Home
ATT&CK Techniques

ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID	ATT&CK Name	Number of Mappings	Number of Subtechniques
T1553.006	Code Signing Policy Modification	3	0
T1569	System Services	1	0
T1495	Firmware Corruption	1	0
T1621	Multi-Factor Authentication Request Generation	1	0
T1069	Permission Groups Discovery	2	0
T1547.010	Port Monitors	1	0
T1195.002	Compromise Software Supply Chain	1	0
T1012	Query Registry	1	0
T1518	Software Discovery	1	0
T1566	Phishing	1	1
T1074.001	Local Data Staging	1	0
T1136	Create Account	2	3
T1056.004	Credential API Hooking	1	0
T1027.007	Dynamic API Resolution	2	0
T1555.004	Windows Credential Manager	1	0
T1036.001	Invalid Code Signature	2	0
T1114	Email Collection	1	0
T1025	Data from Removable Media	2	0
T1542.003	Bootkit	2	0
T1110.002	Password Cracking	1	0
T1136.001	Local Account	1	0
T1110	Brute Force	5	4
T1057	Process Discovery	1	0
T1548	Abuse Elevation Control Mechanism	2	1
T1021	Remote Services	2	3
T1553.003	SIP and Trust Provider Hijacking	1	0
T1195.003	Compromise Hardware Supply Chain	2	0
T1082	System Information Discovery	1	0
T1027.011	Fileless Storage	2	0
T1049	System Network Connections Discovery	1	0
T1547.004	Winlogon Helper DLL	1	0
T1047	Windows Management Instrumentation	1	0
T1098.002	Additional Email Delegate Permissions	1	0
T1571	Non-Standard Port	1	0
T1027.013	Encrypted/Encoded File	2	0
T1486	Data Encrypted for Impact	2	0
T1070.004	File Deletion	1	0
T1212	Exploitation for Credential Access	3	0
T1574	Hijack Execution Flow	2	0
T1018	Remote System Discovery	1	0
T1033	System Owner/User Discovery	1	0
T1136.002	Domain Account	1	0
T1489	Service Stop	1	0
T1542.001	System Firmware	1	0
T1222	File and Directory Permissions Modification	1	0
T1564	Hide Artifacts	2	2
T1027.002	Software Packing	3	0
T1068	Exploitation for Privilege Escalation	5	0
T1105	Ingress Tool Transfer	1	0
T1140	Deobfuscate/Decode Files or Information	4	0
T1195	Supply Chain Compromise	2	2
T1542	Pre-OS Boot	1	3
T1558	Steal or Forge Kerberos Tickets	1	0
T1547.005	Security Support Provider	1	0
T1016	System Network Configuration Discovery	1	0
T1059.001	PowerShell	2	0
T1564.004	NTFS File Attributes	2	0
T1055.003	Thread Execution Hijacking	2	0
T1021.002	SMB/Windows Admin Shares	1	0
T1110.001	Password Guessing	1	0
T1005	Data from Local System	3	0
T1027	Obfuscated Files or Information	4	11
T1027.003	Steganography	2	0
T1027.009	Embedded Payloads	2	0
T1027.010	Command Obfuscation	2	0
T1119	Automated Collection	1	0
T1003.002	Security Account Manager	1	0
T1132	Data Encoding	3	0
T1548.002	Bypass User Account Control	1	0
T1036.002	Right-to-Left Override	1	0
T1059.003	Windows Command Shell	1	0
T1078	Valid Accounts	2	3
T1087.002	Domain Account	1	0
T1041	Exfiltration Over C2 Channel	1	0
T1036	Masquerading	3	2
T1550	Use Alternate Authentication Material	2	2
T1566.001	Spearphishing Attachment	1	0
T1560	Archive Collected Data	1	1
T1534	Internal Spearphishing	1	0
T1027.005	Indicator Removal from Tools	2	0
T1204	User Execution	2	1
T1556	Modify Authentication Process	1	3
T1056.001	Keylogging	1	0
T1218	System Binary Proxy Execution	1	0
T1021.006	Windows Remote Management	1	0
T1546	Event Triggered Execution	1	0
T1567	Exfiltration Over Web Service	1	0
T1110.004	Credential Stuffing	2	0
T1027.001	Binary Padding	2	0
T1204.002	Malicious File	4	0
T1003	OS Credential Dumping	2	1
T1556.008	Network Provider DLL	1	0
T1543	Create or Modify System Process	3	1
T1027.004	Compile After Delivery	3	0
T1056.003	Web Portal Capture	1	0
T1087	Account Discovery	1	1
T1055.011	Extra Window Memory Injection	2	0
T1601.001	Patch System Image	1	0
T1055.001	Dynamic-link Library Injection	2	0
T1059.005	Visual Basic	1	0
T1056	Input Capture	1	3
T1203	Exploitation for Client Execution	3	0
T1589.001	Credentials	1	0
T1074	Data Staged	1	1
T1078.003	Local Accounts	1	0
T1565.001	Stored Data Manipulation	1	0
T1190	Exploit Public-Facing Application	1	0
T1573	Encrypted Channel	1	0
T1134	Access Token Manipulation	1	1
T1560.001	Archive via Utility	1	0
T1021.001	Remote Desktop Protocol	1	0
T1055.002	Portable Executable Injection	2	0
T1210	Exploitation of Remote Services	2	0
T1136.003	Cloud Account	1	0
T1555.005	Password Managers	1	0
T1570	Lateral Tool Transfer	1	0
T1055	Process Injection	3	5
T1113	Screen Capture	1	0
T1059	Command and Scripting Interpreter	3	3
T1112	Modify Registry	1	0
T1078.001	Default Accounts	1	0
T1189	Drive-by Compromise	2	0
T1552	Unsecured Credentials	3	3
T1553	Subvert Trust Controls	3	2
T1055.012	Process Hollowing	1	0
T1071	Application Layer Protocol	1	0
T1547.008	LSASS Driver	5	0
T1078.002	Domain Accounts	1	0
T1095	Non-Application Layer Protocol	1	0
T1547.001	Registry Run Keys / Startup Folder	1	0
T1556.002	Password Filter DLL	1	0
T1555.003	Credentials from Web Browsers	1	0
T1027.008	Stripped Payloads	2	0
T1007	System Service Discovery	1	0
T1102	Web Service	1	0
T1014	Rootkit	5	0
T1496	Resource Hijacking	1	0
T1070	Indicator Removal	1	1
T1098	Account Manipulation	1	1
T1543.003	Windows Service	3	0
T1552.002	Credentials in Registry	1	0
T1552.001	Credentials In Files	3	0
T1547	Boot or Logon Autostart Execution	7	6
T1589	Gather Victim Identity Information	1	1
T1547.002	Authentication Package	1	0
T1110.003	Password Spraying	2	0
T1211	Exploitation for Defense Evasion	2	0
T1556.006	Multi-Factor Authentication	1	0
T1611	Escape to Host	1	0
T1550.003	Pass the Ticket	2	0
T1550.002	Pass the Hash	1	0
T1564.006	Run Virtual Instance	1	0
T1115	Clipboard Data	1	0
T1083	File and Directory Discovery	1	0
T1552.004	Private Keys	1	0
T1542.002	Component Firmware	1	0
T1106	Native API	3	0
T1134.002	Create Process with Token	1	0