques/T1102/003" }, { "name": "Gather Victim Network Information", "id": "T1590", "url": "https://attack.mitre.org/techniques/T1590" }, { "name": "Exploitation of Remote Services", "id": "T1210", "url": "https://attack.mitre.org/techniques/T1210" }, { "name": "Parent PID Spoofing", "id": "T1502", "url": "https://attack.mitre.org/techniques/T1502" }, { "name": "Keychain", "id": "T1142", "url": "https://attack.mitre.org/techniques/T1142" }, { "name": "Internal Spearphishing", "id": "T1534", "url": "https://attack.mitre.org/techniques/T1534" }, { "name": "Sudo", "id": "T1169", "url": "https://attack.mitre.org/techniques/T1169" }, { "name": "Services File Permissions Weakness", "id": "T1574.010", "url": "https://attack.mitre.org/techniques/T1574/010" }, { "name": "Registry Run Keys / Startup Folder", "id": "T1547.001", "url": "https://attack.mitre.org/techniques/T1547/001" }, { "name": "Trusted Relationship", "id": "T1199", "url": "https://attack.mitre.org/techniques/T1199" }, { "name": "Cloud Account", "id": "T1136.003", "url": "https://attack.mitre.org/techniques/T1136/003" }, { "name": "Local Groups", "id": "T1069.001", "url": "https://attack.mitre.org/techniques/T1069/001" }, { "name": "LC_MAIN Hijacking", "id": "T1149", "url": "https://attack.mitre.org/techniques/T1149" }, { "name": "Search Open Websites/Domains", "id": "T1593", "url": "https://attack.mitre.org/techniques/T1593" }, { "name": "Disable or Modify Network Device Firewall", "id": "T1562.013", "url": "https://attack.mitre.org/techniques/T1562/013" }, { "name": "Account Manipulation", "id": "T1098", "url": "https://attack.mitre.org/techniques/T1098" }, { "name": "Mshta", "id": "T1170", "url": "https://attack.mitre.org/techniques/T1170" }, { "name": "Exfiltration Over Alternative Protocol", "id": "T1048", "url": "https://attack.mitre.org/techniques/T1048" }, { "name": "Kernel Modules and Extensions", "id": "T1547.006", "url": "https://attack.mitre.org/techniques/T1547/006" }, { "name": "Delay Execution", "id": "T1678", "url": "https://attack.mitre.org/techniques/T1678" }, { "name": "GUI Input Capture", "id": "T1056.002", "url": "https://attack.mitre.org/techniques/T1056/002" }, { "name": "Pass the Ticket", "id": "T1097", "url": "https://attack.mitre.org/techniques/T1097" }, { "name": "Tool", "id": "T1588.002", "url": "https://attack.mitre.org/techniques/T1588/002" }, { "name": "Exfiltration over USB", "id": "T1052.001", "url": "https://attack.mitre.org/techniques/T1052/001" }, { "name": "KernelCallbackTable", "id": "T1574.013", "url": "https://attack.mitre.org/techniques/T1574/013" }, { "name": "Search Closed Sources", "id": "T1597", "url": "https://attack.mitre.org/techniques/T1597" }, { "name": "Systemd Timers", "id": "T1053.006", "url": "https://attack.mitre.org/techniques/T1053/006" }, { "name": "Phishing", "id": "T1566", "url": "https://attack.mitre.org/techniques/T1566" }, { "name": "Graphical User Interface", "id": "T1061", "url": "https://attack.mitre.org/techniques/T1061" }, { "name": "ROMMONkit", "id": "T1542.004", "url": "https://attack.mitre.org/techniques/T1542/004" }, { "name": "Compiled HTML File", "id": "T1218.001", "url": "https://attack.mitre.org/techniques/T1218/001" }, { "name": "Compute Hijacking", "id": "T1496.001", "url": "https://attack.mitre.org/techniques/T1496/001" }, { "name": "Network Share Connection Removal", "id": "T1070.005", "url": "https://attack.mitre.org/techniques/T1070/005" }, { "name": "Multi-hop Proxy", "id": "T1090.003", "url": "https://attack.mitre.org/techniques/T1090/003" }, { "name": "Brute Force", "id": "T1110", "url": "https://attack.mitre.org/techniques/T1110" }, { "name": "Unix Shell", "id": "T1059.004", "url": "https://attack.mitre.org/techniques/T1059/004" }, { "name": "Outlook Forms", "id": "T1137.003", "url": "https://attack.mitre.org/techniques/T1137/003" }, { "name": "Remote Access Hardware", "id": "T1219.003", "url": "https://attack.mitre.org/techniques/T1219/003" }, { "name": "Dylib Hijacking", "id": "T1157", "url": "https://attack.mitre.org/techniques/T1157" }, { "name": "Disable or Modify Tools", "id": "T1562.001", "url": "https://attack.mitre.org/techniques/T1562/001" }, { "name": "Data Manipulation", "id": "T1565", "url": "https://attack.mitre.org/techniques/T1565" }, { "name": "Inter-Process Communication", "id": "T1559", "url": "https://attack.mitre.org/techniques/T1559" }, { "name": "Data Obfuscation", "id": "T1001", "url": "https://attack.mitre.org/techniques/T1001" }, { "name": "Data from Network Shared Drive", "id": "T1039", "url": "https://attack.mitre.org/techniques/T1039" }, { "name": "Web Services", "id": "T1584.006", "url": "https://attack.mitre.org/techniques/T1584/006" }, { "name": "Modify System Image", "id": "T1601", "url": "https://attack.mitre.org/techniques/T1601" }, { "name": "Hijack Execution Flow", "id": "T1574", "url": "https://attack.mitre.org/techniques/T1574" }, { "name": "Browser Fingerprint", "id": "T1036.012", "url": "https://attack.mitre.org/techniques/T1036/012" }, { "name": "Lua", "id": "T1059.011", "url": "https://attack.mitre.org/techniques/T1059/011" }, { "name": "Indicator Removal from Tools", "id": "T1027.005", "url": "https://attack.mitre.org/techniques/T1027/005" }, { "name": "Malicious Image", "id": "T1204.003", "url": "https://attack.mitre.org/techniques/T1204/003" }, { "name": "Container Service", "id": "T1543.005", "url": "https://attack.mitre.org/techniques/T1543/005" }, { "name": "Valid Accounts", "id": "T1078", "url": "https://attack.mitre.org/techniques/T1078" }, { "name": "Non-Standard Port", "id": "T1571", "url": "https://attack.mitre.org/techniques/T1571" }, { "name": "Social Media Accounts", "id": "T1585.001", "url": "https://attack.mitre.org/techniques/T1585/001" }, { "name": "DLL Side-Loading", "id": "T1073", "url": "https://attack.mitre.org/techniques/T1073" }, { "name": "Process Hollowing", "id": "T1055.012", "url": "https://attack.mitre.org/techniques/T1055/012" }, { "name": "Exploitation for Privilege Escalation", "id": "T1068", "url": "https://attack.mitre.org/techniques/T1068" }, { "name": "Resource Forking", "id": "T1564.009", "url": "https://attack.mitre.org/techniques/T1564/009" }, { "name": "Account Access Removal", "id": "T1531", "url": "https://attack.mitre.org/techniques/T1531" }, { "name": "Credential Stuffing", "id": "T1110.004", "url": "https://attack.mitre.org/techniques/T1110/004" }, { "name": "Kerberoasting", "id": "T1208", "url": "https://attack.mitre.org/techniques/T1208" }, { "name": "Obfuscated Files or Information", "id": "T1027", "url": "https://attack.mitre.org/techniques/T1027" }, { "name": "Multi-Factor Authentication", "id": "T1556.006", "url": "https://attack.mitre.org/techniques/T1556/006" }, { "name": "Remote Email Collection", "id": "T1114.002", "url": "https://attack.mitre.org/techniques/T1114/002" }, { "name": "IIS Components", "id": "T1505.004", "url": "https://attack.mitre.org/techniques/T1505/004" }, { "name": "Invalid Code Signature", "id": "T1036.001", "url": "https://attack.mitre.org/techniques/T1036/001" }, { "name": "Run Virtual Instance", "id": "T1564.006", "url": "https://attack.mitre.org/techniques/T1564/006" }, { "name": "Trap", "id": "T1154", "url": "https://attack.mitre.org/techniques/T1154" }, { "name": "Polymorphic Code", "id": "T1027.014", "url": "https://attack.mitre.org/techniques/T1027/014" }, { "name": "Password Policy Discovery", "id": "T1201", "url": "https://attack.mitre.org/techniques/T1201" }, { "name": "Event Triggered Execution", "id": "T1546", "url": "https://attack.mitre.org/techniques/T1546" }, { "name": "Unix Shell Configuration Modification", "id": "T1546.004", "url": "https://attack.mitre.org/techniques/T1546/004" }, { "name": "Forced Authentication", "id": "T1187", "url": "https://attack.mitre.org/techniques/T1187" }, { "name": "SID-History Injection", "id": "T1134.005", "url": "https://attack.mitre.org/techniques/T1134/005" }, { "name": "Network Boundary Bridging", "id": "T1599", "url": "https://attack.mitre.org/techniques/T1599" }, { "name": "Data Encrypted for Impact", "id": "T1486", "url": "https://attack.mitre.org/techniques/T1486" }, { "name": "Disk Content Wipe", "id": "T1488", "url": "https://attack.mitre.org/techniques/T1488" }, { "name": "Subvert Trust Controls", "id": "T1553", "url": "https://attack.mitre.org/techniques/T1553" }, { "name": "Elevated Execution with Prompt", "id": "T1548.004", "url": "https://attack.mitre.org/techniques/T1548/004" }, { "name": "Firmware", "id": "T1592.003", "url": "https://attack.mitre.org/techniques/T1592/003" }, { "name": "Encrypted Channel", "id": "T1573", "url": "https://attack.mitre.org/techniques/T1573" }, { "name": "Password Filter DLL", "id": "T1174", "url": "https://attack.mitre.org/techniques/T1174" }, { "name": "Authentication Package", "id": "T1547.002", "url": "https://attack.mitre.org/techniques/T1547/002" }, { "name": "Regsvr32", "id": "T1218.010", "url": "https://attack.mitre.org/techniques/T1218/010" }, { "name": "Data Compressed", "id": "T1002", "url": "https://attack.mitre.org/techniques/T1002" }, { "name": "Exfiltration to Text Storage Sites", "id": "T1567.003", "url": "https://attack.mitre.org/techniques/T1567/003" }, { "name": "Credentials in Files", "id": "T1081", "url": "https://attack.mitre.org/techniques/T1081" }, { "name": "Software", "id": "T1592.002", "url": "https://attack.mitre.org/techniques/T1592/002" }, { "name": "Netsh Helper DLL", "id": "T1128", "url": "https://attack.mitre.org/techniques/T1128" }, { "name": "Input Capture", "id": "T1056", "url": "https://attack.mitre.org/techniques/T1056" }, { "name": "Spearphishing Voice", "id": "T1566.004", "url": "https://attack.mitre.org/techniques/T1566/004" }, { "name": "Exploits", "id": "T1587.004", "url": "https://attack.mitre.org/techniques/T1587/004" }, { "name": "Social Media", "id": "T1593.001", "url": "https://attack.mitre.org/techniques/T1593/001" }, { "name": "Customer Relationship Management Software", "id": "T1213.004", "url": "https://attack.mitre.org/techniques/T1213/004" }, { "name": "Component Object Model Hijacking", "id": "T1546.015", "url": "https://attack.mitre.org/techniques/T1546/015" }, { "name": "Credentials", "id": "T1589.001", "url": "https://attack.mitre.org/techniques/T1589/001" }, { "name": "Compromise Software Supply Chain", "id": "T1195.002", "url": "https://attack.mitre.org/techniques/T1195/002" }, { "name": "Rename Legitimate Utilities", "id": "T1036.003", "url": "https://attack.mitre.org/techniques/T1036/003" }, { "name": "Bidirectional Communication", "id": "T1102.002", "url": "https://attack.mitre.org/techniques/T1102/002" }, { "name": "Exploitation for Client Execution", "id": "T1203", "url": "https://attack.mitre.org/techniques/T1203" }, { "name": "Wordlist Scanning", "id": "T1595.003", "url": "https://attack.mitre.org/techniques/T1595/003" }, { "name": "Email Bombing", "id": "T1667", "url": "https://attack.mitre.org/techniques/T1667" }, { "name": "Spoof Security Alerting", "id": "T1562.011", "url": "https://attack.mitre.org/techniques/T1562/011" }, { "name": "Outlook Home Page", "id": "T1137.004", "url": "https://attack.mitre.org/techniques/T1137/004" }, { "name": "Asymmetric Cryptography", "id": "T1573.002", "url": "https://attack.mitre.org/techniques/T1573/002" }, { "name": "Exfiltration to Cloud Storage", "id": "T1567.002", "url": "https://attack.mitre.org/techniques/T1567/002" }, { "name": "Lateral Tool Transfer", "id": "T1570", "url": "https://attack.mitre.org/techniques/T1570" }, { "name": "Path Interception by Unquoted Path", "id": "T1574.009", "url": "https://attack.mitre.org/techniques/T1574/009" }, { "name": "Install Digital Certificate", "id": "T1608.003", "url": "https://attack.mitre.org/techniques/T1608/003" }, { "name": "Local Job Scheduling", "id": "T1168", "url": "https://attack.mitre.org/techniques/T1168" }, { "name": "Setuid and Setgid", "id": "T1166", "url": "https://attack.mitre.org/techniques/T1166" }, { "name": "Startup Items", "id": "T1037.005", "url": "https://attack.mitre.org/techniques/T1037/005" }, { "name": "Web Shell", "id": "T1100", "url": "https://attack.mitre.org/techniques/T1100" }, { "name": "Process Doppelgänging", "id": "T1186", "url": "https://attack.mitre.org/techniques/T1186" }, { "name": "SSH Hijacking", "id": "T1184", "url": "https://attack.mitre.org/techniques/T1184" }, { "name": "System Language Discovery", "id": "T1614.001", "url": "https://attack.mitre.org/techniques/T1614/001" }, { "name": "Non-Application Layer Protocol", "id": "T1095", "url": "https://attack.mitre.org/techniques/T1095" }, { "name": "Pass the Hash", "id": "T1075", "url": "https://attack.mitre.org/techniques/T1075" }, { "name": "Container CLI/API", "id": "T1059.013", "url": "https://attack.mitre.org/techniques/T1059/013" }, { "name": "Steganography", "id": "T1027.003", "url": "https://attack.mitre.org/techniques/T1027/003" }, { "name": "DNS Server", "id": "T1584.002", "url": "https://attack.mitre.org/techniques/T1584/002" }, { "name": "Cloud Application Integration", "id": "T1671", "url": "https://attack.mitre.org/techniques/T1671" }, { "name": "Protocol or Service Impersonation", "id": "T1001.003", "url": "https://attack.mitre.org/techniques/T1001/003" }, { "name": "Query Registry", "id": "T1012", "url": "https://attack.mitre.org/techniques/T1012" }, { "name": "Data Transfer Size Limits", "id": "T1030", "url": "https://attack.mitre.org/techniques/T1030" }, { "name": "Windows Remote Management", "id": "T1028", "url": "https://attack.mitre.org/techniques/T1028" }, { "name": "Web Session Cookie", "id": "T1550.004", "url": "https://attack.mitre.org/techniques/T1550/004" }, { "name": "Domain Accounts", "id": "T1078.002", "url": "https://attack.mitre.org/techniques/T1078/002" }, { "name": "Regsvcs/Regasm", "id": "T1218.009", "url": "https://attack.mitre.org/techniques/T1218/009" }, { "name": "Path Interception", "id": "T1034", "url": "https://attack.mitre.org/techniques/T1034" }, { "name": "Python Startup Hooks", "id": "T1546.018", "url": "https://attack.mitre.org/techniques/T1546/018" }, { "name": "Web Session Cookie", "id": "T1506", "url": "https://attack.mitre.org/techniques/T1506" }, { "name": "Install Root Certificate", "id": "T1553.004", "url": "https://attack.mitre.org/techniques/T1553/004" }, { "name": "Network Logon Script", "id": "T1037.003", "url": "https://attack.mitre.org/techniques/T1037/003" }, { "name": "Endpoint Denial of Service", "id": "T1499", "url": "https://attack.mitre.org/techniques/T1499" }, { "name": "Compile After Delivery", "id": "T1027.004", "url": "https://attack.mitre.org/techniques/T1027/004" }, { "name": "Uncommonly Used Port", "id": "T1065", "url": "https://attack.mitre.org/techniques/T1065" }, { "name": "System Location Discovery", "id": "T1614", "url": "https://attack.mitre.org/techniques/T1614" }, { "name": "VBA Stomping", "id": "T1564.007", "url": "https://attack.mitre.org/techniques/T1564/007" }, { "name": "BITS Jobs", "id": "T1197", "url": "https://attack.mitre.org/techniques/T1197" }, { "name": "MSBuild", "id": "T1127.001", "url": "https://attack.mitre.org/techniques/T1127/001" }, { "name": "Impersonation", "id": "T1656", "url": "https://attack.mitre.org/techniques/T1656" }, { "name": "Modify Cloud Compute Configurations", "id": "T1578.005", "url": "https://attack.mitre.org/techniques/T1578/005" }, { "name": "Bypass User Account Control", "id": "T1088", "url": "https://attack.mitre.org/techniques/T1088" }, { "name": "Runtime Data Manipulation", "id": "T1494", "url": "https://attack.mitre.org/techniques/T1494" }, { "name": "Domain Fronting", "id": "T1090.004", "url": "https://attack.mitre.org/techniques/T1090/004" }, { "name": "ARP Cache Poisoning", "id": "T1557.002", "url": "https://attack.mitre.org/techniques/T1557/002" }, { "name": "Disable or Modify Cloud Logs", "id": "T1562.008", "url": "https://attack.mitre.org/techniques/T1562/008" }, { "name": "Security Software Discovery", "id": "T1518.001", "url": "https://attack.mitre.org/techniques/T1518/001" }, { "name": "Hidden Window", "id": "T1564.003", "url": "https://attack.mitre.org/techniques/T1564/003" }, { "name": "Transmitted Data Manipulation", "id": "T1493", "url": "https://attack.mitre.org/techniques/T1493" }, { "name": "ClickOnce", "id": "T1127.002", "url": "https://attack.mitre.org/techniques/T1127/002" }, { "name": "Python", "id": "T1059.006", "url": "https://attack.mitre.org/techniques/T1059/006" }, { "name": "Relocate Malware", "id": "T1070.010", "url": "https://attack.mitre.org/techniques/T1070/010" }, { "name": "Identify Roles", "id": "T1591.004", "url": "https://attack.mitre.org/techniques/T1591/004" }, { "name": "Data Encoding", "id": "T1132", "url": "https://attack.mitre.org/techniques/T1132" }, { "name": "AppInit DLLs", "id": "T1546.010", "url": "https://attack.mitre.org/techniques/T1546/010" }, { "name": "Phishing for Information", "id": "T1598", "url": "https://attack.mitre.org/techniques/T1598" }, { "name": "Resource Hijacking", "id": "T1496", "url": "https://attack.mitre.org/techniques/T1496" }, { "name": "Establish Accounts", "id": "T1585", "url": "https://attack.mitre.org/techniques/T1585" }, { "name": "Obtain Capabilities", "id": "T1588", "url": "https://attack.mitre.org/techniques/T1588" }, { "name": "Screensaver", "id": "T1546.002", "url": "https://attack.mitre.org/techniques/T1546/002" }, { "name": "Hidden Users", "id": "T1147", "url": "https://attack.mitre.org/techniques/T1147" }, { "name": "Conditional Access Policies", "id": "T1556.009", "url": "https://attack.mitre.org/techniques/T1556/009" }, { "name": "Create Cloud Instance", "id": "T1578.002", "url": "https://attack.mitre.org/techniques/T1578/002" }, { "name": "Compile After Delivery", "id": "T1500", "url": "https://attack.mitre.org/techniques/T1500" }, { "name": "Cloud Secrets Management Stores", "id": "T1555.006", "url": "https://attack.mitre.org/techniques/T1555/006" }, { "name": "Code Repositories", "id": "T1213.003", "url": "https://attack.mitre.org/techniques/T1213/003" }, { "name": "Transmitted Data Manipulation", "id": "T1565.002", "url": "https://attack.mitre.org/techniques/T1565/002" }, { "name": "/etc/passwd and /etc/shadow", "id": "T1003.008", "url": "https://attack.mitre.org/techniques/T1003/008" }, { "name": "Launch Agent", "id": "T1543.001", "url": "https://attack.mitre.org/techniques/T1543/001" }, { "name": "System Services", "id": "T1569", "url": "https://attack.mitre.org/techniques/T1569" }, { "name": "Windows Command Shell", "id": "T1059.003", "url": "https://attack.mitre.org/techniques/T1059/003" }, { "name": "Proc Memory", "id": "T1055.009", "url": "https://attack.mitre.org/techniques/T1055/009" }, { "name": "Compiled HTML File", "id": "T1223", "url": "https://attack.mitre.org/techniques/T1223" }, { "name": "Acquire Access", "id": "T1650", "url": "https://attack.mitre.org/techniques/T1650" }, { "name": "Patch System Image", "id": "T1601.001", "url": "https://attack.mitre.org/techniques/T1601/001" }, { "name": "Silver Ticket", "id": "T1558.002", "url": "https://attack.mitre.org/techniques/T1558/002" }, { "name": "Data from Information Repositories", "id": "T1213", "url": "https://attack.mitre.org/techniques/T1213" }, { "name": "Clear Persistence", "id": "T1070.009", "url": "https://attack.mitre.org/techniques/T1070/009" }, { "name": "Hypervisor CLI", "id": "T1059.012", "url": "https://attack.mitre.org/techniques/T1059/012" }, { "name": "Clear Command History", "id": "T1146", "url": "https://attack.mitre.org/techniques/T1146" }, { "name": "Windows Credential Manager", "id": "T1555.004", "url": "https://attack.mitre.org/techniques/T1555/004" }, { "name": "Masquerade Account Name", "id": "T1036.010", "url": "https://attack.mitre.org/techniques/T1036/010" }, { "name": "Emond", "id": "T1519", "url": "https://attack.mitre.org/techniques/T1519" }, { "name": "Spearphishing via Service", "id": "T1194", "url": "https://attack.mitre.org/techniques/T1194" }, { "name": "Hardware Additions", "id": "T1200", "url": "https://attack.mitre.org/techniques/T1200" }, { "name": "Remote Desktop Software", "id": "T1219.002", "url": "https://attack.mitre.org/techniques/T1219/002" }, { "name": "Server Software Component", "id": "T1505", "url": "https://attack.mitre.org/techniques/T1505" }, { "name": "Data Destruction", "id": "T1485", "url": "https://attack.mitre.org/techniques/T1485" }, { "name": "Non-Standard Encoding", "id": "T1132.002", "url": "https://attack.mitre.org/techniques/T1132/002" }, { "name": "Domain Controller Authentication", "id": "T1556.001", "url": "https://attack.mitre.org/techniques/T1556/001" }, { "name": "Transfer Data to Cloud Account", "id": "T1537", "url": "https://attack.mitre.org/techniques/T1537" }, { "name": "HTML Smuggling", "id": "T1027.006", "url": "https://attack.mitre.org/techniques/T1027/006" }, { "name": "Reversible Encryption", "id": "T1556.005", "url": "https://attack.mitre.org/techniques/T1556/005" }, { "name": "Command Obfuscation", "id": "T1027.010", "url": "https://attack.mitre.org/techniques/T1027/010" }, { "name": "Install Root Certificate", "id": "T1130", "url": "https://attack.mitre.org/techniques/T1130" }, { "name": "Data Encrypted", "id": "T1022", "url": "https://attack.mitre.org/techniques/T1022" }, { "name": "File Deletion", "id": "T1070.004", "url": "https://attack.mitre.org/techniques/T1070/004" }, { "name": "Drive-by Compromise", "id": "T1189", "url": "https://attack.mitre.org/techniques/T1189" }, { "name": "Network Denial of Service", "id": "T1498", "url": "https://attack.mitre.org/techniques/T1498" }, { "name": "Cloud Administration Command", "id": "T1651", "url": "https://attack.mitre.org/techniques/T1651" }, { "name": "Installer Packages", "id": "T1546.016", "url": "https://attack.mitre.org/techniques/T1546/016" }, { "name": "Scanning IP Blocks", "id": "T1595.001", "url": "https://attack.mitre.org/techniques/T1595/001" }, { "name": "Hidden Files and Directories", "id": "T1158", "url": "https://attack.mitre.org/techniques/T1158" }, { "name": "Template Injection", "id": "T1221", "url": "https://attack.mitre.org/techniques/T1221" }, { "name": "RC Scripts", "id": "T1037.004", "url": "https://attack.mitre.org/techniques/T1037/004" }, { "name": "Access Token Manipulation", "id": "T1134", "url": "https://attack.mitre.org/techniques/T1134" }, { "name": "Time Providers", "id": "T1209", "url": "https://attack.mitre.org/techniques/T1209" }, { "name": "Multi-Factor Authentication Interception", "id": "T1111", "url": "https://attack.mitre.org/techniques/T1111" }, { "name": "Launch Agent", "id": "T1159", "url": "https://attack.mitre.org/techniques/T1159" }, { "name": "Software Packing", "id": "T1027.002", "url": "https://attack.mitre.org/techniques/T1027/002" }, { "name": "Serverless", "id": "T1584.007", "url": "https://attack.mitre.org/techniques/T1584/007" }, { "name": "Web Protocols", "id": "T1071.001", "url": "https://attack.mitre.org/techniques/T1071/001" }, { "name": "Visual Basic", "id": "T1059.005", "url": "https://attack.mitre.org/techniques/T1059/005" }, { "name": "Hidden File System", "id": "T1564.005", "url": "https://attack.mitre.org/techniques/T1564/005" }, { "name": "Systemd Service", "id": "T1543.002", "url": "https://attack.mitre.org/techniques/T1543/002" }, { "name": "Exclusive Control", "id": "T1668", "url": "https://attack.mitre.org/techniques/T1668" }, { "name": "RDP Hijacking", "id": "T1563.002", "url": "https://attack.mitre.org/techniques/T1563/002" }, { "name": "Create Account", "id": "T1136", "url": "https://attack.mitre.org/techniques/T1136" }, { "name": "XDG Autostart Entries", "id": "T1547.013", "url": "https://attack.mitre.org/techniques/T1547/013" }, { "name": "Server", "id": "T1584.004", "url": "https://attack.mitre.org/techniques/T1584/004" }, { "name": "Email Spoofing", "id": "T1672", "url": "https://attack.mitre.org/techniques/T1672" }, { "name": "Cloud Service Discovery", "id": "T1526", "url": "https://attack.mitre.org/techniques/T1526" }, { "name": "Malicious Copy and Paste", "id": "T1204.004", "url": "https://attack.mitre.org/techniques/T1204/004" }, { "name": "Space after Filename", "id": "T1151", "url": "https://attack.mitre.org/techniques/T1151" }, { "name": "Remote System Discovery", "id": "T1018", "url": "https://attack.mitre.org/techniques/T1018" }, { "name": "Network Service Discovery", "id": "T1046", "url": "https://attack.mitre.org/techniques/T1046" }, { "name": "Domain Properties", "id": "T1590.001", "url": "https://attack.mitre.org/techniques/T1590/001" }, { "name": "Software Discovery", "id": "T1518", "url": "https://attack.mitre.org/techniques/T1518" }, { "name": "Cloud Service Dashboard", "id": "T1538", "url": "https://attack.mitre.org/techniques/T1538" }, { "name": "Thread Local Storage", "id": "T1055.005", "url": "https://attack.mitre.org/techniques/T1055/005" }, { "name": "Debugger Evasion", "id": "T1622", "url": "https://attack.mitre.org/techniques/T1622" }, { "name": "Space after Filename", "id": "T1036.006", "url": "https://attack.mitre.org/techniques/T1036/006" }, { "name": "Re-opened Applications", "id": "T1547.007", "url": "https://attack.mitre.org/techniques/T1547/007" }, { "name": "SEO Poisoning", "id": "T1608.006", "url": "https://attack.mitre.org/techniques/T1608/006" }, { "name": "Pass the Hash", "id": "T1550.002", "url": "https://attack.mitre.org/techniques/T1550/002" }, { "name": "Exfiltration Over Physical Medium", "id": "T1052", "url": "https://attack.mitre.org/techniques/T1052" }, { "name": "DLL Side-Loading", "id": "T1574.002", "url": "https://attack.mitre.org/techniques/T1574/002" }, { "name": "Ingress Tool Transfer", "id": "T1105", "url": "https://attack.mitre.org/techniques/T1105" }, { "name": "SyncAppvPublishingServer", "id": "T1216.002", "url": "https://attack.mitre.org/techniques/T1216/002" }, { "name": "Additional Email Delegate Permissions", "id": "T1098.002", "url": "https://attack.mitre.org/techniques/T1098/002" }, { "name": "Code Signing Certificates", "id": "T1588.003", "url": "https://attack.mitre.org/techniques/T1588/003" }, { "name": "Network Share Connection Removal", "id": "T1126", "url": "https://attack.mitre.org/techniques/T1126" }, { "name": "Serverless Execution", "id": "T1648", "url": "https://attack.mitre.org/techniques/T1648" }, { "name": "TCC Manipulation", "id": "T1548.006", "url": "https://attack.mitre.org/techniques/T1548/006" }, { "name": "Windows Management Instrumentation Event Subscription", "id": "T1084", "url": "https://attack.mitre.org/techniques/T1084" }, { "name": "Launch Daemon", "id": "T1160", "url": "https://attack.mitre.org/techniques/T1160" }, { "name": "Ptrace System Calls", "id": "T1055.008", "url": "https://attack.mitre.org/techniques/T1055/008" }, { "name": "Power Settings", "id": "T1653", "url": "https://attack.mitre.org/techniques/T1653" }, { "name": "Dynamic API Resolution", "id": "T1027.007", "url": "https://attack.mitre.org/techniques/T1027/007" }, { "name": "Remote Desktop Protocol", "id": "T1021.001", "url": "https://attack.mitre.org/techniques/T1021/001" }, { "name": "Logon Script (Windows)", "id": "T1037.001", "url": "https://attack.mitre.org/techniques/T1037/001" }, { "name": "ListPlanting", "id": "T1055.015", "url": "https://attack.mitre.org/techniques/T1055/015" }, { "name": "Hide Infrastructure", "id": "T1665", "url": "https://attack.mitre.org/techniques/T1665" }, { "name": "Domain or Tenant Policy Modification", "id": "T1484", "url": "https://attack.mitre.org/techniques/T1484" }, { "name": "XSL Script Processing", "id": "T1220", "url": "https://attack.mitre.org/techniques/T1220" }, { "name": "Scan Databases", "id": "T1596.005", "url": "https://attack.mitre.org/techniques/T1596/005" }, { "name": "Hidden Files and Directories", "id": "T1564.001", "url": "https://attack.mitre.org/techniques/T1564/001" }, { "name": "Create Snapshot", "id": "T1578.001", "url": "https://attack.mitre.org/techniques/T1578/001" }, { "name": "Determine Physical Locations", "id": "T1591.001", "url": "https://attack.mitre.org/techniques/T1591/001" }, { "name": "Office Test", "id": "T1137.002", "url": "https://attack.mitre.org/techniques/T1137/002" }, { "name": "Develop Capabilities", "id": "T1587", "url": "https://attack.mitre.org/techniques/T1587" }, { "name": "Dynamic Data Exchange", "id": "T1173", "url": "https://attack.mitre.org/techniques/T1173" }, { "name": "NTDS", "id": "T1003.003", "url": "https://attack.mitre.org/techniques/T1003/003" }, { "name": "SNMP (MIB Dump)", "id": "T1602.001", "url": "https://attack.mitre.org/techniques/T1602/001" }, { "name": "Steganography", "id": "T1001.002", "url": "https://attack.mitre.org/techniques/T1001/002" }, { "name": "Malicious Link", "id": "T1204.001", "url": "https://attack.mitre.org/techniques/T1204/001" }, { "name": "Application Access Token", "id": "T1550.001", "url": "https://attack.mitre.org/techniques/T1550/001" }, { "name": "LSASS Driver", "id": "T1547.008", "url": "https://attack.mitre.org/techniques/T1547/008" }, { "name": "Service Execution", "id": "T1569.002", "url": "https://attack.mitre.org/techniques/T1569/002" }, { "name": "Cloud Accounts", "id": "T1078.004", "url": "https://attack.mitre.org/techniques/T1078/004" }, { "name": "Environmental Keying", "id": "T1480.001", "url": "https://attack.mitre.org/techniques/T1480/001" }, { "name": "Fallback Channels", "id": "T1008", "url": "https://attack.mitre.org/techniques/T1008" }, { "name": "Local Storage Discovery", "id": "T1680", "url": "https://attack.mitre.org/techniques/T1680" }, { "name": "NTFS File Attributes", "id": "T1564.004", "url": "https://attack.mitre.org/techniques/T1564/004" }, { "name": "Kerberoasting", "id": "T1558.003", "url": "https://attack.mitre.org/techniques/T1558/003" }, { "name": "NTFS File Attributes", "id": "T1096", "url": "https://attack.mitre.org/techniques/T1096" }, { "name": "DCSync", "id": "T1003.006", "url": "https://attack.mitre.org/techniques/T1003/006" }, { "name": "System Time Discovery", "id": "T1124", "url": "https://attack.mitre.org/techniques/T1124" }, { "name": "At", "id": "T1053.002", "url": "https://attack.mitre.org/techniques/T1053/002" }, { "name": "Service Execution", "id": "T1035", "url": "https://attack.mitre.org/techniques/T1035" }, { "name": "Dynamic-link Library Injection", "id": "T1055.001", "url": "https://attack.mitre.org/techniques/T1055/001" }, { "name": "PowerShell", "id": "T1086", "url": "https://attack.mitre.org/techniques/T1086" }, { "name": "Exploits", "id": "T1588.005", "url": "https://attack.mitre.org/techniques/T1588/005" }, { "name": "Modify Authentication Process", "id": "T1556", "url": "https://attack.mitre.org/techniques/T1556" }, { "name": "Udev Rules", "id": "T1546.017", "url": "https://attack.mitre.org/techniques/T1546/017" }, { "name": "Credential API Hooking", "id": "T1056.004", "url": "https://attack.mitre.org/techniques/T1056/004" }, { "name": "Firmware Corruption", "id": "T1495", "url": "https://attack.mitre.org/techniques/T1495" }, { "name": "Inhibit System Recovery", "id": "T1490", "url": "https://attack.mitre.org/techniques/T1490" }, { "name": "Netsh Helper DLL", "id": "T1546.007", "url": "https://attack.mitre.org/techniques/T1546/007" }, { "name": "Spearphishing via Service", "id": "T1566.003", "url": "https://attack.mitre.org/techniques/T1566/003" }, { "name": "Internal Proxy", "id": "T1090.001", "url": "https://attack.mitre.org/techniques/T1090/001" }, { "name": "System Script Proxy Execution", "id": "T1216", "url": "https://attack.mitre.org/techniques/T1216" }, { "name": "Custom Command and Control Protocol", "id": "T1094", "url": "https://attack.mitre.org/techniques/T1094" }, { "name": "Dead Drop Resolver", "id": "T1102.001", "url": "https://attack.mitre.org/techniques/T1102/001" }, { "name": "InstallUtil", "id": "T1118", "url": "https://attack.mitre.org/techniques/T1118" }, { "name": "Junk Data", "id": "T1001.001", "url": "https://attack.mitre.org/techniques/T1001/001" }, { "name": "Spearphishing Service", "id": "T1598.001", "url": "https://attack.mitre.org/techniques/T1598/001" }, { "name": "Commonly Used Port", "id": "T1043", "url": "https://attack.mitre.org/techniques/T1043" }, { "name": "vSphere Installation Bundles", "id": "T1505.006", "url": "https://attack.mitre.org/techniques/T1505/006" }, { "name": "Container API", "id": "T1552.007", "url": "https://attack.mitre.org/techniques/T1552/007" }, { "name": "Domains", "id": "T1584.001", "url": "https://attack.mitre.org/techniques/T1584/001" }, { "name": "SQL Stored Procedures", "id": "T1505.001", "url": "https://attack.mitre.org/techniques/T1505/001" }, { "name": "Network Device Authentication", "id": "T1556.004", "url": "https://attack.mitre.org/techniques/T1556/004" }, { "name": "Disk Content Wipe", "id": "T1561.001", "url": "https://attack.mitre.org/techniques/T1561/001" }, { "name": "Messaging Applications", "id": "T1213.005", "url": "https://attack.mitre.org/techniques/T1213/005" }, { "name": "Exfiltration Over Unencrypted Non-C2 Protocol", "id": "T1048.003", "url": "https://attack.mitre.org/techniques/T1048/003" }, { "name": "Compression", "id": "T1027.015", "url": "https://attack.mitre.org/techniques/T1027/015" }, { "name": "Dylib Hijacking", "id": "T1574.004", "url": "https://attack.mitre.org/techniques/T1574/004" }, { "name": "Downgrade System Image", "id": "T1601.002", "url": "https://attack.mitre.org/techniques/T1601/002" }, { "name": "Local Accounts", "id": "T1078.003", "url": "https://attack.mitre.org/techniques/T1078/003" }, { "name": "Wi-Fi Networks", "id": "T1669", "url": "https://attack.mitre.org/techniques/T1669" }, { "name": "Exploitation for Defense Evasion", "id": "T1211", "url": "https://attack.mitre.org/techniques/T1211" }, { "name": "Trusted Developer Utilities Proxy Execution", "id": "T1127", "url": "https://attack.mitre.org/techniques/T1127" }, { "name": "System Shutdown/Reboot", "id": "T1529", "url": "https://attack.mitre.org/techniques/T1529" }, { "name": "MMC", "id": "T1218.014", "url": "https://attack.mitre.org/techniques/T1218/014" }, { "name": "Process Argument Spoofing", "id": "T1564.010", "url": "https://attack.mitre.org/techniques/T1564/010" }, { "name": "Windows Admin Shares", "id": "T1077", "url": "https://attack.mitre.org/techniques/T1077" }, { "name": "COR_PROFILER", "id": "T1574.012", "url": "https://attack.mitre.org/techniques/T1574/012" } ]