Home
ATT&CK Techniques

ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID	ATT&CK Name	Number of Mappings	Number of Subtechniques
T1547.010	Port Monitors	1	0
T1027.005	Indicator Removal from Tools	2	0
T1534	Internal Spearphishing	1	0
T1027.009	Embedded Payloads	2	0
T1055.011	Extra Window Memory Injection	2	0
T1027.001	Binary Padding	2	0
T1547.001	Registry Run Keys / Startup Folder	2	0
T1114	Email Collection	2	1
T1496	Resource Hijacking	19	0
T1548	Abuse Elevation Control Mechanism	4	1
T1222	File and Directory Permissions Modification	2	0
T1055.002	Portable Executable Injection	2	0
T1189	Drive-by Compromise	19	0
T1083	File and Directory Discovery	4	0
T1212	Exploitation for Credential Access	4	0
T1074	Data Staged	1	1
T1106	Native API	5	0
T1014	Rootkit	5	0
T1005	Data from Local System	32	0
T1087.002	Domain Account	7	0
T1195.003	Compromise Hardware Supply Chain	2	0
T1055.012	Process Hollowing	1	0
T1204.002	Malicious File	36	0
T1558	Steal or Forge Kerberos Tickets	1	0
T1565.001	Stored Data Manipulation	2	0
T1556.002	Password Filter DLL	1	0
T1041	Exfiltration Over C2 Channel	8	0
T1110	Brute Force	7	4
T1119	Automated Collection	2	0
T1547.002	Authentication Package	1	0
T1027.004	Compile After Delivery	3	0
T1087	Account Discovery	4	2
T1056	Input Capture	3	3
T1555.005	Password Managers	1	0
T1025	Data from Removable Media	2	0
T1564.004	NTFS File Attributes	2	0
T1552.001	Credentials In Files	5	0
T1098.002	Additional Email Delegate Permissions	1	0
T1211	Exploitation for Defense Evasion	3	0
T1542.002	Component Firmware	2	0
T1105	Ingress Tool Transfer	33	0
T1550.003	Pass the Ticket	2	0
T1555.003	Credentials from Web Browsers	1	0
T1518	Software Discovery	1	0
T1078	Valid Accounts	41	3
T1027.003	Steganography	2	0
T1136.003	Cloud Account	1	0
T1589	Gather Victim Identity Information	1	1
T1564.006	Run Virtual Instance	1	0
T1569	System Services	1	1
T1055.001	Dynamic-link Library Injection	3	0
T1049	System Network Connections Discovery	2	0
T1552	Unsecured Credentials	5	3
T1074.001	Local Data Staging	1	0
T1059	Command and Scripting Interpreter	108	5
T1611	Escape to Host	1	0
T1486	Data Encrypted for Impact	17	0
T1110.003	Password Spraying	2	0
T1047	Windows Management Instrumentation	3	0
T1547.004	Winlogon Helper DLL	1	0
T1055	Process Injection	4	5
T1102	Web Service	1	0
T1078.002	Domain Accounts	1	0
T1542.001	System Firmware	2	0
T1560	Archive Collected Data	1	1
T1195.002	Compromise Software Supply Chain	3	0
T1036	Masquerading	5	3
T1071	Application Layer Protocol	2	2
T1027	Obfuscated Files or Information	9	11
T1140	Deobfuscate/Decode Files or Information	6	0
T1543.003	Windows Service	3	0
T1003	OS Credential Dumping	11	4
T1495	Firmware Corruption	2	0
T1553.006	Code Signing Policy Modification	3	0
T1027.007	Dynamic API Resolution	2	0
T1027.008	Stripped Payloads	2	0
T1078.003	Local Accounts	2	0
T1027.002	Software Packing	3	0
T1552.004	Private Keys	1	0
T1134.002	Create Process with Token	1	0
T1134	Access Token Manipulation	1	2
T1018	Remote System Discovery	2	0
T1059.001	PowerShell	4	0
T1110.001	Password Guessing	1	0
T1069	Permission Groups Discovery	3	0
T1547	Boot or Logon Autostart Execution	7	6
T1095	Non-Application Layer Protocol	1	0
T1589.001	Credentials	1	0
T1550	Use Alternate Authentication Material	2	2
T1218	System Binary Proxy Execution	3	0
T1056.004	Credential API Hooking	1	0
T1098	Account Manipulation	2	2
T1564	Hide Artifacts	2	2
T1555.004	Windows Credential Manager	1	0
T1033	System Owner/User Discovery	2	0
T1556	Modify Authentication Process	4	3
T1556.006	Multi-Factor Authentication	1	0
T1601.001	Patch System Image	1	0
T1136.001	Local Account	3	0
T1489	Service Stop	2	0
T1021.006	Windows Remote Management	1	0
T1547.005	Security Support Provider	1	0
T1059.005	Visual Basic	1	0
T1070	Indicator Removal	4	2
T1110.004	Credential Stuffing	1	0
T1036.002	Right-to-Left Override	1	0
T1115	Clipboard Data	1	0
T1027.013	Encrypted/Encoded File	2	0
T1190	Exploit Public-Facing Application	128	0
T1056.003	Web Portal Capture	1	0
T1571	Non-Standard Port	2	0
T1548.002	Bypass User Account Control	2	0
T1567	Exfiltration Over Web Service	2	0
T1082	System Information Discovery	8	0
T1136.002	Domain Account	1	0
T1021.002	SMB/Windows Admin Shares	1	0
T1027.010	Command Obfuscation	2	0
T1195	Supply Chain Compromise	2	2
T1021.001	Remote Desktop Protocol	2	0
T1055.003	Thread Execution Hijacking	2	0
T1552.002	Credentials in Registry	1	0
T1016	System Network Configuration Discovery	2	0
T1078.001	Default Accounts	1	0
T1132	Data Encoding	3	0
T1573	Encrypted Channel	1	1
T1553.003	SIP and Trust Provider Hijacking	1	0
T1556.008	Network Provider DLL	1	0
T1542.003	Bootkit	2	0
T1566	Phishing	5	2
T1007	System Service Discovery	2	0
T1068	Exploitation for Privilege Escalation	37	0
T1547.008	LSASS Driver	5	0
T1110.002	Password Cracking	1	0
T1036.001	Invalid Code Signature	2	0
T1560.001	Archive via Utility	3	0
T1550.002	Pass the Hash	2	0
T1621	Multi-Factor Authentication Request Generation	1	0
T1574	Hijack Execution Flow	17	0
T1566.001	Spearphishing Attachment	6	0
T1210	Exploitation of Remote Services	5	0
T1553	Subvert Trust Controls	3	3
T1113	Screen Capture	1	0
T1203	Exploitation for Client Execution	25	0
T1070.004	File Deletion	5	0
T1546	Event Triggered Execution	1	0
T1059.003	Windows Command Shell	5	0
T1056.001	Keylogging	1	0
T1012	Query Registry	1	0
T1543	Create or Modify System Process	4	1
T1136	Create Account	11	3
T1570	Lateral Tool Transfer	1	0
T1542	Pre-OS Boot	2	4
T1112	Modify Registry	3	0
T1057	Process Discovery	1	0
T1003.002	Security Account Manager	1	0
T1021	Remote Services	4	3
T1204	User Execution	3	2
T1027.011	Fileless Storage	2	0
T1573.001	Symmetric Cryptography	3	0
T1003.008	/etc/passwd and /etc/shadow	1	0
T1037	Boot or Logon Initialization Scripts	1	0
T1040	Network Sniffing	1	0
T1505	Server Software Component	1	1
T1087.001	Local Account	1	0
T1498	Network Denial of Service	7	0
T1491.002	External Defacement	1	0
T1053	Scheduled Task/Job	1	1
T1485	Data Destruction	3	0
T1059.007	JavaScript	13	0
T1114.002	Remote Email Collection	1	0
T1090	Proxy	3	1
T1555	Credentials from Password Stores	3	3
T1036.005	Match Legitimate Name or Location	1	0
T1499	Endpoint Denial of Service	5	2
T1592	Gather Victim Host Information	1	0
T1557	Adversary-in-the-Middle	2	1
T1046	Network Service Discovery	5	0
T1484.001	Group Policy Modification	1	0
T1530	Data from Cloud Storage	1	0
T1542.005	TFTP Boot	1	0
T1185	Browser Session Hijacking	2	0
T1565	Data Manipulation	1	1
T1562.001	Disable or Modify Tools	2	0
T1569.002	Service Execution	1	0
T1053.005	Scheduled Task	2	0
T1499.002	Service Exhaustion Flood	2	0
T1221	Template Injection	3	0
T1090.001	Internal Proxy	1	0
T1622	Debugger Evasion	2	0
T1213	Data from Information Repositories	2	0
T1098.004	SSH Authorized Keys	1	0
T1219	Remote Access Software	1	0
T1653	Power Settings	1	0
T1134.001	Token Impersonation/Theft	1	0
T1071.001	Web Protocols	9	0
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	1	0
T1003.003	NTDS	3	0
T1553.005	Mark-of-the-Web Bypass	1	0
T1588.001	Malware	1	0
T1497	Virtualization/Sandbox Evasion	2	0
T1071.002	File Transfer Protocols	1	0
T1490	Inhibit System Recovery	1	0
T1598.002	Spearphishing Attachment	1	0
T1531	Account Access Removal	1	0
T1608.001	Upload Malware	5	0
T1584.005	Botnet	2	0
T1217	Browser Information Discovery	1	0
T1003.001	LSASS Memory	1	0
T1204.001	Malicious Link	11	0
T1048	Exfiltration Over Alternative Protocol	4	1
T1601	Modify System Image	1	1
T1566.002	Spearphishing Link	1	0
T1070.001	Clear Windows Event Logs	1	0
T1499.004	Application or System Exploitation	1	0
T1505.003	Web Shell	20	0
T1059.004	Unix Shell	9	0
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	1	0
T1133	External Remote Services	21	0
T1202	Indirect Command Execution	9	0
T1482	Domain Trust Discovery	2	0