maride/penretem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
penretem/extern/mitre-attack.json

4177 lines
101 KiB
JSON
Raw Blame History

[
{
"name": "Extra Window Memory Injection",
"id": "T1055.011",
"url": "https://attack.mitre.org/techniques/T1055/011"
},
{
"name": "Scheduled Task",
"id": "T1053.005",
"url": "https://attack.mitre.org/techniques/T1053/005"
},
{
"name": "Socket Filters",
"id": "T1205.002",
"url": "https://attack.mitre.org/techniques/T1205/002"
},
{
"name": "Indicator Removal from Tools",
"id": "T1066",
"url": "https://attack.mitre.org/techniques/T1066"
},
{
"name": "Archive via Utility",
"id": "T1560.001",
"url": "https://attack.mitre.org/techniques/T1560/001"
},
{
"name": "VNC",
"id": "T1021.005",
"url": "https://attack.mitre.org/techniques/T1021/005"
},
{
"name": "Windows Management Instrumentation",
"id": "T1047",
"url": "https://attack.mitre.org/techniques/T1047"
},
{
"name": "Malicious Shell Modification",
"id": "T1156",
"url": "https://attack.mitre.org/techniques/T1156"
},
{
"name": "Screen Capture",
"id": "T1113",
"url": "https://attack.mitre.org/techniques/T1113"
},
{
"name": "Fileless Storage",
"id": "T1027.011",
"url": "https://attack.mitre.org/techniques/T1027/011"
},
{
"name": "Bootkit",
"id": "T1067",
"url": "https://attack.mitre.org/techniques/T1067"
},
{
"name": "Boot or Logon Initialization Scripts",
"id": "T1037",
"url": "https://attack.mitre.org/techniques/T1037"
},
{
"name": "Adversary-in-the-Middle",
"id": "T1557",
"url": "https://attack.mitre.org/techniques/T1557"
},
{
"name": "System Owner/User Discovery",
"id": "T1033",
"url": "https://attack.mitre.org/techniques/T1033"
},
{
"name": "Acquire Infrastructure",
"id": "T1583",
"url": "https://attack.mitre.org/techniques/T1583"
},
{
"name": "Rundll32",
"id": "T1218.011",
"url": "https://attack.mitre.org/techniques/T1218/011"
},
{
"name": "Container and Resource Discovery",
"id": "T1613",
"url": "https://attack.mitre.org/techniques/T1613"
},
{
"name": "Serverless",
"id": "T1583.007",
"url": "https://attack.mitre.org/techniques/T1583/007"
},
{
"name": "Hidden Window",
"id": "T1143",
"url": "https://attack.mitre.org/techniques/T1143"
},
{
"name": "LC_LOAD_DYLIB Addition",
"id": "T1161",
"url": "https://attack.mitre.org/techniques/T1161"
},
{
"name": "Standard Encoding",
"id": "T1132.001",
"url": "https://attack.mitre.org/techniques/T1132/001"
},
{
"name": "Embedded Payloads",
"id": "T1027.009",
"url": "https://attack.mitre.org/techniques/T1027/009"
},
{
"name": "Plist Modification",
"id": "T1150",
"url": "https://attack.mitre.org/techniques/T1150"
},
{
"name": "Pluggable Authentication Modules",
"id": "T1556.003",
"url": "https://attack.mitre.org/techniques/T1556/003"
},
{
"name": "Revert Cloud Instance",
"id": "T1578.004",
"url": "https://attack.mitre.org/techniques/T1578/004"
},
{
"name": "HISTCONTROL",
"id": "T1148",
"url": "https://attack.mitre.org/techniques/T1148"
},
{
"name": "Gather Victim Host Information",
"id": "T1592",
"url": "https://attack.mitre.org/techniques/T1592"
},
{
"name": "Digital Certificates",
"id": "T1596.003",
"url": "https://attack.mitre.org/techniques/T1596/003"
},
{
"name": "Keylogging",
"id": "T1056.001",
"url": "https://attack.mitre.org/techniques/T1056/001"
},
{
"name": "File/Path Exclusions",
"id": "T1564.012",
"url": "https://attack.mitre.org/techniques/T1564/012"
},
{
"name": "Linux and Mac File and Directory Permissions Modification",
"id": "T1222.002",
"url": "https://attack.mitre.org/techniques/T1222/002"
},
{
"name": "Password Guessing",
"id": "T1110.001",
"url": "https://attack.mitre.org/techniques/T1110/001"
},
{
"name": "PubPrn",
"id": "T1216.001",
"url": "https://attack.mitre.org/techniques/T1216/001"
},
{
"name": "Purchase Technical Data",
"id": "T1597.002",
"url": "https://attack.mitre.org/techniques/T1597/002"
},
{
"name": "OS Credential Dumping",
"id": "T1003",
"url": "https://attack.mitre.org/techniques/T1003"
},
{
"name": "Shared Modules",
"id": "T1129",
"url": "https://attack.mitre.org/techniques/T1129"
},
{
"name": "Data from Configuration Repository",
"id": "T1602",
"url": "https://attack.mitre.org/techniques/T1602"
},
{
"name": "Disk Structure Wipe",
"id": "T1561.002",
"url": "https://attack.mitre.org/techniques/T1561/002"
},
{
"name": "Direct Network Flood",
"id": "T1498.001",
"url": "https://attack.mitre.org/techniques/T1498/001"
},
{
"name": "Stored Data Manipulation",
"id": "T1492",
"url": "https://attack.mitre.org/techniques/T1492"
},
{
"name": "Path Interception by PATH Environment Variable",
"id": "T1574.007",
"url": "https://attack.mitre.org/techniques/T1574/007"
},
{
"name": "Sharepoint",
"id": "T1213.002",
"url": "https://attack.mitre.org/techniques/T1213/002"
},
{
"name": "Direct Volume Access",
"id": "T1006",
"url": "https://attack.mitre.org/techniques/T1006"
},
{
"name": "File System Permissions Weakness",
"id": "T1044",
"url": "https://attack.mitre.org/techniques/T1044"
},
{
"name": "Artificial Intelligence",
"id": "T1588.007",
"url": "https://attack.mitre.org/techniques/T1588/007"
},
{
"name": "Modify Cloud Resource Hierarchy",
"id": "T1666",
"url": "https://attack.mitre.org/techniques/T1666"
},
{
"name": "Email Hiding Rules",
"id": "T1564.008",
"url": "https://attack.mitre.org/techniques/T1564/008"
},
{
"name": "External Defacement",
"id": "T1491.002",
"url": "https://attack.mitre.org/techniques/T1491/002"
},
{
"name": "Encrypted/Encoded File",
"id": "T1027.013",
"url": "https://attack.mitre.org/techniques/T1027/013"
},
{
"name": "LLMNR/NBT-NS Poisoning and Relay",
"id": "T1171",
"url": "https://attack.mitre.org/techniques/T1171"
},
{
"name": "IP Addresses",
"id": "T1590.005",
"url": "https://attack.mitre.org/techniques/T1590/005"
},
{
"name": "OS Exhaustion Flood",
"id": "T1499.001",
"url": "https://attack.mitre.org/techniques/T1499/001"
},
{
"name": "Rootkit",
"id": "T1014",
"url": "https://attack.mitre.org/techniques/T1014"
},
{
"name": "PowerShell Profile",
"id": "T1546.013",
"url": "https://attack.mitre.org/techniques/T1546/013"
},
{
"name": "JavaScript",
"id": "T1059.007",
"url": "https://attack.mitre.org/techniques/T1059/007"
},
{
"name": "DNS",
"id": "T1590.002",
"url": "https://attack.mitre.org/techniques/T1590/002"
},
{
"name": "Systemd Service",
"id": "T1501",
"url": "https://attack.mitre.org/techniques/T1501"
},
{
"name": "Lifecycle-Triggered Deletion",
"id": "T1485.001",
"url": "https://attack.mitre.org/techniques/T1485/001"
},
{
"name": "Elevated Execution with Prompt",
"id": "T1514",
"url": "https://attack.mitre.org/techniques/T1514"
},
{
"name": "Audio Capture",
"id": "T1123",
"url": "https://attack.mitre.org/techniques/T1123"
},
{
"name": "Create or Modify System Process",
"id": "T1543",
"url": "https://attack.mitre.org/techniques/T1543"
},
{
"name": "External Remote Services",
"id": "T1133",
"url": "https://attack.mitre.org/techniques/T1133"
},
{
"name": "Component Firmware",
"id": "T1109",
"url": "https://attack.mitre.org/techniques/T1109"
},
{
"name": "LC_LOAD_DYLIB Addition",
"id": "T1546.006",
"url": "https://attack.mitre.org/techniques/T1546/006"
},
{
"name": "Steal Web Session Cookie",
"id": "T1539",
"url": "https://attack.mitre.org/techniques/T1539"
},
{
"name": "Container Orchestration Job",
"id": "T1053.007",
"url": "https://attack.mitre.org/techniques/T1053/007"
},
{
"name": "Domain Generation Algorithms",
"id": "T1568.002",
"url": "https://attack.mitre.org/techniques/T1568/002"
},
{
"name": "Double File Extension",
"id": "T1036.007",
"url": "https://attack.mitre.org/techniques/T1036/007"
},
{
"name": "Bypass User Account Control",
"id": "T1548.002",
"url": "https://attack.mitre.org/techniques/T1548/002"
},
{
"name": "Timestomp",
"id": "T1099",
"url": "https://attack.mitre.org/techniques/T1099"
},
{
"name": "SMS Pumping",
"id": "T1496.003",
"url": "https://attack.mitre.org/techniques/T1496/003"
},
{
"name": "Internet Connection Discovery",
"id": "T1016.001",
"url": "https://attack.mitre.org/techniques/T1016/001"
},
{
"name": "Sudo and Sudo Caching",
"id": "T1548.003",
"url": "https://attack.mitre.org/techniques/T1548/003"
},
{
"name": "Archive via Custom Method",
"id": "T1560.003",
"url": "https://attack.mitre.org/techniques/T1560/003"
},
{
"name": "Modify Cloud Compute Infrastructure",
"id": "T1578",
"url": "https://attack.mitre.org/techniques/T1578"
},
{
"name": "Network Devices",
"id": "T1584.008",
"url": "https://attack.mitre.org/techniques/T1584/008"
},
{
"name": "Malvertising",
"id": "T1583.008",
"url": "https://attack.mitre.org/techniques/T1583/008"
},
{
"name": "Permission Groups Discovery",
"id": "T1069",
"url": "https://attack.mitre.org/techniques/T1069"
},
{
"name": "Email Collection",
"id": "T1114",
"url": "https://attack.mitre.org/techniques/T1114"
},
{
"name": "Security Account Manager",
"id": "T1003.002",
"url": "https://attack.mitre.org/techniques/T1003/002"
},
{
"name": "WHOIS",
"id": "T1596.002",
"url": "https://attack.mitre.org/techniques/T1596/002"
},
{
"name": "System Firmware",
"id": "T1542.001",
"url": "https://attack.mitre.org/techniques/T1542/001"
},
{
"name": "Search Victim-Owned Websites",
"id": "T1594",
"url": "https://attack.mitre.org/techniques/T1594"
},
{
"name": "Cloud Groups",
"id": "T1069.003",
"url": "https://attack.mitre.org/techniques/T1069/003"
},
{
"name": "Services Registry Permissions Weakness",
"id": "T1574.011",
"url": "https://attack.mitre.org/techniques/T1574/011"
},
{
"name": "DNS/Passive DNS",
"id": "T1596.001",
"url": "https://attack.mitre.org/techniques/T1596/001"
},
{
"name": "Application Exhaustion Flood",
"id": "T1499.003",
"url": "https://attack.mitre.org/techniques/T1499/003"
},
{
"name": "Rc.common",
"id": "T1163",
"url": "https://attack.mitre.org/techniques/T1163"
},
{
"name": "Compromise Software Dependencies and Development Tools",
"id": "T1195.001",
"url": "https://attack.mitre.org/techniques/T1195/001"
},
{
"name": "Digital Certificates",
"id": "T1588.004",
"url": "https://attack.mitre.org/techniques/T1588/004"
},
{
"name": "DNS Server",
"id": "T1583.002",
"url": "https://attack.mitre.org/techniques/T1583/002"
},
{
"name": "Disk Wipe",
"id": "T1561",
"url": "https://attack.mitre.org/techniques/T1561"
},
{
"name": "DNS",
"id": "T1071.004",
"url": "https://attack.mitre.org/techniques/T1071/004"
},
{
"name": "Cloud Instance Metadata API",
"id": "T1552.005",
"url": "https://attack.mitre.org/techniques/T1552/005"
},
{
"name": "Securityd Memory",
"id": "T1555.002",
"url": "https://attack.mitre.org/techniques/T1555/002"
},
{
"name": "Group Policy Discovery",
"id": "T1615",
"url": "https://attack.mitre.org/techniques/T1615"
},
{
"name": "Bootkit",
"id": "T1542.003",
"url": "https://attack.mitre.org/techniques/T1542/003"
},
{
"name": "Data from Removable Media",
"id": "T1025",
"url": "https://attack.mitre.org/techniques/T1025"
},
{
"name": "Code Signing",
"id": "T1116",
"url": "https://attack.mitre.org/techniques/T1116"
},
{
"name": "Mavinject",
"id": "T1218.013",
"url": "https://attack.mitre.org/techniques/T1218/013"
},
{
"name": "Cloud Instance Metadata API",
"id": "T1522",
"url": "https://attack.mitre.org/techniques/T1522"
},
{
"name": "Process Hollowing",
"id": "T1093",
"url": "https://attack.mitre.org/techniques/T1093"
},
{
"name": "Local Data Staging",
"id": "T1074.001",
"url": "https://attack.mitre.org/techniques/T1074/001"
},
{
"name": "Match Legitimate Resource Name or Location",
"id": "T1036.005",
"url": "https://attack.mitre.org/techniques/T1036/005"
},
{
"name": "Domain Fronting",
"id": "T1172",
"url": "https://attack.mitre.org/techniques/T1172"
},
{
"name": "Digital Certificates",
"id": "T1587.003",
"url": "https://attack.mitre.org/techniques/T1587/003"
},
{
"name": "Stored Data Manipulation",
"id": "T1565.001",
"url": "https://attack.mitre.org/techniques/T1565/001"
},
{
"name": "Password Cracking",
"id": "T1110.002",
"url": "https://attack.mitre.org/techniques/T1110/002"
},
{
"name": "SID-History Injection",
"id": "T1178",
"url": "https://attack.mitre.org/techniques/T1178"
},
{
"name": "Local Email Collection",
"id": "T1114.001",
"url": "https://attack.mitre.org/techniques/T1114/001"
},
{
"name": "Keychain",
"id": "T1555.001",
"url": "https://attack.mitre.org/techniques/T1555/001"
},
{
"name": "Boot or Logon Autostart Execution",
"id": "T1547",
"url": "https://attack.mitre.org/techniques/T1547"
},
{
"name": "LSA Secrets",
"id": "T1003.004",
"url": "https://attack.mitre.org/techniques/T1003/004"
},
{
"name": "Port Monitors",
"id": "T1013",
"url": "https://attack.mitre.org/techniques/T1013"
},
{
"name": "Weaken Encryption",
"id": "T1600",
"url": "https://attack.mitre.org/techniques/T1600"
},
{
"name": "SAML Tokens",
"id": "T1606.002",
"url": "https://attack.mitre.org/techniques/T1606/002"
},
{
"name": "Spearphishing Link",
"id": "T1192",
"url": "https://attack.mitre.org/techniques/T1192"
},
{
"name": "Masquerade File Type",
"id": "T1036.008",
"url": "https://attack.mitre.org/techniques/T1036/008"
},
{
"name": "Service Stop",
"id": "T1489",
"url": "https://attack.mitre.org/techniques/T1489"
},
{
"name": "Malware",
"id": "T1587.001",
"url": "https://attack.mitre.org/techniques/T1587/001"
},
{
"name": "Regsvcs/Regasm",
"id": "T1121",
"url": "https://attack.mitre.org/techniques/T1121"
},
{
"name": "Device Driver Discovery",
"id": "T1652",
"url": "https://attack.mitre.org/techniques/T1652"
},
{
"name": "Sudo Caching",
"id": "T1206",
"url": "https://attack.mitre.org/techniques/T1206"
},
{
"name": "Domain Account",
"id": "T1087.002",
"url": "https://attack.mitre.org/techniques/T1087/002"
},
{
"name": "Active Setup",
"id": "T1547.014",
"url": "https://attack.mitre.org/techniques/T1547/014"
},
{
"name": "Hide Artifacts",
"id": "T1564",
"url": "https://attack.mitre.org/techniques/T1564"
},
{
"name": "Dynamic Data Exchange",
"id": "T1559.002",
"url": "https://attack.mitre.org/techniques/T1559/002"
},
{
"name": "Malicious File",
"id": "T1204.002",
"url": "https://attack.mitre.org/techniques/T1204/002"
},
{
"name": "Identify Business Tempo",
"id": "T1591.003",
"url": "https://attack.mitre.org/techniques/T1591/003"
},
{
"name": "Security Software Discovery",
"id": "T1063",
"url": "https://attack.mitre.org/techniques/T1063"
},
{
"name": "Publish/Subscribe Protocols",
"id": "T1071.005",
"url": "https://attack.mitre.org/techniques/T1071/005"
},
{
"name": "Hardware",
"id": "T1592.001",
"url": "https://attack.mitre.org/techniques/T1592/001"
},
{
"name": "Taint Shared Content",
"id": "T1080",
"url": "https://attack.mitre.org/techniques/T1080"
},
{
"name": "Trust Modification",
"id": "T1484.002",
"url": "https://attack.mitre.org/techniques/T1484/002"
},
{
"name": "Databases",
"id": "T1213.006",
"url": "https://attack.mitre.org/techniques/T1213/006"
},
{
"name": "Symmetric Cryptography",
"id": "T1573.001",
"url": "https://attack.mitre.org/techniques/T1573/001"
},
{
"name": "Local Account",
"id": "T1087.001",
"url": "https://attack.mitre.org/techniques/T1087/001"
},
{
"name": "Securityd Memory",
"id": "T1167",
"url": "https://attack.mitre.org/techniques/T1167"
},
{
"name": "Social Media Accounts",
"id": "T1586.001",
"url": "https://attack.mitre.org/techniques/T1586/001"
},
{
"name": "Browser Extensions",
"id": "T1176.001",
"url": "https://attack.mitre.org/techniques/T1176/001"
},
{
"name": "Application Access Token",
"id": "T1527",
"url": "https://attack.mitre.org/techniques/T1527"
},
{
"name": "Safe Mode Boot",
"id": "T1562.009",
"url": "https://attack.mitre.org/techniques/T1562/009"
},
{
"name": "Screensaver",
"id": "T1180",
"url": "https://attack.mitre.org/techniques/T1180"
},
{
"name": "TFTP Boot",
"id": "T1542.005",
"url": "https://attack.mitre.org/techniques/T1542/005"
},
{
"name": "Windows Service",
"id": "T1543.003",
"url": "https://attack.mitre.org/techniques/T1543/003"
},
{
"name": "Fast Flux DNS",
"id": "T1568.001",
"url": "https://attack.mitre.org/techniques/T1568/001"
},
{
"name": "System Checks",
"id": "T1497.001",
"url": "https://attack.mitre.org/techniques/T1497/001"
},
{
"name": "Cron",
"id": "T1053.003",
"url": "https://attack.mitre.org/techniques/T1053/003"
},
{
"name": "Domain Groups",
"id": "T1069.002",
"url": "https://attack.mitre.org/techniques/T1069/002"
},
{
"name": "Vulnerabilities",
"id": "T1588.006",
"url": "https://attack.mitre.org/techniques/T1588/006"
},
{
"name": "Spearphishing Link",
"id": "T1566.002",
"url": "https://attack.mitre.org/techniques/T1566/002"
},
{
"name": "Startup Items",
"id": "T1165",
"url": "https://attack.mitre.org/techniques/T1165"
},
{
"name": "Clear Linux or Mac System Logs",
"id": "T1070.002",
"url": "https://attack.mitre.org/techniques/T1070/002"
},
{
"name": "Application or System Exploitation",
"id": "T1499.004",
"url": "https://attack.mitre.org/techniques/T1499/004"
},
{
"name": "Office Application Startup",
"id": "T1137",
"url": "https://attack.mitre.org/techniques/T1137"
},
{
"name": "InstallUtil",
"id": "T1218.004",
"url": "https://attack.mitre.org/techniques/T1218/004"
},
{
"name": "Spearphishing Link",
"id": "T1598.003",
"url": "https://attack.mitre.org/techniques/T1598/003"
},
{
"name": "SSH",
"id": "T1021.004",
"url": "https://attack.mitre.org/techniques/T1021/004"
},
{
"name": "Additional Cloud Roles",
"id": "T1098.003",
"url": "https://attack.mitre.org/techniques/T1098/003"
},
{
"name": "Print Processors",
"id": "T1547.012",
"url": "https://attack.mitre.org/techniques/T1547/012"
},
{
"name": "Disabling Security Tools",
"id": "T1089",
"url": "https://attack.mitre.org/techniques/T1089"
},
{
"name": "Disk Structure Wipe",
"id": "T1487",
"url": "https://attack.mitre.org/techniques/T1487"
},
{
"name": "Spearphishing Attachment",
"id": "T1566.001",
"url": "https://attack.mitre.org/techniques/T1566/001"
},
{
"name": "Credentials in Registry",
"id": "T1214",
"url": "https://attack.mitre.org/techniques/T1214"
},
{
"name": "Stripped Payloads",
"id": "T1027.008",
"url": "https://attack.mitre.org/techniques/T1027/008"
},
{
"name": "Component Object Model",
"id": "T1559.001",
"url": "https://attack.mitre.org/techniques/T1559/001"
},
{
"name": "DLL",
"id": "T1574.001",
"url": "https://attack.mitre.org/techniques/T1574/001"
},
{
"name": "Automated Collection",
"id": "T1119",
"url": "https://attack.mitre.org/techniques/T1119"
},
{
"name": "Clipboard Data",
"id": "T1115",
"url": "https://attack.mitre.org/techniques/T1115"
},
{
"name": "Proc Filesystem",
"id": "T1003.007",
"url": "https://attack.mitre.org/techniques/T1003/007"
},
{
"name": "Botnet",
"id": "T1583.005",
"url": "https://attack.mitre.org/techniques/T1583/005"
},
{
"name": "Password Managers",
"id": "T1555.005",
"url": "https://attack.mitre.org/techniques/T1555/005"
},
{
"name": "AppInit DLLs",
"id": "T1103",
"url": "https://attack.mitre.org/techniques/T1103"
},
{
"name": "Gatekeeper Bypass",
"id": "T1553.001",
"url": "https://attack.mitre.org/techniques/T1553/001"
},
{
"name": "ESXi Administration Command",
"id": "T1675",
"url": "https://attack.mitre.org/techniques/T1675"
},
{
"name": "Drive-by Target",
"id": "T1608.004",
"url": "https://attack.mitre.org/techniques/T1608/004"
},
{
"name": "System Service Discovery",
"id": "T1007",
"url": "https://attack.mitre.org/techniques/T1007"
},
{
"name": "Network Sniffing",
"id": "T1040",
"url": "https://attack.mitre.org/techniques/T1040"
},
{
"name": "Application Deployment Software",
"id": "T1017",
"url": "https://attack.mitre.org/techniques/T1017"
},
{
"name": "Code Signing",
"id": "T1553.002",
"url": "https://attack.mitre.org/techniques/T1553/002"
},
{
"name": "Data from Cloud Storage",
"id": "T1530",
"url": "https://attack.mitre.org/techniques/T1530"
},
{
"name": "Runtime Data Manipulation",
"id": "T1565.003",
"url": "https://attack.mitre.org/techniques/T1565/003"
},
{
"name": "Credentials in Registry",
"id": "T1552.002",
"url": "https://attack.mitre.org/techniques/T1552/002"
},
{
"name": "Network Share Discovery",
"id": "T1135",
"url": "https://attack.mitre.org/techniques/T1135"
},
{
"name": "Peripheral Device Discovery",
"id": "T1120",
"url": "https://attack.mitre.org/techniques/T1120"
},
{
"name": "Break Process Trees",
"id": "T1036.009",
"url": "https://attack.mitre.org/techniques/T1036/009"
},
{
"name": "Network Topology",
"id": "T1590.004",
"url": "https://attack.mitre.org/techniques/T1590/004"
},
{
"name": "Code Signing Certificates",
"id": "T1587.002",
"url": "https://attack.mitre.org/techniques/T1587/002"
},
{
"name": "Windows File and Directory Permissions Modification",
"id": "T1222.001",
"url": "https://attack.mitre.org/techniques/T1222/001"
},
{
"name": "Add-ins",
"id": "T1137.006",
"url": "https://attack.mitre.org/techniques/T1137/006"
},
{
"name": "Transport Agent",
"id": "T1505.002",
"url": "https://attack.mitre.org/techniques/T1505/002"
},
{
"name": "System Information Discovery",
"id": "T1082",
"url": "https://attack.mitre.org/techniques/T1082"
},
{
"name": "Application Layer Protocol",
"id": "T1071",
"url": "https://attack.mitre.org/techniques/T1071"
},
{
"name": "AppDomainManager",
"id": "T1574.014",
"url": "https://attack.mitre.org/techniques/T1574/014"
},
{
"name": "Remote Data Staging",
"id": "T1074.002",
"url": "https://attack.mitre.org/techniques/T1074/002"
},
{
"name": "Additional Container Cluster Roles",
"id": "T1098.006",
"url": "https://attack.mitre.org/techniques/T1098/006"
},
{
"name": "Scheduled Task/Job",
"id": "T1053",
"url": "https://attack.mitre.org/techniques/T1053"
},
{
"name": "Msiexec",
"id": "T1218.007",
"url": "https://attack.mitre.org/techniques/T1218/007"
},
{
"name": "Login Item",
"id": "T1162",
"url": "https://attack.mitre.org/techniques/T1162"
},
{
"name": "Network Trust Dependencies",
"id": "T1590.003",
"url": "https://attack.mitre.org/techniques/T1590/003"
},
{
"name": "Reflection Amplification",
"id": "T1498.002",
"url": "https://attack.mitre.org/techniques/T1498/002"
},
{
"name": "Password Filter DLL",
"id": "T1556.002",
"url": "https://attack.mitre.org/techniques/T1556/002"
},
{
"name": "Terminal Services DLL",
"id": "T1505.005",
"url": "https://attack.mitre.org/techniques/T1505/005"
},
{
"name": "AppleScript",
"id": "T1059.002",
"url": "https://attack.mitre.org/techniques/T1059/002"
},
{
"name": "Software Extensions",
"id": "T1176",
"url": "https://attack.mitre.org/techniques/T1176"
},
{
"name": "Service Exhaustion Flood",
"id": "T1499.002",
"url": "https://attack.mitre.org/techniques/T1499/002"
},
{
"name": "Compromise Hardware Supply Chain",
"id": "T1195.003",
"url": "https://attack.mitre.org/techniques/T1195/003"
},
{
"name": "Native API",
"id": "T1106",
"url": "https://attack.mitre.org/techniques/T1106"
},
{
"name": "Ccache Files",
"id": "T1558.005",
"url": "https://attack.mitre.org/techniques/T1558/005"
},
{
"name": "Clear Network Connection History and Configurations",
"id": "T1070.007",
"url": "https://attack.mitre.org/techniques/T1070/007"
},
{
"name": "AS-REP Roasting",
"id": "T1558.004",
"url": "https://attack.mitre.org/techniques/T1558/004"
},
{
"name": "Service Registry Permissions Weakness",
"id": "T1058",
"url": "https://attack.mitre.org/techniques/T1058"
},
{
"name": "Virtual Private Server",
"id": "T1584.003",
"url": "https://attack.mitre.org/techniques/T1584/003"
},
{
"name": "AutoHotKey & AutoIT",
"id": "T1059.010",
"url": "https://attack.mitre.org/techniques/T1059/010"
},
{
"name": "Reduce Key Space",
"id": "T1600.001",
"url": "https://attack.mitre.org/techniques/T1600/001"
},
{
"name": "Clear Command History",
"id": "T1070.003",
"url": "https://attack.mitre.org/techniques/T1070/003"
},
{
"name": "Indirect Command Execution",
"id": "T1202",
"url": "https://attack.mitre.org/techniques/T1202"
},
{
"name": "Custom Cryptographic Protocol",
"id": "T1024",
"url": "https://attack.mitre.org/techniques/T1024"
},
{
"name": "Revert Cloud Instance",
"id": "T1536",
"url": "https://attack.mitre.org/techniques/T1536"
},
{
"name": "Replication Through Removable Media",
"id": "T1091",
"url": "https://attack.mitre.org/techniques/T1091"
},
{
"name": "Data from Local System",
"id": "T1005",
"url": "https://attack.mitre.org/techniques/T1005"
},
{
"name": "Deobfuscate/Decode Files or Information",
"id": "T1140",
"url": "https://attack.mitre.org/techniques/T1140"
},
{
"name": "Outlook Rules",
"id": "T1137.005",
"url": "https://attack.mitre.org/techniques/T1137/005"
},
{
"name": "Impair Defenses",
"id": "T1562",
"url": "https://attack.mitre.org/techniques/T1562"
},
{
"name": "Cloud Accounts",
"id": "T1586.003",
"url": "https://attack.mitre.org/techniques/T1586/003"
},
{
"name": "Email Accounts",
"id": "T1586.002",
"url": "https://attack.mitre.org/techniques/T1586/002"
},
{
"name": "Additional Local or Domain Groups",
"id": "T1098.007",
"url": "https://attack.mitre.org/techniques/T1098/007"
},
{
"name": "Upload Malware",
"id": "T1608.001",
"url": "https://attack.mitre.org/techniques/T1608/001"
},
{
"name": "Supply Chain Compromise",
"id": "T1195",
"url": "https://attack.mitre.org/techniques/T1195"
},
{
"name": "Exploit Public-Facing Application",
"id": "T1190",
"url": "https://attack.mitre.org/techniques/T1190"
},
{
"name": "Steal or Forge Kerberos Tickets",
"id": "T1558",
"url": "https://attack.mitre.org/techniques/T1558"
},
{
"name": "Credentials from Password Stores",
"id": "T1555",
"url": "https://attack.mitre.org/techniques/T1555"
},
{
"name": "Exfiltration Over Web Service",
"id": "T1567",
"url": "https://attack.mitre.org/techniques/T1567"
},
{
"name": "Remote Access Tools",
"id": "T1219",
"url": "https://attack.mitre.org/techniques/T1219"
},
{
"name": "Domains",
"id": "T1583.001",
"url": "https://attack.mitre.org/techniques/T1583/001"
},
{
"name": "Archive via Library",
"id": "T1560.002",
"url": "https://attack.mitre.org/techniques/T1560/002"
},
{
"name": "Thread Execution Hijacking",
"id": "T1055.003",
"url": "https://attack.mitre.org/techniques/T1055/003"
},
{
"name": "Multilayer Encryption",
"id": "T1079",
"url": "https://attack.mitre.org/techniques/T1079"
},
{
"name": "Masquerading",
"id": "T1036",
"url": "https://attack.mitre.org/techniques/T1036"
},
{
"name": "Application Shimming",
"id": "T1546.011",
"url": "https://attack.mitre.org/techniques/T1546/011"
},
{
"name": "Unsecured Credentials",
"id": "T1552",
"url": "https://attack.mitre.org/techniques/T1552"
},
{
"name": "Port Monitors",
"id": "T1547.010",
"url": "https://attack.mitre.org/techniques/T1547/010"
},
{
"name": "Clear Mailbox Data",
"id": "T1070.008",
"url": "https://attack.mitre.org/techniques/T1070/008"
},
{
"name": "Login Hook",
"id": "T1037.002",
"url": "https://attack.mitre.org/techniques/T1037/002"
},
{
"name": "Content Injection",
"id": "T1659",
"url": "https://attack.mitre.org/techniques/T1659"
},
{
"name": "Process Injection",
"id": "T1055",
"url": "https://attack.mitre.org/techniques/T1055"
},
{
"name": "Exfiltration Over Webhook",
"id": "T1567.004",
"url": "https://attack.mitre.org/techniques/T1567/004"
},
{
"name": "Bash History",
"id": "T1139",
"url": "https://attack.mitre.org/techniques/T1139"
},
{
"name": "Traffic Signaling",
"id": "T1205",
"url": "https://attack.mitre.org/techniques/T1205"
},
{
"name": "Direct Cloud VM Connections",
"id": "T1021.008",
"url": "https://attack.mitre.org/techniques/T1021/008"
},
{
"name": "Credentials from Web Browsers",
"id": "T1503",
"url": "https://attack.mitre.org/techniques/T1503"
},
{
"name": "System Binary Proxy Execution",
"id": "T1218",
"url": "https://attack.mitre.org/techniques/T1218"
},
{
"name": "Source",
"id": "T1153",
"url": "https://attack.mitre.org/techniques/T1153"
},
{
"name": "DLL Search Order Hijacking",
"id": "T1038",
"url": "https://attack.mitre.org/techniques/T1038"
},
{
"name": "New Service",
"id": "T1050",
"url": "https://attack.mitre.org/techniques/T1050"
},
{
"name": "Timestomp",
"id": "T1070.006",
"url": "https://attack.mitre.org/techniques/T1070/006"
},
{
"name": "Evil Twin",
"id": "T1557.004",
"url": "https://attack.mitre.org/techniques/T1557/004"
},
{
"name": "Reflective Code Loading",
"id": "T1620",
"url": "https://attack.mitre.org/techniques/T1620"
},
{
"name": "Wi-Fi Discovery",
"id": "T1016.002",
"url": "https://attack.mitre.org/techniques/T1016/002"
},
{
"name": "Mutual Exclusion",
"id": "T1480.002",
"url": "https://attack.mitre.org/techniques/T1480/002"
},
{
"name": "Ignore Process Interrupts",
"id": "T1564.011",
"url": "https://attack.mitre.org/techniques/T1564/011"
},
{
"name": "Escape to Host",
"id": "T1611",
"url": "https://attack.mitre.org/techniques/T1611"
},
{
"name": "Backup Software Discovery",
"id": "T1518.002",
"url": "https://attack.mitre.org/techniques/T1518/002"
},
{
"name": "Shortcut Modification",
"id": "T1547.009",
"url": "https://attack.mitre.org/techniques/T1547/009"
},
{
"name": "Application Window Discovery",
"id": "T1010",
"url": "https://attack.mitre.org/techniques/T1010"
},
{
"name": "Systemctl",
"id": "T1569.003",
"url": "https://attack.mitre.org/techniques/T1569/003"
},
{
"name": "Standard Cryptographic Protocol",
"id": "T1032",
"url": "https://attack.mitre.org/techniques/T1032"
},
{
"name": "Email Account",
"id": "T1087.003",
"url": "https://attack.mitre.org/techniques/T1087/003"
},
{
"name": "Hypervisor",
"id": "T1062",
"url": "https://attack.mitre.org/techniques/T1062"
},
{
"name": "Time Based Checks",
"id": "T1497.003",
"url": "https://attack.mitre.org/techniques/T1497/003"
},
{
"name": "AppCert DLLs",
"id": "T1182",
"url": "https://attack.mitre.org/techniques/T1182"
},
{
"name": "CMSTP",
"id": "T1218.003",
"url": "https://attack.mitre.org/techniques/T1218/003"
},
{
"name": "SSH Hijacking",
"id": "T1563.001",
"url": "https://attack.mitre.org/techniques/T1563/001"
},
{
"name": "Disable Windows Event Logging",
"id": "T1562.002",
"url": "https://attack.mitre.org/techniques/T1562/002"
},
{
"name": "Scheduled Transfer",
"id": "T1029",
"url": "https://attack.mitre.org/techniques/T1029"
},
{
"name": "SMB/Windows Admin Shares",
"id": "T1021.002",
"url": "https://attack.mitre.org/techniques/T1021/002"
},
{
"name": "Implant Internal Image",
"id": "T1525",
"url": "https://attack.mitre.org/techniques/T1525"
},
{
"name": "Protocol Tunneling",
"id": "T1572",
"url": "https://attack.mitre.org/techniques/T1572"
},
{
"name": "Control Panel",
"id": "T1218.002",
"url": "https://attack.mitre.org/techniques/T1218/002"
},
{
"name": "Network Address Translation Traversal",
"id": "T1599.001",
"url": "https://attack.mitre.org/techniques/T1599/001"
},
{
"name": "Upload Tool",
"id": "T1608.002",
"url": "https://attack.mitre.org/techniques/T1608/002"
},
{
"name": "Security Support Provider",
"id": "T1547.005",
"url": "https://attack.mitre.org/techniques/T1547/005"
},
{
"name": "Overwrite Process Arguments",
"id": "T1036.011",
"url": "https://attack.mitre.org/techniques/T1036/011"
},
{
"name": "Winlogon Helper DLL",
"id": "T1004",
"url": "https://attack.mitre.org/techniques/T1004"
},
{
"name": "Binary Padding",
"id": "T1009",
"url": "https://attack.mitre.org/techniques/T1009"
},
{
"name": "Use Alternate Authentication Material",
"id": "T1550",
"url": "https://attack.mitre.org/techniques/T1550"
},
{
"name": "Remote Desktop Protocol",
"id": "T1076",
"url": "https://attack.mitre.org/techniques/T1076"
},
{
"name": "Threat Intel Vendors",
"id": "T1597.001",
"url": "https://attack.mitre.org/techniques/T1597/001"
},
{
"name": "Exfiltration Over Other Network Medium",
"id": "T1011",
"url": "https://attack.mitre.org/techniques/T1011"
},
{
"name": "Network Device Configuration Dump",
"id": "T1602.002",
"url": "https://attack.mitre.org/techniques/T1602/002"
},
{
"name": "Gather Victim Identity Information",
"id": "T1589",
"url": "https://attack.mitre.org/techniques/T1589"
},
{
"name": "Authentication Package",
"id": "T1131",
"url": "https://attack.mitre.org/techniques/T1131"
},
{
"name": "Extra Window Memory Injection",
"id": "T1181",
"url": "https://attack.mitre.org/techniques/T1181"
},
{
"name": "Disable or Modify System Firewall",
"id": "T1562.004",
"url": "https://attack.mitre.org/techniques/T1562/004"
},
{
"name": "Archive Collected Data",
"id": "T1560",
"url": "https://attack.mitre.org/techniques/T1560"
},
{
"name": "Launchctl",
"id": "T1152",
"url": "https://attack.mitre.org/techniques/T1152"
},
{
"name": "SIP and Trust Provider Hijacking",
"id": "T1553.003",
"url": "https://attack.mitre.org/techniques/T1553/003"
},
{
"name": "Domain Generation Algorithms",
"id": "T1483",
"url": "https://attack.mitre.org/techniques/T1483"
},
{
"name": "Browser Session Hijacking",
"id": "T1185",
"url": "https://attack.mitre.org/techniques/T1185"
},
{
"name": "Remote Services",
"id": "T1021",
"url": "https://attack.mitre.org/techniques/T1021"
},
{
"name": "Mail Protocols",
"id": "T1071.003",
"url": "https://attack.mitre.org/techniques/T1071/003"
},
{
"name": "Hybrid Identity",
"id": "T1556.007",
"url": "https://attack.mitre.org/techniques/T1556/007"
},
{
"name": "Vulnerability Scanning",
"id": "T1595.002",
"url": "https://attack.mitre.org/techniques/T1595/002"
},
{
"name": "Cloud API",
"id": "T1059.009",
"url": "https://attack.mitre.org/techniques/T1059/009"
},
{
"name": "Search Open Technical Databases",
"id": "T1596",
"url": "https://attack.mitre.org/techniques/T1596"
},
{
"name": "Electron Applications",
"id": "T1218.015",
"url": "https://attack.mitre.org/techniques/T1218/015"
},
{
"name": "Disable or Modify Linux Audit System",
"id": "T1562.012",
"url": "https://attack.mitre.org/techniques/T1562/012"
},
{
"name": "Rogue Domain Controller",
"id": "T1207",
"url": "https://attack.mitre.org/techniques/T1207"
},
{
"name": "Code Signing Policy Modification",
"id": "T1553.006",
"url": "https://attack.mitre.org/techniques/T1553/006"
},
{
"name": "Deploy Container",
"id": "T1610",
"url": "https://attack.mitre.org/techniques/T1610"
},
{
"name": "File Deletion",
"id": "T1107",
"url": "https://attack.mitre.org/techniques/T1107"
},
{
"name": "Private Keys",
"id": "T1145",
"url": "https://attack.mitre.org/techniques/T1145"
},
{
"name": "Modify Registry",
"id": "T1112",
"url": "https://attack.mitre.org/techniques/T1112"
},
{
"name": "Launch Daemon",
"id": "T1543.004",
"url": "https://attack.mitre.org/techniques/T1543/004"
},
{
"name": "Cloud Infrastructure Discovery",
"id": "T1580",
"url": "https://attack.mitre.org/techniques/T1580"
},
{
"name": "Credentials from Web Browsers",
"id": "T1555.003",
"url": "https://attack.mitre.org/techniques/T1555/003"
},
{
"name": "Path Interception by Search Order Hijacking",
"id": "T1574.008",
"url": "https://attack.mitre.org/techniques/T1574/008"
},
{
"name": "Defacement",
"id": "T1491",
"url": "https://attack.mitre.org/techniques/T1491"
},
{
"name": "Unused/Unsupported Cloud Regions",
"id": "T1535",
"url": "https://attack.mitre.org/techniques/T1535"
},
{
"name": "DHCP Spoofing",
"id": "T1557.003",
"url": "https://attack.mitre.org/techniques/T1557/003"
},
{
"name": "AppleScript",
"id": "T1155",
"url": "https://attack.mitre.org/techniques/T1155"
},
{
"name": "Remote Service Session Hijacking",
"id": "T1563",
"url": "https://attack.mitre.org/techniques/T1563"
},
{
"name": "Bind Mounts",
"id": "T1564.013",
"url": "https://attack.mitre.org/techniques/T1564/013"
},
{
"name": "Binary Padding",
"id": "T1027.001",
"url": "https://attack.mitre.org/techniques/T1027/001"
},
{
"name": "Web Shell",
"id": "T1505.003",
"url": "https://attack.mitre.org/techniques/T1505/003"
},
{
"name": "Group Policy Modification",
"id": "T1484.001",
"url": "https://attack.mitre.org/techniques/T1484/001"
},
{
"name": "Browser Information Discovery",
"id": "T1217",
"url": "https://attack.mitre.org/techniques/T1217"
},
{
"name": "Private Keys",
"id": "T1552.004",
"url": "https://attack.mitre.org/techniques/T1552/004"
},
{
"name": "Server",
"id": "T1583.004",
"url": "https://attack.mitre.org/techniques/T1583/004"
},
{
"name": "Windows Remote Management",
"id": "T1021.006",
"url": "https://attack.mitre.org/techniques/T1021/006"
},
{
"name": "Exfiltration Over Bluetooth",
"id": "T1011.001",
"url": "https://attack.mitre.org/techniques/T1011/001"
},
{
"name": "Default Accounts",
"id": "T1078.001",
"url": "https://attack.mitre.org/techniques/T1078/001"
},
{
"name": "Time Providers",
"id": "T1547.003",
"url": "https://attack.mitre.org/techniques/T1547/003"
},
{
"name": "Image File Execution Options Injection",
"id": "T1183",
"url": "https://attack.mitre.org/techniques/T1183"
},
{
"name": "Rundll32",
"id": "T1085",
"url": "https://attack.mitre.org/techniques/T1085"
},
{
"name": "Modify Existing Service",
"id": "T1031",
"url": "https://attack.mitre.org/techniques/T1031"
},
{
"name": "Trap",
"id": "T1546.005",
"url": "https://attack.mitre.org/techniques/T1546/005"
},
{
"name": "Dynamic Linker Hijacking",
"id": "T1574.006",
"url": "https://attack.mitre.org/techniques/T1574/006"
},
{
"name": "Local Account",
"id": "T1136.001",
"url": "https://attack.mitre.org/techniques/T1136/001"
},
{
"name": "Search Threat Vendor Data",
"id": "T1681",
"url": "https://attack.mitre.org/techniques/T1681"
},
{
"name": "Input Injection",
"id": "T1674",
"url": "https://attack.mitre.org/techniques/T1674"
},
{
"name": "Communication Through Removable Media",
"id": "T1092",
"url": "https://attack.mitre.org/techniques/T1092"
},
{
"name": "Clear Windows Event Logs",
"id": "T1070.001",
"url": "https://attack.mitre.org/techniques/T1070/001"
},
{
"name": "Email Accounts",
"id": "T1585.002",
"url": "https://attack.mitre.org/techniques/T1585/002"
},
{
"name": "LLMNR/NBT-NS Poisoning and SMB Relay",
"id": "T1557.001",
"url": "https://attack.mitre.org/techniques/T1557/001"
},
{
"name": "File and Directory Permissions Modification",
"id": "T1222",
"url": "https://attack.mitre.org/techniques/T1222"
},
{
"name": "LSASS Memory",
"id": "T1003.001",
"url": "https://attack.mitre.org/techniques/T1003/001"
},
{
"name": "At (Linux)",
"id": "T1053.001",
"url": "https://attack.mitre.org/techniques/T1053/001"
},
{
"name": "IDE Extensions",
"id": "T1176.002",
"url": "https://attack.mitre.org/techniques/T1176/002"
},
{
"name": "Hooking",
"id": "T1179",
"url": "https://attack.mitre.org/techniques/T1179"
},
{
"name": "Active Scanning",
"id": "T1595",
"url": "https://attack.mitre.org/techniques/T1595"
},
{
"name": "Junk Code Insertion",
"id": "T1027.016",
"url": "https://attack.mitre.org/techniques/T1027/016"
},
{
"name": "Plist Modification",
"id": "T1547.011",
"url": "https://attack.mitre.org/techniques/T1547/011"
},
{
"name": "Abuse Elevation Control Mechanism",
"id": "T1548",
"url": "https://attack.mitre.org/techniques/T1548"
},
{
"name": "Create Process with Token",
"id": "T1134.002",
"url": "https://attack.mitre.org/techniques/T1134/002"
},
{
"name": "Setuid and Setgid",
"id": "T1548.001",
"url": "https://attack.mitre.org/techniques/T1548/001"
},
{
"name": "Winlogon Helper DLL",
"id": "T1547.004",
"url": "https://attack.mitre.org/techniques/T1547/004"
},
{
"name": "System Firmware",
"id": "T1019",
"url": "https://attack.mitre.org/techniques/T1019"
},
{
"name": "Distributed Component Object Model",
"id": "T1021.003",
"url": "https://attack.mitre.org/techniques/T1021/003"
},
{
"name": "Change Default File Association",
"id": "T1042",
"url": "https://attack.mitre.org/techniques/T1042"
},
{
"name": "Regsvr32",
"id": "T1117",
"url": "https://attack.mitre.org/techniques/T1117"
},
{
"name": "Password Spraying",
"id": "T1110.003",
"url": "https://attack.mitre.org/techniques/T1110/003"
},
{
"name": "External Proxy",
"id": "T1090.002",
"url": "https://attack.mitre.org/techniques/T1090/002"
},
{
"name": "Web Portal Capture",
"id": "T1056.003",
"url": "https://attack.mitre.org/techniques/T1056/003"
},
{
"name": "Email Addresses",
"id": "T1589.002",
"url": "https://attack.mitre.org/techniques/T1589/002"
},
{
"name": "Re-opened Applications",
"id": "T1164",
"url": "https://attack.mitre.org/techniques/T1164"
},
{
"name": "Indicator Blocking",
"id": "T1054",
"url": "https://attack.mitre.org/techniques/T1054"
},
{
"name": "Spearphishing Voice",
"id": "T1598.004",
"url": "https://attack.mitre.org/techniques/T1598/004"
},
{
"name": "Redundant Access",
"id": "T1108",
"url": "https://attack.mitre.org/techniques/T1108"
},
{
"name": "Spearphishing Attachment",
"id": "T1193",
"url": "https://attack.mitre.org/techniques/T1193"
},
{
"name": "Cached Domain Credentials",
"id": "T1003.005",
"url": "https://attack.mitre.org/techniques/T1003/005"
},
{
"name": "SSH Authorized Keys",
"id": "T1098.004",
"url": "https://attack.mitre.org/techniques/T1098/004"
},
{
"name": "Virtual Machine Discovery",
"id": "T1673",
"url": "https://attack.mitre.org/techniques/T1673"
},
{
"name": "Kernel Modules and Extensions",
"id": "T1215",
"url": "https://attack.mitre.org/techniques/T1215"
},
{
"name": "Security Support Provider",
"id": "T1101",
"url": "https://attack.mitre.org/techniques/T1101"
},
{
"name": "Network Security Appliances",
"id": "T1590.006",
"url": "https://attack.mitre.org/techniques/T1590/006"
},
{
"name": "Image File Execution Options Injection",
"id": "T1546.012",
"url": "https://attack.mitre.org/techniques/T1546/012"
},
{
"name": "Odbcconf",
"id": "T1218.008",
"url": "https://attack.mitre.org/techniques/T1218/008"
},
{
"name": "Search Engines",
"id": "T1593.002",
"url": "https://attack.mitre.org/techniques/T1593/002"
},
{
"name": "LSASS Driver",
"id": "T1177",
"url": "https://attack.mitre.org/techniques/T1177"
},
{
"name": "Business Relationships",
"id": "T1591.002",
"url": "https://attack.mitre.org/techniques/T1591/002"
},
{
"name": "Temporary Elevated Cloud Access",
"id": "T1548.005",
"url": "https://attack.mitre.org/techniques/T1548/005"
},
{
"name": "Video Capture",
"id": "T1125",
"url": "https://attack.mitre.org/techniques/T1125"
},
{
"name": "Gatekeeper Bypass",
"id": "T1144",
"url": "https://attack.mitre.org/techniques/T1144"
},
{
"name": "Software Packing",
"id": "T1045",
"url": "https://attack.mitre.org/techniques/T1045"
},
{
"name": "Process Doppelgänging",
"id": "T1055.013",
"url": "https://attack.mitre.org/techniques/T1055/013"
},
{
"name": "System Network Configuration Discovery",
"id": "T1016",
"url": "https://attack.mitre.org/techniques/T1016"
},
{
"name": "Delete Cloud Instance",
"id": "T1578.003",
"url": "https://attack.mitre.org/techniques/T1578/003"
},
{
"name": "Code Repositories",
"id": "T1593.003",
"url": "https://attack.mitre.org/techniques/T1593/003"
},
{
"name": "Executable Installer File Permissions Weakness",
"id": "T1574.005",
"url": "https://attack.mitre.org/techniques/T1574/005"
},
{
"name": "Accessibility Features",
"id": "T1546.008",
"url": "https://attack.mitre.org/techniques/T1546/008"
},
{
"name": "Bandwidth Hijacking",
"id": "T1496.002",
"url": "https://attack.mitre.org/techniques/T1496/002"
},
{
"name": "PowerShell Profile",
"id": "T1504",
"url": "https://attack.mitre.org/techniques/T1504"
},
{
"name": "SIP and Trust Provider Hijacking",
"id": "T1198",
"url": "https://attack.mitre.org/techniques/T1198"
},
{
"name": "Account Discovery",
"id": "T1087",
"url": "https://attack.mitre.org/techniques/T1087"
},
{
"name": "Proxy",
"id": "T1090",
"url": "https://attack.mitre.org/techniques/T1090"
},
{
"name": "Command and Scripting Interpreter",
"id": "T1059",
"url": "https://attack.mitre.org/techniques/T1059"
},
{
"name": "Malicious Library",
"id": "T1204.005",
"url": "https://attack.mitre.org/techniques/T1204/005"
},
{
"name": "Indicator Blocking",
"id": "T1562.006",
"url": "https://attack.mitre.org/techniques/T1562/006"
},
{
"name": "Domain Account",
"id": "T1136.002",
"url": "https://attack.mitre.org/techniques/T1136/002"
},
{
"name": "Extended Attributes",
"id": "T1564.014",
"url": "https://attack.mitre.org/techniques/T1564/014"
},
{
"name": "Employee Names",
"id": "T1589.003",
"url": "https://attack.mitre.org/techniques/T1589/003"
},
{
"name": "Poisoned Pipeline Execution",
"id": "T1677",
"url": "https://attack.mitre.org/techniques/T1677"
},
{
"name": "Domain Trust Discovery",
"id": "T1482",
"url": "https://attack.mitre.org/techniques/T1482"
},
{
"name": "Golden Ticket",
"id": "T1558.001",
"url": "https://attack.mitre.org/techniques/T1558/001"
},
{
"name": "Component Object Model and Distributed COM",
"id": "T1175",
"url": "https://attack.mitre.org/techniques/T1175"
},
{
"name": "Automated Exfiltration",
"id": "T1020",
"url": "https://attack.mitre.org/techniques/T1020"
},
{
"name": "Client Configurations",
"id": "T1592.004",
"url": "https://attack.mitre.org/techniques/T1592/004"
},
{
"name": "Disable or Modify Cloud Firewall",
"id": "T1562.007",
"url": "https://attack.mitre.org/techniques/T1562/007"
},
{
"name": "IDE Tunneling",
"id": "T1219.001",
"url": "https://attack.mitre.org/techniques/T1219/001"
},
{
"name": "Right-to-Left Override",
"id": "T1036.002",
"url": "https://attack.mitre.org/techniques/T1036/002"
},
{
"name": "Malware",
"id": "T1588.001",
"url": "https://attack.mitre.org/techniques/T1588/001"
},
{
"name": "SVG Smuggling",
"id": "T1027.017",
"url": "https://attack.mitre.org/techniques/T1027/017"
},
{
"name": "Component Firmware",
"id": "T1542.002",
"url": "https://attack.mitre.org/techniques/T1542/002"
},
{
"name": "Indicator Removal",
"id": "T1070",
"url": "https://attack.mitre.org/techniques/T1070"
},
{
"name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
"id": "T1048.001",
"url": "https://attack.mitre.org/techniques/T1048/001"
},
{
"name": "Office Template Macros",
"id": "T1137.001",
"url": "https://attack.mitre.org/techniques/T1137/001"
},
{
"name": "Virtual Private Server",
"id": "T1583.003",
"url": "https://attack.mitre.org/techniques/T1583/003"
},
{
"name": "Confluence",
"id": "T1213.001",
"url": "https://attack.mitre.org/techniques/T1213/001"
},
{
"name": "Pass the Ticket",
"id": "T1550.003",
"url": "https://attack.mitre.org/techniques/T1550/003"
},
{
"name": "Container Administration Command",
"id": "T1609",
"url": "https://attack.mitre.org/techniques/T1609"
},
{
"name": "File and Directory Discovery",
"id": "T1083",
"url": "https://attack.mitre.org/techniques/T1083"
},
{
"name": "Dynamic Resolution",
"id": "T1568",
"url": "https://attack.mitre.org/techniques/T1568"
},
{
"name": "Masquerade Task or Service",
"id": "T1036.004",
"url": "https://attack.mitre.org/techniques/T1036/004"
},
{
"name": "Asynchronous Procedure Call",
"id": "T1055.004",
"url": "https://attack.mitre.org/techniques/T1055/004"
},
{
"name": "Traffic Duplication",
"id": "T1020.001",
"url": "https://attack.mitre.org/techniques/T1020/001"
},
{
"name": "Application Shimming",
"id": "T1138",
"url": "https://attack.mitre.org/techniques/T1138"
},
{
"name": "Plist File Modification",
"id": "T1647",
"url": "https://attack.mitre.org/techniques/T1647"
},
{
"name": "JamPlus",
"id": "T1127.003",
"url": "https://attack.mitre.org/techniques/T1127/003"
},
{
"name": "AppCert DLLs",
"id": "T1546.009",
"url": "https://attack.mitre.org/techniques/T1546/009"
},
{
"name": "CMSTP",
"id": "T1191",
"url": "https://attack.mitre.org/techniques/T1191"
},
{
"name": "Multi-hop Proxy",
"id": "T1188",
"url": "https://attack.mitre.org/techniques/T1188"
},
{
"name": "Email Forwarding Rule",
"id": "T1114.003",
"url": "https://attack.mitre.org/techniques/T1114/003"
},
{
"name": "Data Staged",
"id": "T1074",
"url": "https://attack.mitre.org/techniques/T1074"
},
{
"name": "Steal or Forge Authentication Certificates",
"id": "T1649",
"url": "https://attack.mitre.org/techniques/T1649"
},
{
"name": "Device Registration",
"id": "T1098.005",
"url": "https://attack.mitre.org/techniques/T1098/005"
},
{
"name": "System Network Connections Discovery",
"id": "T1049",
"url": "https://attack.mitre.org/techniques/T1049"
},
{
"name": "Compromise Infrastructure",
"id": "T1584",
"url": "https://attack.mitre.org/techniques/T1584"
},
{
"name": "Mark-of-the-Web Bypass",
"id": "T1553.005",
"url": "https://attack.mitre.org/techniques/T1553/005"
},
{
"name": "Disable Crypto Hardware",
"id": "T1600.002",
"url": "https://attack.mitre.org/techniques/T1600/002"
},
{
"name": "Pre-OS Boot",
"id": "T1542",
"url": "https://attack.mitre.org/techniques/T1542"
},
{
"name": "Scripting",
"id": "T1064",
"url": "https://attack.mitre.org/techniques/T1064"
},
{
"name": "Build Image on Host",
"id": "T1612",
"url": "https://attack.mitre.org/techniques/T1612"
},
{
"name": "Shared Webroot",
"id": "T1051",
"url": "https://attack.mitre.org/techniques/T1051"
},
{
"name": "Portable Executable Injection",
"id": "T1055.002",
"url": "https://attack.mitre.org/techniques/T1055/002"
},
{
"name": "Verclsid",
"id": "T1218.012",
"url": "https://attack.mitre.org/techniques/T1218/012"
},
{
"name": "Compromise Accounts",
"id": "T1586",
"url": "https://attack.mitre.org/techniques/T1586"
},
{
"name": "Launchctl",
"id": "T1569.001",
"url": "https://attack.mitre.org/techniques/T1569/001"
},
{
"name": "Botnet",
"id": "T1584.005",
"url": "https://attack.mitre.org/techniques/T1584/005"
},
{
"name": "Network Device CLI",
"id": "T1059.008",
"url": "https://attack.mitre.org/techniques/T1059/008"
},
{
"name": "Shell History",
"id": "T1552.003",
"url": "https://attack.mitre.org/techniques/T1552/003"
},
{
"name": "Downgrade Attack",
"id": "T1562.010",
"url": "https://attack.mitre.org/techniques/T1562/010"
},
{
"name": "XPC Services",
"id": "T1559.003",
"url": "https://attack.mitre.org/techniques/T1559/003"
},
{
"name": "Virtualization/Sandbox Evasion",
"id": "T1497",
"url": "https://attack.mitre.org/techniques/T1497"
},
{
"name": "Web Service",
"id": "T1102",
"url": "https://attack.mitre.org/techniques/T1102"
},
{
"name": "Credentials In Files",
"id": "T1552.001",
"url": "https://attack.mitre.org/techniques/T1552/001"
},
{
"name": "DNS Calculation",
"id": "T1568.003",
"url": "https://attack.mitre.org/techniques/T1568/003"
},
{
"name": "Mshta",
"id": "T1218.005",
"url": "https://attack.mitre.org/techniques/T1218/005"
},
{
"name": "Login Items",
"id": "T1547.015",
"url": "https://attack.mitre.org/techniques/T1547/015"
},
{
"name": "Stage Capabilities",
"id": "T1608",
"url": "https://attack.mitre.org/techniques/T1608"
},
{
"name": "Link Target",
"id": "T1608.005",
"url": "https://attack.mitre.org/techniques/T1608/005"
},
{
"name": "Multi-Stage Channels",
"id": "T1104",
"url": "https://attack.mitre.org/techniques/T1104"
},
{
"name": "Financial Theft",
"id": "T1657",
"url": "https://attack.mitre.org/techniques/T1657"
},
{
"name": "Execution Guardrails",
"id": "T1480",
"url": "https://attack.mitre.org/techniques/T1480"
},
{
"name": "Cloud Storage Object Discovery",
"id": "T1619",
"url": "https://attack.mitre.org/techniques/T1619"
},
{
"name": "Web Cookies",
"id": "T1606.001",
"url": "https://attack.mitre.org/techniques/T1606/001"
},
{
"name": "Log Enumeration",
"id": "T1654",
"url": "https://attack.mitre.org/techniques/T1654"
},
{
"name": "Token Impersonation/Theft",
"id": "T1134.001",
"url": "https://attack.mitre.org/techniques/T1134/001"
},
{
"name": "Exfiltration to Code Repository",
"id": "T1567.001",
"url": "https://attack.mitre.org/techniques/T1567/001"
},
{
"name": "Cloud Services",
"id": "T1021.007",
"url": "https://attack.mitre.org/techniques/T1021/007"
},
{
"name": "Port Knocking",
"id": "T1205.001",
"url": "https://attack.mitre.org/techniques/T1205/001"
},
{
"name": "LNK Icon Smuggling",
"id": "T1027.012",
"url": "https://attack.mitre.org/techniques/T1027/012"
},
{
"name": "Web Services",
"id": "T1583.006",
"url": "https://attack.mitre.org/techniques/T1583/006"
},
{
"name": "Steal Application Access Token",
"id": "T1528",
"url": "https://attack.mitre.org/techniques/T1528"
},
{
"name": "Spearphishing Attachment",
"id": "T1598.002",
"url": "https://attack.mitre.org/techniques/T1598/002"
},
{
"name": "Additional Cloud Credentials",
"id": "T1098.001",
"url": "https://attack.mitre.org/techniques/T1098/001"
},
{
"name": "User Execution",
"id": "T1204",
"url": "https://attack.mitre.org/techniques/T1204"
},
{
"name": "Internal Defacement",
"id": "T1491.001",
"url": "https://attack.mitre.org/techniques/T1491/001"
},
{
"name": "Hidden Users",
"id": "T1564.002",
"url": "https://attack.mitre.org/techniques/T1564/002"
},
{
"name": "Make and Impersonate Token",
"id": "T1134.003",
"url": "https://attack.mitre.org/techniques/T1134/003"
},
{
"name": "Group Policy Preferences",
"id": "T1552.006",
"url": "https://attack.mitre.org/techniques/T1552/006"
},
{
"name": "Control Panel Items",
"id": "T1196",
"url": "https://attack.mitre.org/techniques/T1196"
},
{
"name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
"id": "T1048.002",
"url": "https://attack.mitre.org/techniques/T1048/002"
},
{
"name": "Cloud Account",
"id": "T1087.004",
"url": "https://attack.mitre.org/techniques/T1087/004"
},
{
"name": "Process Discovery",
"id": "T1057",
"url": "https://attack.mitre.org/techniques/T1057"
},
{
"name": "Impair Command History Logging",
"id": "T1562.003",
"url": "https://attack.mitre.org/techniques/T1562/003"
},
{
"name": "Launchd",
"id": "T1053.004",
"url": "https://attack.mitre.org/techniques/T1053/004"
},
{
"name": "Network Provider DLL",
"id": "T1556.008",
"url": "https://attack.mitre.org/techniques/T1556/008"
},
{
"name": "Windows Management Instrumentation Event Subscription",
"id": "T1546.003",
"url": "https://attack.mitre.org/techniques/T1546/003"
},
{
"name": "CDNs",
"id": "T1596.004",
"url": "https://attack.mitre.org/techniques/T1596/004"
},
{
"name": "User Activity Based Checks",
"id": "T1497.002",
"url": "https://attack.mitre.org/techniques/T1497/002"
},
{
"name": "Input Prompt",
"id": "T1141",
"url": "https://attack.mitre.org/techniques/T1141"
},
{
"name": "Cloud Service Hijacking",
"id": "T1496.004",
"url": "https://attack.mitre.org/techniques/T1496/004"
},
{
"name": "Cloud Accounts",
"id": "T1585.003",
"url": "https://attack.mitre.org/techniques/T1585/003"
},
{
"name": "Software Deployment Tools",
"id": "T1072",
"url": "https://attack.mitre.org/techniques/T1072"
},
{
"name": "Exfiltration Over C2 Channel",
"id": "T1041",
"url": "https://attack.mitre.org/techniques/T1041"
},
{
"name": "Parent PID Spoofing",
"id": "T1134.004",
"url": "https://attack.mitre.org/techniques/T1134/004"
},
{
"name": "Gather Victim Org Information",
"id": "T1591",
"url": "https://attack.mitre.org/techniques/T1591"
},
{
"name": "Registry Run Keys / Startup Folder",
"id": "T1060",
"url": "https://attack.mitre.org/techniques/T1060"
},
{
"name": "Forge Web Credentials",
"id": "T1606",
"url": "https://attack.mitre.org/techniques/T1606"
},
{
"name": "Multi-Factor Authentication Request Generation",
"id": "T1621",
"url": "https://attack.mitre.org/techniques/T1621"
},
{
"name": "Compromise Host Software Binary",
"id": "T1554",
"url": "https://attack.mitre.org/techniques/T1554"
},
{
"name": "Chat Messages",
"id": "T1552.008",
"url": "https://attack.mitre.org/techniques/T1552/008"
},
{
"name": "PowerShell",
"id": "T1059.001",
"url": "https://attack.mitre.org/techniques/T1059/001"
},
{
"name": "Shortcut Modification",
"id": "T1023",
"url": "https://attack.mitre.org/techniques/T1023"
},
{
"name": "Change Default File Association",
"id": "T1546.001",
"url": "https://attack.mitre.org/techniques/T1546/001"
},
{
"name": "VDSO Hijacking",
"id": "T1055.014",
"url": "https://attack.mitre.org/techniques/T1055/014"
},
{
"name": "Multiband Communication",
"id": "T1026",
"url": "https://attack.mitre.org/techniques/T1026"
},
{
"name": "File Transfer Protocols",
"id": "T1071.002",
"url": "https://attack.mitre.org/techniques/T1071/002"
},
{
"name": "Selective Exclusion",
"id": "T1679",
"url": "https://attack.mitre.org/techniques/T1679"
},
{
"name": "Component Object Model Hijacking",
"id": "T1122",
"url": "https://attack.mitre.org/techniques/T1122"
},
{
"name": "Accessibility Features",
"id": "T1015",
"url": "https://attack.mitre.org/techniques/T1015"
},
{
"name": "Exploitation for Credential Access",
"id": "T1212",
"url": "https://attack.mitre.org/techniques/T1212"
},
{
"name": "Emond",
"id": "T1546.014",
"url": "https://attack.mitre.org/techniques/T1546/014"
},
{
"name": "One-Way Communication",
"id": "T1102.003",
"url": "https://attack.mitre.org/techniques/T1102/003"
},
{
"name": "Gather Victim Network Information",
"id": "T1590",
"url": "https://attack.mitre.org/techniques/T1590"
},
{
"name": "Exploitation of Remote Services",
"id": "T1210",
"url": "https://attack.mitre.org/techniques/T1210"
},
{
"name": "Parent PID Spoofing",
"id": "T1502",
"url": "https://attack.mitre.org/techniques/T1502"
},
{
"name": "Keychain",
"id": "T1142",
"url": "https://attack.mitre.org/techniques/T1142"
},
{
"name": "Internal Spearphishing",
"id": "T1534",
"url": "https://attack.mitre.org/techniques/T1534"
},
{
"name": "Sudo",
"id": "T1169",
"url": "https://attack.mitre.org/techniques/T1169"
},
{
"name": "Services File Permissions Weakness",
"id": "T1574.010",
"url": "https://attack.mitre.org/techniques/T1574/010"
},
{
"name": "Registry Run Keys / Startup Folder",
"id": "T1547.001",
"url": "https://attack.mitre.org/techniques/T1547/001"
},
{
"name": "Trusted Relationship",
"id": "T1199",
"url": "https://attack.mitre.org/techniques/T1199"
},
{
"name": "Cloud Account",
"id": "T1136.003",
"url": "https://attack.mitre.org/techniques/T1136/003"
},
{
"name": "Local Groups",
"id": "T1069.001",
"url": "https://attack.mitre.org/techniques/T1069/001"
},
{
"name": "LC_MAIN Hijacking",
"id": "T1149",
"url": "https://attack.mitre.org/techniques/T1149"
},
{
"name": "Search Open Websites/Domains",
"id": "T1593",
"url": "https://attack.mitre.org/techniques/T1593"
},
{
"name": "Disable or Modify Network Device Firewall",
"id": "T1562.013",
"url": "https://attack.mitre.org/techniques/T1562/013"
},
{
"name": "Account Manipulation",
"id": "T1098",
"url": "https://attack.mitre.org/techniques/T1098"
},
{
"name": "Mshta",
"id": "T1170",
"url": "https://attack.mitre.org/techniques/T1170"
},
{
"name": "Exfiltration Over Alternative Protocol",
"id": "T1048",
"url": "https://attack.mitre.org/techniques/T1048"
},
{
"name": "Kernel Modules and Extensions",
"id": "T1547.006",
"url": "https://attack.mitre.org/techniques/T1547/006"
},
{
"name": "Delay Execution",
"id": "T1678",
"url": "https://attack.mitre.org/techniques/T1678"
},
{
"name": "GUI Input Capture",
"id": "T1056.002",
"url": "https://attack.mitre.org/techniques/T1056/002"
},
{
"name": "Pass the Ticket",
"id": "T1097",
"url": "https://attack.mitre.org/techniques/T1097"
},
{
"name": "Tool",
"id": "T1588.002",
"url": "https://attack.mitre.org/techniques/T1588/002"
},
{
"name": "Exfiltration over USB",
"id": "T1052.001",
"url": "https://attack.mitre.org/techniques/T1052/001"
},
{
"name": "KernelCallbackTable",
"id": "T1574.013",
"url": "https://attack.mitre.org/techniques/T1574/013"
},
{
"name": "Search Closed Sources",
"id": "T1597",
"url": "https://attack.mitre.org/techniques/T1597"
},
{
"name": "Systemd Timers",
"id": "T1053.006",
"url": "https://attack.mitre.org/techniques/T1053/006"
},
{
"name": "Phishing",
"id": "T1566",
"url": "https://attack.mitre.org/techniques/T1566"
},
{
"name": "Graphical User Interface",
"id": "T1061",
"url": "https://attack.mitre.org/techniques/T1061"
},
{
"name": "ROMMONkit",
"id": "T1542.004",
"url": "https://attack.mitre.org/techniques/T1542/004"
},
{
"name": "Compiled HTML File",
"id": "T1218.001",
"url": "https://attack.mitre.org/techniques/T1218/001"
},
{
"name": "Compute Hijacking",
"id": "T1496.001",
"url": "https://attack.mitre.org/techniques/T1496/001"
},
{
"name": "Network Share Connection Removal",
"id": "T1070.005",
"url": "https://attack.mitre.org/techniques/T1070/005"
},
{
"name": "Multi-hop Proxy",
"id": "T1090.003",
"url": "https://attack.mitre.org/techniques/T1090/003"
},
{
"name": "Brute Force",
"id": "T1110",
"url": "https://attack.mitre.org/techniques/T1110"
},
{
"name": "Unix Shell",
"id": "T1059.004",
"url": "https://attack.mitre.org/techniques/T1059/004"
},
{
"name": "Outlook Forms",
"id": "T1137.003",
"url": "https://attack.mitre.org/techniques/T1137/003"
},
{
"name": "Remote Access Hardware",
"id": "T1219.003",
"url": "https://attack.mitre.org/techniques/T1219/003"
},
{
"name": "Dylib Hijacking",
"id": "T1157",
"url": "https://attack.mitre.org/techniques/T1157"
},
{
"name": "Disable or Modify Tools",
"id": "T1562.001",
"url": "https://attack.mitre.org/techniques/T1562/001"
},
{
"name": "Data Manipulation",
"id": "T1565",
"url": "https://attack.mitre.org/techniques/T1565"
},
{
"name": "Inter-Process Communication",
"id": "T1559",
"url": "https://attack.mitre.org/techniques/T1559"
},
{
"name": "Data Obfuscation",
"id": "T1001",
"url": "https://attack.mitre.org/techniques/T1001"
},
{
"name": "Data from Network Shared Drive",
"id": "T1039",
"url": "https://attack.mitre.org/techniques/T1039"
},
{
"name": "Web Services",
"id": "T1584.006",
"url": "https://attack.mitre.org/techniques/T1584/006"
},
{
"name": "Modify System Image",
"id": "T1601",
"url": "https://attack.mitre.org/techniques/T1601"
},
{
"name": "Hijack Execution Flow",
"id": "T1574",
"url": "https://attack.mitre.org/techniques/T1574"
},
{
"name": "Browser Fingerprint",
"id": "T1036.012",
"url": "https://attack.mitre.org/techniques/T1036/012"
},
{
"name": "Lua",
"id": "T1059.011",
"url": "https://attack.mitre.org/techniques/T1059/011"
},
{
"name": "Indicator Removal from Tools",
"id": "T1027.005",
"url": "https://attack.mitre.org/techniques/T1027/005"
},
{
"name": "Malicious Image",
"id": "T1204.003",
"url": "https://attack.mitre.org/techniques/T1204/003"
},
{
"name": "Container Service",
"id": "T1543.005",
"url": "https://attack.mitre.org/techniques/T1543/005"
},
{
"name": "Valid Accounts",
"id": "T1078",
"url": "https://attack.mitre.org/techniques/T1078"
},
{
"name": "Non-Standard Port",
"id": "T1571",
"url": "https://attack.mitre.org/techniques/T1571"
},
{
"name": "Social Media Accounts",
"id": "T1585.001",
"url": "https://attack.mitre.org/techniques/T1585/001"
},
{
"name": "DLL Side-Loading",
"id": "T1073",
"url": "https://attack.mitre.org/techniques/T1073"
},
{
"name": "Process Hollowing",
"id": "T1055.012",
"url": "https://attack.mitre.org/techniques/T1055/012"
},
{
"name": "Exploitation for Privilege Escalation",
"id": "T1068",
"url": "https://attack.mitre.org/techniques/T1068"
},
{
"name": "Resource Forking",
"id": "T1564.009",
"url": "https://attack.mitre.org/techniques/T1564/009"
},
{
"name": "Account Access Removal",
"id": "T1531",
"url": "https://attack.mitre.org/techniques/T1531"
},
{
"name": "Credential Stuffing",
"id": "T1110.004",
"url": "https://attack.mitre.org/techniques/T1110/004"
},
{
"name": "Kerberoasting",
"id": "T1208",
"url": "https://attack.mitre.org/techniques/T1208"
},
{
"name": "Obfuscated Files or Information",
"id": "T1027",
"url": "https://attack.mitre.org/techniques/T1027"
},
{
"name": "Multi-Factor Authentication",
"id": "T1556.006",
"url": "https://attack.mitre.org/techniques/T1556/006"
},
{
"name": "Remote Email Collection",
"id": "T1114.002",
"url": "https://attack.mitre.org/techniques/T1114/002"
},
{
"name": "IIS Components",
"id": "T1505.004",
"url": "https://attack.mitre.org/techniques/T1505/004"
},
{
"name": "Invalid Code Signature",
"id": "T1036.001",
"url": "https://attack.mitre.org/techniques/T1036/001"
},
{
"name": "Run Virtual Instance",
"id": "T1564.006",
"url": "https://attack.mitre.org/techniques/T1564/006"
},
{
"name": "Trap",
"id": "T1154",
"url": "https://attack.mitre.org/techniques/T1154"
},
{
"name": "Polymorphic Code",
"id": "T1027.014",
"url": "https://attack.mitre.org/techniques/T1027/014"
},
{
"name": "Password Policy Discovery",
"id": "T1201",
"url": "https://attack.mitre.org/techniques/T1201"
},
{
"name": "Event Triggered Execution",
"id": "T1546",
"url": "https://attack.mitre.org/techniques/T1546"
},
{
"name": "Unix Shell Configuration Modification",
"id": "T1546.004",
"url": "https://attack.mitre.org/techniques/T1546/004"
},
{
"name": "Forced Authentication",
"id": "T1187",
"url": "https://attack.mitre.org/techniques/T1187"
},
{
"name": "SID-History Injection",
"id": "T1134.005",
"url": "https://attack.mitre.org/techniques/T1134/005"
},
{
"name": "Network Boundary Bridging",
"id": "T1599",
"url": "https://attack.mitre.org/techniques/T1599"
},
{
"name": "Data Encrypted for Impact",
"id": "T1486",
"url": "https://attack.mitre.org/techniques/T1486"
},
{
"name": "Disk Content Wipe",
"id": "T1488",
"url": "https://attack.mitre.org/techniques/T1488"
},
{
"name": "Subvert Trust Controls",
"id": "T1553",
"url": "https://attack.mitre.org/techniques/T1553"
},
{
"name": "Elevated Execution with Prompt",
"id": "T1548.004",
"url": "https://attack.mitre.org/techniques/T1548/004"
},
{
"name": "Firmware",
"id": "T1592.003",
"url": "https://attack.mitre.org/techniques/T1592/003"
},
{
"name": "Encrypted Channel",
"id": "T1573",
"url": "https://attack.mitre.org/techniques/T1573"
},
{
"name": "Password Filter DLL",
"id": "T1174",
"url": "https://attack.mitre.org/techniques/T1174"
},
{
"name": "Authentication Package",
"id": "T1547.002",
"url": "https://attack.mitre.org/techniques/T1547/002"
},
{
"name": "Regsvr32",
"id": "T1218.010",
"url": "https://attack.mitre.org/techniques/T1218/010"
},
{
"name": "Data Compressed",
"id": "T1002",
"url": "https://attack.mitre.org/techniques/T1002"
},
{
"name": "Exfiltration to Text Storage Sites",
"id": "T1567.003",
"url": "https://attack.mitre.org/techniques/T1567/003"
},
{
"name": "Credentials in Files",
"id": "T1081",
"url": "https://attack.mitre.org/techniques/T1081"
},
{
"name": "Software",
"id": "T1592.002",
"url": "https://attack.mitre.org/techniques/T1592/002"
},
{
"name": "Netsh Helper DLL",
"id": "T1128",
"url": "https://attack.mitre.org/techniques/T1128"
},
{
"name": "Input Capture",
"id": "T1056",
"url": "https://attack.mitre.org/techniques/T1056"
},
{
"name": "Spearphishing Voice",
"id": "T1566.004",
"url": "https://attack.mitre.org/techniques/T1566/004"
},
{
"name": "Exploits",
"id": "T1587.004",
"url": "https://attack.mitre.org/techniques/T1587/004"
},
{
"name": "Social Media",
"id": "T1593.001",
"url": "https://attack.mitre.org/techniques/T1593/001"
},
{
"name": "Customer Relationship Management Software",
"id": "T1213.004",
"url": "https://attack.mitre.org/techniques/T1213/004"
},
{
"name": "Component Object Model Hijacking",
"id": "T1546.015",
"url": "https://attack.mitre.org/techniques/T1546/015"
},
{
"name": "Credentials",
"id": "T1589.001",
"url": "https://attack.mitre.org/techniques/T1589/001"
},
{
"name": "Compromise Software Supply Chain",
"id": "T1195.002",
"url": "https://attack.mitre.org/techniques/T1195/002"
},
{
"name": "Rename Legitimate Utilities",
"id": "T1036.003",
"url": "https://attack.mitre.org/techniques/T1036/003"
},
{
"name": "Bidirectional Communication",
"id": "T1102.002",
"url": "https://attack.mitre.org/techniques/T1102/002"
},
{
"name": "Exploitation for Client Execution",
"id": "T1203",
"url": "https://attack.mitre.org/techniques/T1203"
},
{
"name": "Wordlist Scanning",
"id": "T1595.003",
"url": "https://attack.mitre.org/techniques/T1595/003"
},
{
"name": "Email Bombing",
"id": "T1667",
"url": "https://attack.mitre.org/techniques/T1667"
},
{
"name": "Spoof Security Alerting",
"id": "T1562.011",
"url": "https://attack.mitre.org/techniques/T1562/011"
},
{
"name": "Outlook Home Page",
"id": "T1137.004",
"url": "https://attack.mitre.org/techniques/T1137/004"
},
{
"name": "Asymmetric Cryptography",
"id": "T1573.002",
"url": "https://attack.mitre.org/techniques/T1573/002"
},
{
"name": "Exfiltration to Cloud Storage",
"id": "T1567.002",
"url": "https://attack.mitre.org/techniques/T1567/002"
},
{
"name": "Lateral Tool Transfer",
"id": "T1570",
"url": "https://attack.mitre.org/techniques/T1570"
},
{
"name": "Path Interception by Unquoted Path",
"id": "T1574.009",
"url": "https://attack.mitre.org/techniques/T1574/009"
},
{
"name": "Install Digital Certificate",
"id": "T1608.003",
"url": "https://attack.mitre.org/techniques/T1608/003"
},
{
"name": "Local Job Scheduling",
"id": "T1168",
"url": "https://attack.mitre.org/techniques/T1168"
},
{
"name": "Setuid and Setgid",
"id": "T1166",
"url": "https://attack.mitre.org/techniques/T1166"
},
{
"name": "Startup Items",
"id": "T1037.005",
"url": "https://attack.mitre.org/techniques/T1037/005"
},
{
"name": "Web Shell",
"id": "T1100",
"url": "https://attack.mitre.org/techniques/T1100"
},
{
"name": "Process Doppelgänging",
"id": "T1186",
"url": "https://attack.mitre.org/techniques/T1186"
},
{
"name": "SSH Hijacking",
"id": "T1184",
"url": "https://attack.mitre.org/techniques/T1184"
},
{
"name": "System Language Discovery",
"id": "T1614.001",
"url": "https://attack.mitre.org/techniques/T1614/001"
},
{
"name": "Non-Application Layer Protocol",
"id": "T1095",
"url": "https://attack.mitre.org/techniques/T1095"
},
{
"name": "Pass the Hash",
"id": "T1075",
"url": "https://attack.mitre.org/techniques/T1075"
},
{
"name": "Container CLI/API",
"id": "T1059.013",
"url": "https://attack.mitre.org/techniques/T1059/013"
},
{
"name": "Steganography",
"id": "T1027.003",
"url": "https://attack.mitre.org/techniques/T1027/003"
},
{
"name": "DNS Server",
"id": "T1584.002",
"url": "https://attack.mitre.org/techniques/T1584/002"
},
{
"name": "Cloud Application Integration",
"id": "T1671",
"url": "https://attack.mitre.org/techniques/T1671"
},
{
"name": "Protocol or Service Impersonation",
"id": "T1001.003",
"url": "https://attack.mitre.org/techniques/T1001/003"
},
{
"name": "Query Registry",
"id": "T1012",
"url": "https://attack.mitre.org/techniques/T1012"
},
{
"name": "Data Transfer Size Limits",
"id": "T1030",
"url": "https://attack.mitre.org/techniques/T1030"
},
{
"name": "Windows Remote Management",
"id": "T1028",
"url": "https://attack.mitre.org/techniques/T1028"
},
{
"name": "Web Session Cookie",
"id": "T1550.004",
"url": "https://attack.mitre.org/techniques/T1550/004"
},
{
"name": "Domain Accounts",
"id": "T1078.002",
"url": "https://attack.mitre.org/techniques/T1078/002"
},
{
"name": "Regsvcs/Regasm",
"id": "T1218.009",
"url": "https://attack.mitre.org/techniques/T1218/009"
},
{
"name": "Path Interception",
"id": "T1034",
"url": "https://attack.mitre.org/techniques/T1034"
},
{
"name": "Python Startup Hooks",
"id": "T1546.018",
"url": "https://attack.mitre.org/techniques/T1546/018"
},
{
"name": "Web Session Cookie",
"id": "T1506",
"url": "https://attack.mitre.org/techniques/T1506"
},
{
"name": "Install Root Certificate",
"id": "T1553.004",
"url": "https://attack.mitre.org/techniques/T1553/004"
},
{
"name": "Network Logon Script",
"id": "T1037.003",
"url": "https://attack.mitre.org/techniques/T1037/003"
},
{
"name": "Endpoint Denial of Service",
"id": "T1499",
"url": "https://attack.mitre.org/techniques/T1499"
},
{
"name": "Compile After Delivery",
"id": "T1027.004",
"url": "https://attack.mitre.org/techniques/T1027/004"
},
{
"name": "Uncommonly Used Port",
"id": "T1065",
"url": "https://attack.mitre.org/techniques/T1065"
},
{
"name": "System Location Discovery",
"id": "T1614",
"url": "https://attack.mitre.org/techniques/T1614"
},
{
"name": "VBA Stomping",
"id": "T1564.007",
"url": "https://attack.mitre.org/techniques/T1564/007"
},
{
"name": "BITS Jobs",
"id": "T1197",
"url": "https://attack.mitre.org/techniques/T1197"
},
{
"name": "MSBuild",
"id": "T1127.001",
"url": "https://attack.mitre.org/techniques/T1127/001"
},
{
"name": "Impersonation",
"id": "T1656",
"url": "https://attack.mitre.org/techniques/T1656"
},
{
"name": "Modify Cloud Compute Configurations",
"id": "T1578.005",
"url": "https://attack.mitre.org/techniques/T1578/005"
},
{
"name": "Bypass User Account Control",
"id": "T1088",
"url": "https://attack.mitre.org/techniques/T1088"
},
{
"name": "Runtime Data Manipulation",
"id": "T1494",
"url": "https://attack.mitre.org/techniques/T1494"
},
{
"name": "Domain Fronting",
"id": "T1090.004",
"url": "https://attack.mitre.org/techniques/T1090/004"
},
{
"name": "ARP Cache Poisoning",
"id": "T1557.002",
"url": "https://attack.mitre.org/techniques/T1557/002"
},
{
"name": "Disable or Modify Cloud Logs",
"id": "T1562.008",
"url": "https://attack.mitre.org/techniques/T1562/008"
},
{
"name": "Security Software Discovery",
"id": "T1518.001",
"url": "https://attack.mitre.org/techniques/T1518/001"
},
{
"name": "Hidden Window",
"id": "T1564.003",
"url": "https://attack.mitre.org/techniques/T1564/003"
},
{
"name": "Transmitted Data Manipulation",
"id": "T1493",
"url": "https://attack.mitre.org/techniques/T1493"
},
{
"name": "ClickOnce",
"id": "T1127.002",
"url": "https://attack.mitre.org/techniques/T1127/002"
},
{
"name": "Python",
"id": "T1059.006",
"url": "https://attack.mitre.org/techniques/T1059/006"
},
{
"name": "Relocate Malware",
"id": "T1070.010",
"url": "https://attack.mitre.org/techniques/T1070/010"
},
{
"name": "Identify Roles",
"id": "T1591.004",
"url": "https://attack.mitre.org/techniques/T1591/004"
},
{
"name": "Data Encoding",
"id": "T1132",
"url": "https://attack.mitre.org/techniques/T1132"
},
{
"name": "AppInit DLLs",
"id": "T1546.010",
"url": "https://attack.mitre.org/techniques/T1546/010"
},
{
"name": "Phishing for Information",
"id": "T1598",
"url": "https://attack.mitre.org/techniques/T1598"
},
{
"name": "Resource Hijacking",
"id": "T1496",
"url": "https://attack.mitre.org/techniques/T1496"
},
{
"name": "Establish Accounts",
"id": "T1585",
"url": "https://attack.mitre.org/techniques/T1585"
},
{
"name": "Obtain Capabilities",
"id": "T1588",
"url": "https://attack.mitre.org/techniques/T1588"
},
{
"name": "Screensaver",
"id": "T1546.002",
"url": "https://attack.mitre.org/techniques/T1546/002"
},
{
"name": "Hidden Users",
"id": "T1147",
"url": "https://attack.mitre.org/techniques/T1147"
},
{
"name": "Conditional Access Policies",
"id": "T1556.009",
"url": "https://attack.mitre.org/techniques/T1556/009"
},
{
"name": "Create Cloud Instance",
"id": "T1578.002",
"url": "https://attack.mitre.org/techniques/T1578/002"
},
{
"name": "Compile After Delivery",
"id": "T1500",
"url": "https://attack.mitre.org/techniques/T1500"
},
{
"name": "Cloud Secrets Management Stores",
"id": "T1555.006",
"url": "https://attack.mitre.org/techniques/T1555/006"
},
{
"name": "Code Repositories",
"id": "T1213.003",
"url": "https://attack.mitre.org/techniques/T1213/003"
},
{
"name": "Transmitted Data Manipulation",
"id": "T1565.002",
"url": "https://attack.mitre.org/techniques/T1565/002"
},
{
"name": "/etc/passwd and /etc/shadow",
"id": "T1003.008",
"url": "https://attack.mitre.org/techniques/T1003/008"
},
{
"name": "Launch Agent",
"id": "T1543.001",
"url": "https://attack.mitre.org/techniques/T1543/001"
},
{
"name": "System Services",
"id": "T1569",
"url": "https://attack.mitre.org/techniques/T1569"
},
{
"name": "Windows Command Shell",
"id": "T1059.003",
"url": "https://attack.mitre.org/techniques/T1059/003"
},
{
"name": "Proc Memory",
"id": "T1055.009",
"url": "https://attack.mitre.org/techniques/T1055/009"
},
{
"name": "Compiled HTML File",
"id": "T1223",
"url": "https://attack.mitre.org/techniques/T1223"
},
{
"name": "Acquire Access",
"id": "T1650",
"url": "https://attack.mitre.org/techniques/T1650"
},
{
"name": "Patch System Image",
"id": "T1601.001",
"url": "https://attack.mitre.org/techniques/T1601/001"
},
{
"name": "Silver Ticket",
"id": "T1558.002",
"url": "https://attack.mitre.org/techniques/T1558/002"
},
{
"name": "Data from Information Repositories",
"id": "T1213",
"url": "https://attack.mitre.org/techniques/T1213"
},
{
"name": "Clear Persistence",
"id": "T1070.009",
"url": "https://attack.mitre.org/techniques/T1070/009"
},
{
"name": "Hypervisor CLI",
"id": "T1059.012",
"url": "https://attack.mitre.org/techniques/T1059/012"
},
{
"name": "Clear Command History",
"id": "T1146",
"url": "https://attack.mitre.org/techniques/T1146"
},
{
"name": "Windows Credential Manager",
"id": "T1555.004",
"url": "https://attack.mitre.org/techniques/T1555/004"
},
{
"name": "Masquerade Account Name",
"id": "T1036.010",
"url": "https://attack.mitre.org/techniques/T1036/010"
},
{
"name": "Emond",
"id": "T1519",
"url": "https://attack.mitre.org/techniques/T1519"
},
{
"name": "Spearphishing via Service",
"id": "T1194",
"url": "https://attack.mitre.org/techniques/T1194"
},
{
"name": "Hardware Additions",
"id": "T1200",
"url": "https://attack.mitre.org/techniques/T1200"
},
{
"name": "Remote Desktop Software",
"id": "T1219.002",
"url": "https://attack.mitre.org/techniques/T1219/002"
},
{
"name": "Server Software Component",
"id": "T1505",
"url": "https://attack.mitre.org/techniques/T1505"
},
{
"name": "Data Destruction",
"id": "T1485",
"url": "https://attack.mitre.org/techniques/T1485"
},
{
"name": "Non-Standard Encoding",
"id": "T1132.002",
"url": "https://attack.mitre.org/techniques/T1132/002"
},
{
"name": "Domain Controller Authentication",
"id": "T1556.001",
"url": "https://attack.mitre.org/techniques/T1556/001"
},
{
"name": "Transfer Data to Cloud Account",
"id": "T1537",
"url": "https://attack.mitre.org/techniques/T1537"
},
{
"name": "HTML Smuggling",
"id": "T1027.006",
"url": "https://attack.mitre.org/techniques/T1027/006"
},
{
"name": "Reversible Encryption",
"id": "T1556.005",
"url": "https://attack.mitre.org/techniques/T1556/005"
},
{
"name": "Command Obfuscation",
"id": "T1027.010",
"url": "https://attack.mitre.org/techniques/T1027/010"
},
{
"name": "Install Root Certificate",
"id": "T1130",
"url": "https://attack.mitre.org/techniques/T1130"
},
{
"name": "Data Encrypted",
"id": "T1022",
"url": "https://attack.mitre.org/techniques/T1022"
},
{
"name": "File Deletion",
"id": "T1070.004",
"url": "https://attack.mitre.org/techniques/T1070/004"
},
{
"name": "Drive-by Compromise",
"id": "T1189",
"url": "https://attack.mitre.org/techniques/T1189"
},
{
"name": "Network Denial of Service",
"id": "T1498",
"url": "https://attack.mitre.org/techniques/T1498"
},
{
"name": "Cloud Administration Command",
"id": "T1651",
"url": "https://attack.mitre.org/techniques/T1651"
},
{
"name": "Installer Packages",
"id": "T1546.016",
"url": "https://attack.mitre.org/techniques/T1546/016"
},
{
"name": "Scanning IP Blocks",
"id": "T1595.001",
"url": "https://attack.mitre.org/techniques/T1595/001"
},
{
"name": "Hidden Files and Directories",
"id": "T1158",
"url": "https://attack.mitre.org/techniques/T1158"
},
{
"name": "Template Injection",
"id": "T1221",
"url": "https://attack.mitre.org/techniques/T1221"
},
{
"name": "RC Scripts",
"id": "T1037.004",
"url": "https://attack.mitre.org/techniques/T1037/004"
},
{
"name": "Access Token Manipulation",
"id": "T1134",
"url": "https://attack.mitre.org/techniques/T1134"
},
{
"name": "Time Providers",
"id": "T1209",
"url": "https://attack.mitre.org/techniques/T1209"
},
{
"name": "Multi-Factor Authentication Interception",
"id": "T1111",
"url": "https://attack.mitre.org/techniques/T1111"
},
{
"name": "Launch Agent",
"id": "T1159",
"url": "https://attack.mitre.org/techniques/T1159"
},
{
"name": "Software Packing",
"id": "T1027.002",
"url": "https://attack.mitre.org/techniques/T1027/002"
},
{
"name": "Serverless",
"id": "T1584.007",
"url": "https://attack.mitre.org/techniques/T1584/007"
},
{
"name": "Web Protocols",
"id": "T1071.001",
"url": "https://attack.mitre.org/techniques/T1071/001"
},
{
"name": "Visual Basic",
"id": "T1059.005",
"url": "https://attack.mitre.org/techniques/T1059/005"
},
{
"name": "Hidden File System",
"id": "T1564.005",
"url": "https://attack.mitre.org/techniques/T1564/005"
},
{
"name": "Systemd Service",
"id": "T1543.002",
"url": "https://attack.mitre.org/techniques/T1543/002"
},
{
"name": "Exclusive Control",
"id": "T1668",
"url": "https://attack.mitre.org/techniques/T1668"
},
{
"name": "RDP Hijacking",
"id": "T1563.002",
"url": "https://attack.mitre.org/techniques/T1563/002"
},
{
"name": "Create Account",
"id": "T1136",
"url": "https://attack.mitre.org/techniques/T1136"
},
{
"name": "XDG Autostart Entries",
"id": "T1547.013",
"url": "https://attack.mitre.org/techniques/T1547/013"
},
{
"name": "Server",
"id": "T1584.004",
"url": "https://attack.mitre.org/techniques/T1584/004"
},
{
"name": "Email Spoofing",
"id": "T1672",
"url": "https://attack.mitre.org/techniques/T1672"
},
{
"name": "Cloud Service Discovery",
"id": "T1526",
"url": "https://attack.mitre.org/techniques/T1526"
},
{
"name": "Malicious Copy and Paste",
"id": "T1204.004",
"url": "https://attack.mitre.org/techniques/T1204/004"
},
{
"name": "Space after Filename",
"id": "T1151",
"url": "https://attack.mitre.org/techniques/T1151"
},
{
"name": "Remote System Discovery",
"id": "T1018",
"url": "https://attack.mitre.org/techniques/T1018"
},
{
"name": "Network Service Discovery",
"id": "T1046",
"url": "https://attack.mitre.org/techniques/T1046"
},
{
"name": "Domain Properties",
"id": "T1590.001",
"url": "https://attack.mitre.org/techniques/T1590/001"
},
{
"name": "Software Discovery",
"id": "T1518",
"url": "https://attack.mitre.org/techniques/T1518"
},
{
"name": "Cloud Service Dashboard",
"id": "T1538",
"url": "https://attack.mitre.org/techniques/T1538"
},
{
"name": "Thread Local Storage",
"id": "T1055.005",
"url": "https://attack.mitre.org/techniques/T1055/005"
},
{
"name": "Debugger Evasion",
"id": "T1622",
"url": "https://attack.mitre.org/techniques/T1622"
},
{
"name": "Space after Filename",
"id": "T1036.006",
"url": "https://attack.mitre.org/techniques/T1036/006"
},
{
"name": "Re-opened Applications",
"id": "T1547.007",
"url": "https://attack.mitre.org/techniques/T1547/007"
},
{
"name": "SEO Poisoning",
"id": "T1608.006",
"url": "https://attack.mitre.org/techniques/T1608/006"
},
{
"name": "Pass the Hash",
"id": "T1550.002",
"url": "https://attack.mitre.org/techniques/T1550/002"
},
{
"name": "Exfiltration Over Physical Medium",
"id": "T1052",
"url": "https://attack.mitre.org/techniques/T1052"
},
{
"name": "DLL Side-Loading",
"id": "T1574.002",
"url": "https://attack.mitre.org/techniques/T1574/002"
},
{
"name": "Ingress Tool Transfer",
"id": "T1105",
"url": "https://attack.mitre.org/techniques/T1105"
},
{
"name": "SyncAppvPublishingServer",
"id": "T1216.002",
"url": "https://attack.mitre.org/techniques/T1216/002"
},
{
"name": "Additional Email Delegate Permissions",
"id": "T1098.002",
"url": "https://attack.mitre.org/techniques/T1098/002"
},
{
"name": "Code Signing Certificates",
"id": "T1588.003",
"url": "https://attack.mitre.org/techniques/T1588/003"
},
{
"name": "Network Share Connection Removal",
"id": "T1126",
"url": "https://attack.mitre.org/techniques/T1126"
},
{
"name": "Serverless Execution",
"id": "T1648",
"url": "https://attack.mitre.org/techniques/T1648"
},
{
"name": "TCC Manipulation",
"id": "T1548.006",
"url": "https://attack.mitre.org/techniques/T1548/006"
},
{
"name": "Windows Management Instrumentation Event Subscription",
"id": "T1084",
"url": "https://attack.mitre.org/techniques/T1084"
},
{
"name": "Launch Daemon",
"id": "T1160",
"url": "https://attack.mitre.org/techniques/T1160"
},
{
"name": "Ptrace System Calls",
"id": "T1055.008",
"url": "https://attack.mitre.org/techniques/T1055/008"
},
{
"name": "Power Settings",
"id": "T1653",
"url": "https://attack.mitre.org/techniques/T1653"
},
{
"name": "Dynamic API Resolution",
"id": "T1027.007",
"url": "https://attack.mitre.org/techniques/T1027/007"
},
{
"name": "Remote Desktop Protocol",
"id": "T1021.001",
"url": "https://attack.mitre.org/techniques/T1021/001"
},
{
"name": "Logon Script (Windows)",
"id": "T1037.001",
"url": "https://attack.mitre.org/techniques/T1037/001"
},
{
"name": "ListPlanting",
"id": "T1055.015",
"url": "https://attack.mitre.org/techniques/T1055/015"
},
{
"name": "Hide Infrastructure",
"id": "T1665",
"url": "https://attack.mitre.org/techniques/T1665"
},
{
"name": "Domain or Tenant Policy Modification",
"id": "T1484",
"url": "https://attack.mitre.org/techniques/T1484"
},
{
"name": "XSL Script Processing",
"id": "T1220",
"url": "https://attack.mitre.org/techniques/T1220"
},
{
"name": "Scan Databases",
"id": "T1596.005",
"url": "https://attack.mitre.org/techniques/T1596/005"
},
{
"name": "Hidden Files and Directories",
"id": "T1564.001",
"url": "https://attack.mitre.org/techniques/T1564/001"
},
{
"name": "Create Snapshot",
"id": "T1578.001",
"url": "https://attack.mitre.org/techniques/T1578/001"
},
{
"name": "Determine Physical Locations",
"id": "T1591.001",
"url": "https://attack.mitre.org/techniques/T1591/001"
},
{
"name": "Office Test",
"id": "T1137.002",
"url": "https://attack.mitre.org/techniques/T1137/002"
},
{
"name": "Develop Capabilities",
"id": "T1587",
"url": "https://attack.mitre.org/techniques/T1587"
},
{
"name": "Dynamic Data Exchange",
"id": "T1173",
"url": "https://attack.mitre.org/techniques/T1173"
},
{
"name": "NTDS",
"id": "T1003.003",
"url": "https://attack.mitre.org/techniques/T1003/003"
},
{
"name": "SNMP (MIB Dump)",
"id": "T1602.001",
"url": "https://attack.mitre.org/techniques/T1602/001"
},
{
"name": "Steganography",
"id": "T1001.002",
"url": "https://attack.mitre.org/techniques/T1001/002"
},
{
"name": "Malicious Link",
"id": "T1204.001",
"url": "https://attack.mitre.org/techniques/T1204/001"
},
{
"name": "Application Access Token",
"id": "T1550.001",
"url": "https://attack.mitre.org/techniques/T1550/001"
},
{
"name": "LSASS Driver",
"id": "T1547.008",
"url": "https://attack.mitre.org/techniques/T1547/008"
},
{
"name": "Service Execution",
"id": "T1569.002",
"url": "https://attack.mitre.org/techniques/T1569/002"
},
{
"name": "Cloud Accounts",
"id": "T1078.004",
"url": "https://attack.mitre.org/techniques/T1078/004"
},
{
"name": "Environmental Keying",
"id": "T1480.001",
"url": "https://attack.mitre.org/techniques/T1480/001"
},
{
"name": "Fallback Channels",
"id": "T1008",
"url": "https://attack.mitre.org/techniques/T1008"
},
{
"name": "Local Storage Discovery",
"id": "T1680",
"url": "https://attack.mitre.org/techniques/T1680"
},
{
"name": "NTFS File Attributes",
"id": "T1564.004",
"url": "https://attack.mitre.org/techniques/T1564/004"
},
{
"name": "Kerberoasting",
"id": "T1558.003",
"url": "https://attack.mitre.org/techniques/T1558/003"
},
{
"name": "NTFS File Attributes",
"id": "T1096",
"url": "https://attack.mitre.org/techniques/T1096"
},
{
"name": "DCSync",
"id": "T1003.006",
"url": "https://attack.mitre.org/techniques/T1003/006"
},
{
"name": "System Time Discovery",
"id": "T1124",
"url": "https://attack.mitre.org/techniques/T1124"
},
{
"name": "At",
"id": "T1053.002",
"url": "https://attack.mitre.org/techniques/T1053/002"
},
{
"name": "Service Execution",
"id": "T1035",
"url": "https://attack.mitre.org/techniques/T1035"
},
{
"name": "Dynamic-link Library Injection",
"id": "T1055.001",
"url": "https://attack.mitre.org/techniques/T1055/001"
},
{
"name": "PowerShell",
"id": "T1086",
"url": "https://attack.mitre.org/techniques/T1086"
},
{
"name": "Exploits",
"id": "T1588.005",
"url": "https://attack.mitre.org/techniques/T1588/005"
},
{
"name": "Modify Authentication Process",
"id": "T1556",
"url": "https://attack.mitre.org/techniques/T1556"
},
{
"name": "Udev Rules",
"id": "T1546.017",
"url": "https://attack.mitre.org/techniques/T1546/017"
},
{
"name": "Credential API Hooking",
"id": "T1056.004",
"url": "https://attack.mitre.org/techniques/T1056/004"
},
{
"name": "Firmware Corruption",
"id": "T1495",
"url": "https://attack.mitre.org/techniques/T1495"
},
{
"name": "Inhibit System Recovery",
"id": "T1490",
"url": "https://attack.mitre.org/techniques/T1490"
},
{
"name": "Netsh Helper DLL",
"id": "T1546.007",
"url": "https://attack.mitre.org/techniques/T1546/007"
},
{
"name": "Spearphishing via Service",
"id": "T1566.003",
"url": "https://attack.mitre.org/techniques/T1566/003"
},
{
"name": "Internal Proxy",
"id": "T1090.001",
"url": "https://attack.mitre.org/techniques/T1090/001"
},
{
"name": "System Script Proxy Execution",
"id": "T1216",
"url": "https://attack.mitre.org/techniques/T1216"
},
{
"name": "Custom Command and Control Protocol",
"id": "T1094",
"url": "https://attack.mitre.org/techniques/T1094"
},
{
"name": "Dead Drop Resolver",
"id": "T1102.001",
"url": "https://attack.mitre.org/techniques/T1102/001"
},
{
"name": "InstallUtil",
"id": "T1118",
"url": "https://attack.mitre.org/techniques/T1118"
},
{
"name": "Junk Data",
"id": "T1001.001",
"url": "https://attack.mitre.org/techniques/T1001/001"
},
{
"name": "Spearphishing Service",
"id": "T1598.001",
"url": "https://attack.mitre.org/techniques/T1598/001"
},
{
"name": "Commonly Used Port",
"id": "T1043",
"url": "https://attack.mitre.org/techniques/T1043"
},
{
"name": "vSphere Installation Bundles",
"id": "T1505.006",
"url": "https://attack.mitre.org/techniques/T1505/006"
},
{
"name": "Container API",
"id": "T1552.007",
"url": "https://attack.mitre.org/techniques/T1552/007"
},
{
"name": "Domains",
"id": "T1584.001",
"url": "https://attack.mitre.org/techniques/T1584/001"
},
{
"name": "SQL Stored Procedures",
"id": "T1505.001",
"url": "https://attack.mitre.org/techniques/T1505/001"
},
{
"name": "Network Device Authentication",
"id": "T1556.004",
"url": "https://attack.mitre.org/techniques/T1556/004"
},
{
"name": "Disk Content Wipe",
"id": "T1561.001",
"url": "https://attack.mitre.org/techniques/T1561/001"
},
{
"name": "Messaging Applications",
"id": "T1213.005",
"url": "https://attack.mitre.org/techniques/T1213/005"
},
{
"name": "Exfiltration Over Unencrypted Non-C2 Protocol",
"id": "T1048.003",
"url": "https://attack.mitre.org/techniques/T1048/003"
},
{
"name": "Compression",
"id": "T1027.015",
"url": "https://attack.mitre.org/techniques/T1027/015"
},
{
"name": "Dylib Hijacking",
"id": "T1574.004",
"url": "https://attack.mitre.org/techniques/T1574/004"
},
{
"name": "Downgrade System Image",
"id": "T1601.002",
"url": "https://attack.mitre.org/techniques/T1601/002"
},
{
"name": "Local Accounts",
"id": "T1078.003",
"url": "https://attack.mitre.org/techniques/T1078/003"
},
{
"name": "Wi-Fi Networks",
"id": "T1669",
"url": "https://attack.mitre.org/techniques/T1669"
},
{
"name": "Exploitation for Defense Evasion",
"id": "T1211",
"url": "https://attack.mitre.org/techniques/T1211"
},
{
"name": "Trusted Developer Utilities Proxy Execution",
"id": "T1127",
"url": "https://attack.mitre.org/techniques/T1127"
},
{
"name": "System Shutdown/Reboot",
"id": "T1529",
"url": "https://attack.mitre.org/techniques/T1529"
},
{
"name": "MMC",
"id": "T1218.014",
"url": "https://attack.mitre.org/techniques/T1218/014"
},
{
"name": "Process Argument Spoofing",
"id": "T1564.010",
"url": "https://attack.mitre.org/techniques/T1564/010"
},
{
"name": "Windows Admin Shares",
"id": "T1077",
"url": "https://attack.mitre.org/techniques/T1077"
},
{
"name": "COR_PROFILER",
"id": "T1574.012",
"url": "https://attack.mitre.org/techniques/T1574/012"
}
]
Reference in New Issue View Git Blame Copy Permalink