Home
ATT&CK Techniques

ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID	ATT&CK Name	Number of Mappings	Number of Subtechniques
T1055.001	Dynamic-link Library Injection	3	0
T1547.002	Authentication Package	1	0
T1115	Clipboard Data	1	0
T1027.013	Encrypted/Encoded File	2	0
T1049	System Network Connections Discovery	2	0
T1016	System Network Configuration Discovery	2	0
T1110	Brute Force	7	4
T1534	Internal Spearphishing	1	0
T1105	Ingress Tool Transfer	33	0
T1021	Remote Services	4	3
T1547	Boot or Logon Autostart Execution	7	6
T1552.004	Private Keys	1	0
T1110.002	Password Cracking	1	0
T1571	Non-Standard Port	2	0
T1555.004	Windows Credential Manager	1	0
T1027.007	Dynamic API Resolution	2	0
T1078.003	Local Accounts	2	0
T1542.002	Component Firmware	2	0
T1211	Exploitation for Defense Evasion	3	0
T1055.003	Thread Execution Hijacking	2	0
T1102	Web Service	1	0
T1548	Abuse Elevation Control Mechanism	4	1
T1113	Screen Capture	1	0
T1547.008	LSASS Driver	5	0
T1033	System Owner/User Discovery	2	0
T1027.004	Compile After Delivery	3	0
T1025	Data from Removable Media	2	0
T1195	Supply Chain Compromise	2	2
T1055.012	Process Hollowing	1	0
T1195.003	Compromise Hardware Supply Chain	2	0
T1518	Software Discovery	1	0
T1553.006	Code Signing Policy Modification	3	0
T1550.002	Pass the Hash	2	0
T1210	Exploitation of Remote Services	5	0
T1074.001	Local Data Staging	1	0
T1567	Exfiltration Over Web Service	2	0
T1057	Process Discovery	1	0
T1589.001	Credentials	1	0
T1611	Escape to Host	1	0
T1007	System Service Discovery	2	0
T1056.004	Credential API Hooking	1	0
T1547.005	Security Support Provider	1	0
T1083	File and Directory Discovery	4	0
T1027.010	Command Obfuscation	2	0
T1078	Valid Accounts	41	3
T1055	Process Injection	4	5
T1203	Exploitation for Client Execution	25	0
T1003	OS Credential Dumping	11	4
T1601.001	Patch System Image	1	0
T1190	Exploit Public-Facing Application	128	0
T1204	User Execution	3	2
T1565.001	Stored Data Manipulation	2	0
T1059.001	PowerShell	4	0
T1056.001	Keylogging	1	0
T1556	Modify Authentication Process	4	3
T1027	Obfuscated Files or Information	9	11
T1110.003	Password Spraying	2	0
T1055.011	Extra Window Memory Injection	2	0
T1021.002	SMB/Windows Admin Shares	1	0
T1212	Exploitation for Credential Access	4	0
T1056.003	Web Portal Capture	1	0
T1564.006	Run Virtual Instance	1	0
T1556.006	Multi-Factor Authentication	1	0
T1110.001	Password Guessing	1	0
T1550.003	Pass the Ticket	2	0
T1543	Create or Modify System Process	4	1
T1573	Encrypted Channel	1	1
T1082	System Information Discovery	8	0
T1555.005	Password Managers	1	0
T1140	Deobfuscate/Decode Files or Information	6	0
T1018	Remote System Discovery	2	0
T1550	Use Alternate Authentication Material	2	2
T1189	Drive-by Compromise	19	0
T1041	Exfiltration Over C2 Channel	8	0
T1204.002	Malicious File	36	0
T1136.001	Local Account	3	0
T1027.001	Binary Padding	2	0
T1110.004	Credential Stuffing	1	0
T1119	Automated Collection	2	0
T1560	Archive Collected Data	1	1
T1548.002	Bypass User Account Control	2	0
T1070	Indicator Removal	4	2
T1574	Hijack Execution Flow	17	0
T1114	Email Collection	2	1
T1027.008	Stripped Payloads	2	0
T1495	Firmware Corruption	2	0
T1106	Native API	5	0
T1552.001	Credentials In Files	5	0
T1027.011	Fileless Storage	2	0
T1095	Non-Application Layer Protocol	1	0
T1078.002	Domain Accounts	1	0
T1553	Subvert Trust Controls	3	3
T1136.002	Domain Account	1	0
T1489	Service Stop	2	0
T1564.004	NTFS File Attributes	2	0
T1553.003	SIP and Trust Provider Hijacking	1	0
T1547.004	Winlogon Helper DLL	1	0
T1570	Lateral Tool Transfer	1	0
T1546	Event Triggered Execution	1	0
T1589	Gather Victim Identity Information	1	1
T1556.008	Network Provider DLL	1	0
T1496	Resource Hijacking	19	0
T1055.002	Portable Executable Injection	2	0
T1027.005	Indicator Removal from Tools	2	0
T1027.003	Steganography	2	0
T1547.001	Registry Run Keys / Startup Folder	2	0
T1078.001	Default Accounts	1	0
T1542.001	System Firmware	2	0
T1134.002	Create Process with Token	1	0
T1070.004	File Deletion	5	0
T1087.002	Domain Account	7	0
T1036.001	Invalid Code Signature	2	0
T1098	Account Manipulation	2	2
T1195.002	Compromise Software Supply Chain	3	0
T1542	Pre-OS Boot	2	4
T1486	Data Encrypted for Impact	17	0
T1047	Windows Management Instrumentation	3	0
T1566.001	Spearphishing Attachment	6	0
T1012	Query Registry	1	0
T1056	Input Capture	3	3
T1132	Data Encoding	3	0
T1021.006	Windows Remote Management	1	0
T1222	File and Directory Permissions Modification	2	0
T1218	System Binary Proxy Execution	3	0
T1014	Rootkit	5	0
T1543.003	Windows Service	3	0
T1003.002	Security Account Manager	1	0
T1552	Unsecured Credentials	5	3
T1027.009	Embedded Payloads	2	0
T1552.002	Credentials in Registry	1	0
T1566	Phishing	5	2
T1542.003	Bootkit	2	0
T1098.002	Additional Email Delegate Permissions	1	0
T1074	Data Staged	1	1
T1036	Masquerading	5	3
T1068	Exploitation for Privilege Escalation	37	0
T1087	Account Discovery	4	2
T1059.005	Visual Basic	1	0
T1558	Steal or Forge Kerberos Tickets	1	0
T1005	Data from Local System	32	0
T1555.003	Credentials from Web Browsers	1	0
T1621	Multi-Factor Authentication Request Generation	1	0
T1134	Access Token Manipulation	1	2
T1069	Permission Groups Discovery	3	0
T1059.003	Windows Command Shell	5	0
T1036.002	Right-to-Left Override	1	0
T1569	System Services	1	1
T1059	Command and Scripting Interpreter	108	5
T1136	Create Account	11	3
T1071	Application Layer Protocol	2	2
T1556.002	Password Filter DLL	1	0
T1547.010	Port Monitors	1	0
T1560.001	Archive via Utility	3	0
T1564	Hide Artifacts	2	2
T1021.001	Remote Desktop Protocol	2	0
T1136.003	Cloud Account	1	0
T1027.002	Software Packing	3	0
T1112	Modify Registry	3	0
T1505	Server Software Component	1	1
T1114.002	Remote Email Collection	1	0
T1542.005	TFTP Boot	1	0
T1221	Template Injection	3	0
T1071.001	Web Protocols	9	0
T1133	External Remote Services	21	0
T1053.005	Scheduled Task	2	0
T1037	Boot or Logon Initialization Scripts	1	0
T1217	Browser Information Discovery	1	0
T1565	Data Manipulation	1	1
T1499.004	Application or System Exploitation	1	0
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	1	0
T1569.002	Service Execution	1	0
T1219	Remote Access Software	1	0
T1566.002	Spearphishing Link	1	0
T1497	Virtualization/Sandbox Evasion	2	0
T1531	Account Access Removal	1	0
T1557	Adversary-in-the-Middle	2	1
T1048	Exfiltration Over Alternative Protocol	4	1
T1555	Credentials from Password Stores	3	3
T1499	Endpoint Denial of Service	5	2
T1213	Data from Information Repositories	2	0
T1530	Data from Cloud Storage	1	0
T1562.001	Disable or Modify Tools	2	0
T1003.003	NTDS	3	0
T1553.005	Mark-of-the-Web Bypass	1	0
T1059.007	JavaScript	13	0
T1499.002	Service Exhaustion Flood	2	0
T1202	Indirect Command Execution	9	0
T1090.001	Internal Proxy	1	0
T1071.002	File Transfer Protocols	1	0
T1053	Scheduled Task/Job	1	1
T1491.002	External Defacement	1	0
T1036.005	Match Legitimate Name or Location	1	0
T1588.001	Malware	1	0
T1573.001	Symmetric Cryptography	3	0
T1098.004	SSH Authorized Keys	1	0
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	1	0
T1046	Network Service Discovery	5	0
T1485	Data Destruction	3	0
T1584.005	Botnet	2	0
T1204.001	Malicious Link	11	0
T1490	Inhibit System Recovery	1	0
T1505.003	Web Shell	20	0
T1185	Browser Session Hijacking	2	0
T1598.002	Spearphishing Attachment	1	0
T1498	Network Denial of Service	7	0
T1484.001	Group Policy Modification	1	0
T1653	Power Settings	1	0
T1601	Modify System Image	1	1
T1059.004	Unix Shell	9	0
T1040	Network Sniffing	1	0
T1592	Gather Victim Host Information	1	0
T1003.001	LSASS Memory	1	0
T1003.008	/etc/passwd and /etc/shadow	1	0
T1482	Domain Trust Discovery	2	0
T1622	Debugger Evasion	2	0
T1608.001	Upload Malware	5	0
T1087.001	Local Account	1	0
T1134.001	Token Impersonation/Theft	1	0
T1070.001	Clear Windows Event Logs	1	0
T1090	Proxy	3	1