ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID ATT&CK Name Number of Mappings Number of Subtechniques
T1137.003 Outlook Forms 1 0
T1562 Impair Defenses 16 9
T1176 Browser Extensions 2 0
T1030 Data Transfer Size Limits 2 0
T1027.013 Encrypted/Encoded File 3 0
T1592.001 Hardware 2 0
T1590.006 Network Security Appliances 4 0
T1571 Non-Standard Port 7 0
T1574.002 DLL Side-Loading 4 0
T1074.001 Local Data Staging 1 0
T1566.004 Spearphishing Voice 1 0
T1204.003 Malicious Image 5 0
T1546.010 AppInit DLLs 1 0
T1534 Internal Spearphishing 2 0
T1003 OS Credential Dumping 4 4
T1565.003 Runtime Data Manipulation 2 0
T1547.002 Authentication Package 1 0
T1566.001 Spearphishing Attachment 7 0
T1110 Brute Force 17 4
T1547.014 Active Setup 1 0
None 1 0
T1020 Automated Exfiltration 7 1
T1552.005 Cloud Instance Metadata API 5 0
T1021.006 Windows Remote Management 3 0
T1036 Masquerading 6 7
T1491.002 External Defacement 5 0
T1098.006 Additional Container Cluster Roles 3 0
T1137.002 Office Test 1 0
T1546.016 Installer Packages 2 0
T1599 Network Boundary Bridging 2 1
T1059.002 AppleScript 1 0
T1027.004 Compile After Delivery 2 0
T1546.009 AppCert DLLs 2 0
T1550.001 Application Access Token 4 0
T1598.003 Spearphishing Link 7 0
T1558.001 Golden Ticket 1 0
T1485 Data Destruction 13 1
T1497 Virtualization/Sandbox Evasion 4 3
T1562.001 Disable or Modify Tools 7 0
T1218.015 Electron Applications 2 0
T1499.001 OS Exhaustion Flood 8 0
T1580 Cloud Infrastructure Discovery 9 0
T1497.002 User Activity Based Checks 1 0
T1036.008 Masquerade File Type 3 0
T1553 Subvert Trust Controls 7 6
T1495 Firmware Corruption 5 0
T1110.002 Password Cracking 7 0
T1204 User Execution 7 3
T1567.003 Exfiltration to Text Storage Sites 4 0
T1082 System Information Discovery 3 0
T1059.005 Visual Basic 1 0
T1583.002 DNS Server 3 0
T1498.001 Direct Network Flood 8 0
T1590.001 Domain Properties 4 0
T1558 Steal or Forge Kerberos Tickets 1 5
T1222.002 Linux and Mac File and Directory Permissions Modification 4 0
T1480.002 Mutual Exclusion 2 0
T1052.001 Exfiltration over USB 3 0
T1222 File and Directory Permissions Modification 6 2
T1573 Encrypted Channel 4 2
T1606 Forge Web Credentials 2 2
T1133 External Remote Services 20 0
T1543.004 Launch Daemon 3 0
T1555.005 Password Managers 2 0
T1007 System Service Discovery 5 0
T1083 File and Directory Discovery 3 0
T1543.005 Container Service 4 0
T1059.011 Lua 5 0
T1136 Create Account 5 3
T1127.001 MSBuild 3 0
T1574.012 COR_PROFILER 1 0
T1569.002 Service Execution 4 0
T1222.001 Windows File and Directory Permissions Modification 1 0
T1589 Gather Victim Identity Information 3 3
T1055 Process Injection 2 4
T1134.003 Make and Impersonate Token 1 0
T1584.006 Web Services 1 0
T1486 Data Encrypted for Impact 9 0
T1484 Domain or Tenant Policy Modification 3 2
T1666 Modify Cloud Resource Hierarchy 2 0
T1564.003 Hidden Window 4 0
T1659 Content Injection 2 0
T1218.003 CMSTP 2 0
T1567.001 Exfiltration to Code Repository 3 0
T1499.004 Application or System Exploitation 5 0
T1001.003 Protocol or Service Impersonation 1 0
T1207 Rogue Domain Controller 1 0
T1204.001 Malicious Link 2 0
T1567 Exfiltration Over Web Service 7 4
T1136.001 Local Account 3 0
T1542 Pre-OS Boot 6 5
T1595 Active Scanning 8 3
T1499.003 Application Exhaustion Flood 11 0
T1531 Account Access Removal 8 0
T1554 Compromise Host Software Binary 7 0
T1610 Deploy Container 9 0
T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol 4 0
T1071.004 DNS 4 0
T1505.001 SQL Stored Procedures 4 0
T1525 Implant Internal Image 12 0
T1583.004 Server 4 0
T1586.001 Social Media Accounts 3 0
T1011.001 Exfiltration Over Bluetooth 2 0
T1221 Template Injection 2 0
T1602.002 Network Device Configuration Dump 3 0
T1560 Archive Collected Data 2 3
T1542.004 ROMMONkit 1 0
T1491.001 Internal Defacement 5 0
T1114.003 Email Forwarding Rule 2 0
T1546.004 Unix Shell Configuration Modification 1 0
T1560.002 Archive via Library 2 0
T1564.004 NTFS File Attributes 4 0
T1059.007 JavaScript 3 0
T1588.002 Tool 3 0
T1059.010 AutoHotKey & AutoIT 4 0
T1526 Cloud Service Discovery 2 0
T1547 Boot or Logon Autostart Execution 10 13
T1189 Drive-by Compromise 6 0
T1586 Compromise Accounts 1 3
T1574.005 Executable Installer File Permissions Weakness 3 0
T1557 Adversary-in-the-Middle 11 3
T1484.002 Trust Modification 1 0
T1505.003 Web Shell 5 0
T1564.005 Hidden File System 4 0
T1546.014 Emond 2 0
T1016 System Network Configuration Discovery 2 2
T1098.004 SSH Authorized Keys 3 0
T1584.003 Virtual Private Server 1 0
T1574.014 AppDomainManager 2 0
T1218.005 Mshta 2 0
T1537 Transfer Data to Cloud Account 3 0
T1552.008 Chat Messages 4 0
T1113 Screen Capture 2 0
T1505.004 IIS Components 1 0
T1596.003 Digital Certificates 1 0
T1071 Application Layer Protocol 10 5
T1542.002 Component Firmware 2 0
T1548.004 Elevated Execution with Prompt 2 0
T1090 Proxy 9 3
T1578.003 Delete Cloud Instance 1 0
T1091 Replication Through Removable Media 3 0
T1535 Unused/Unsupported Cloud Regions 1 0
T1218.013 Mavinject 2 0
T1563 Remote Service Session Hijacking 4 2
T1588.001 Malware 6 0
T1056.004 Credential API Hooking 2 0
T1053.007 Container Orchestration Job 4 0
T1570 Lateral Tool Transfer 3 0
T1578.001 Create Snapshot 1 0
T1204.002 Malicious File 2 0
T1557.002 ARP Cache Poisoning 5 0
T1068 Exploitation for Privilege Escalation 16 0
T1558.005 Ccache Files 2 0
T1584.001 Domains 2 0
T1546.017 Udev Rules 5 0
T1213.001 Confluence 2 0
T1048 Exfiltration Over Alternative Protocol 10 3
T1120 Peripheral Device Discovery 1 0
T1556 Modify Authentication Process 6 8
T1583.001 Domains 3 0
T1584.005 Botnet 3 0
T1553.004 Install Root Certificate 2 0
T1595.001 Scanning IP Blocks 7 0
T1568 Dynamic Resolution 7 3
T1557.003 DHCP Spoofing 3 0
T1136.002 Domain Account 2 0
T1014 Rootkit 6 0
T1611 Escape to Host 5 0
T1562.002 Disable Windows Event Logging 3 0
T1125 Video Capture 3 0
T1218.007 Msiexec 1 0
T1562.004 Disable or Modify System Firewall 4 0
T1598.004 Spearphishing Voice 5 0
T1027 Obfuscated Files or Information 4 12
T1578.005 Modify Cloud Compute Configurations 6 0
T1037.001 Logon Script (Windows) 1 0
T1095 Non-Application Layer Protocol 7 0
T1588.007 Artificial Intelligence 2 0
T1586.002 Email Accounts 1 0
T1059 Command and Scripting Interpreter 6 11
T1546.006 LC_LOAD_DYLIB Addition 2 0
T1568.003 DNS Calculation 3 0
T1553.006 Code Signing Policy Modification 1 0
T1665 Hide Infrastructure 1 0
T1600.001 Reduce Key Space 2 0
T1087 Account Discovery 7 2
T1129 Shared Modules 1 0
T1021 Remote Services 10 8
T1589.001 Credentials 6 0
T1590.004 Network Topology 5 0
T1197 BITS Jobs 1 0
T1553.005 Mark-of-the-Web Bypass 1 0
T1606.002 SAML Tokens 1 0
T1518.001 Security Software Discovery 1 0
T1102 Web Service 3 1
T1098.007 Additional Local or Domain Groups 2 0
T1601.001 Patch System Image 2 0
T1608.004 Drive-by Target 1 0
T1132.002 Non-Standard Encoding 1 0
T1546.011 Application Shimming 1 0
T1574 Hijack Execution Flow 4 10
T1027.011 Fileless Storage 3 0
T1553.002 Code Signing 2 0
T1033 System Owner/User Discovery 4 0
T1550.004 Web Session Cookie 3 0
T1550 Use Alternate Authentication Material 5 4
T1564 Hide Artifacts 5 9
T1053.002 At 2 0
T1558.002 Silver Ticket 2 0
T1583.003 Virtual Private Server 2 0
T1564.007 VBA Stomping 5 0
T1069 Permission Groups Discovery 2 1
T1588.004 Digital Certificates 7 0
T1584.004 Server 1 0
T1027.012 LNK Icon Smuggling 3 0
T1137 Office Application Startup 3 6
T1546.007 Netsh Helper DLL 2 0
T1564.001 Hidden Files and Directories 5 0
T1574.010 Services File Permissions Weakness 1 0
T1037.005 Startup Items 1 0
T1572 Protocol Tunneling 6 0
T1140 Deobfuscate/Decode Files or Information 1 0
T1562.003 Impair Command History Logging 3 0
T1608.002 Upload Tool 1 0
T1057 Process Discovery 2 0
T1027.007 Dynamic API Resolution 3 0
T1543.003 Windows Service 4 0
T1538 Cloud Service Dashboard 4 0
T1037.004 RC Scripts 2 0
T1037 Boot or Logon Initialization Scripts 6 5
T1562.012 Disable or Modify Linux Audit System 3 0
T1036.004 Masquerade Task or Service 1 0
T1098.002 Additional Email Delegate Permissions 2 0
T1608.003 Install Digital Certificate 1 0
T1556.006 Multi-Factor Authentication 2 0
T1199 Trusted Relationship 7 0
T1040 Network Sniffing 11 0
T1218.014 MMC 1 0
T1566.002 Spearphishing Link 10 0
T1542.005 TFTP Boot 3 0
T1559.001 Component Object Model 1 0
T1555.004 Windows Credential Manager 2 0
T1546.008 Accessibility Features 2 0
T1053.006 Systemd Timers 2 0
T1654 Log Enumeration 5 0
T1587.002 Code Signing Certificates 2 0
T1592.002 Software 2 0
T1552.007 Container API 6 0
T1498.002 Reflection Amplification 8 0
T1601.002 Downgrade System Image 2 0
T1218.002 Control Panel 1 0
T1218.001 Compiled HTML File 1 0
T1583 Acquire Infrastructure 2 7
T1218.010 Regsvr32 2 0
T1652 Device Driver Discovery 2 0
T1550.003 Pass the Ticket 1 0
T1653 Power Settings 1 0
T1037.003 Network Logon Script 2 0
T1589.002 Email Addresses 3 0
T1543.001 Launch Agent 3 0
T1585.001 Social Media Accounts 3 0
T1567.002 Exfiltration to Cloud Storage 7 0
T1200 Hardware Additions 1 0
T1110.003 Password Spraying 11 0
T1098.003 Additional Cloud Roles 2 0
T1499.002 Service Exhaustion Flood 10 0
T1542.003 Bootkit 2 0
T1114 Email Collection 7 3
T1036.003 Rename System Utilities 1 0
T1587 Develop Capabilities 5 4
T1590 Gather Victim Network Information 6 6
T1587.003 Digital Certificates 2 0
T1112 Modify Registry 2 0
T1505.005 Terminal Services DLL 3 0
T1590.003 Network Trust Dependencies 2 0
T1548.002 Bypass User Account Control 5 0
T1071.002 File Transfer Protocols 3 0
T1569 System Services 4 2
T1564.011 Ignore Process Interrupts 2 0
T1548 Abuse Elevation Control Mechanism 4 6
T1001.002 Steganography 6 0
T1560.003 Archive via Custom Method 1 0
T1588 Obtain Capabilities 7 7
T1071.001 Web Protocols 8 0
T1546.012 Image File Execution Options Injection 1 0
T1053 Scheduled Task/Job 6 5
T1559.002 Dynamic Data Exchange 6 0
T1074 Data Staged 1 1
T1213.002 Sharepoint 2 0
T1656 Impersonation 1 0
T1547.012 Print Processors 1 0
T1482 Domain Trust Discovery 2 0
T1608.005 Link Target 1 0
T1046 Network Service Discovery 11 0
T1553.003 SIP and Trust Provider Hijacking 1 0
T1588.003 Code Signing Certificates 7 0
T1602.001 SNMP (MIB Dump) 4 0
T1585 Establish Accounts 2 3
T1496 Resource Hijacking 10 4
T1490 Inhibit System Recovery 7 0
T1498 Network Denial of Service 12 2
T1203 Exploitation for Client Execution 14 0
T1613 Container and Resource Discovery 6 0
T1136.003 Cloud Account 6 0
T1566 Phishing 9 4
T1562.006 Indicator Blocking 3 0
T1601 Modify System Image 3 2
T1485.001 Lifecycle-Triggered Deletion 4 0
T1027.014 Polymorphic Code 2 0
T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol 4 0
T1059.008 Network Device CLI 1 0
T1563.001 SSH Hijacking 3 0
T1569.001 Launchctl 1 0
T1584.007 Serverless 2 0
T1555.006 Cloud Secrets Management Stores 4 0
T1092 Communication Through Removable Media 2 0
T1029 Scheduled Transfer 5 0
T1219 Remote Access Software 5 0
T1583.005 Botnet 3 0
T1059.004 Unix Shell 3 0
T1006 Direct Volume Access 1 0
T1021.008 Direct Cloud VM Connections 5 0
T1098 Account Manipulation 17 7
T1114.001 Local Email Collection 1 0
T1556.009 Conditional Access Policies 3 0
T1651 Cloud Administration Command 5 0
T1480 Execution Guardrails 2 2
T1546.015 Component Object Model Hijacking 1 0
T1137.004 Outlook Home Page 1 0
T1592 Gather Victim Host Information 2 4
T1528 Steal Application Access Token 8 0
T1550.002 Pass the Hash 4 0
T1585.002 Email Accounts 2 0
T1020.001 Traffic Duplication 3 0
T1480.001 Environmental Keying 2 0
T1195.002 Compromise Software Supply Chain 4 0
T1216.001 PubPrn 1 0
T1555.002 Securityd Memory 3 0
T1055.014 VDSO Hijacking 1 0
T1547.006 Kernel Modules and Extensions 2 0
T1567.004 Exfiltration Over Webhook 4 0
T1090.002 External Proxy 6 0
T1497.001 System Checks 1 0
T1584.002 DNS Server 5 0
T1135 Network Share Discovery 3 0
T1608 Stage Capabilities 1 5
T1547.013 XDG Autostart Entries 1 0
T1218.011 Rundll32 1 0
T1211 Exploitation for Defense Evasion 8 0
T1595.002 Vulnerability Scanning 7 0
T1003.008 /etc/passwd and /etc/shadow 2 0
T1132 Data Encoding 3 2
T1127.002 ClickOnce 4 0
T1102.001 Dead Drop Resolver 2 0
T1047 Windows Management Instrumentation 3 0
T1543 Create or Modify System Process 9 5
T1558.003 Kerberoasting 5 0
T1548.006 TCC Manipulation 4 0
T1016.002 Wi-Fi Discovery 3 0
T1001.001 Junk Data 1 0
T1041 Exfiltration Over C2 Channel 8 0
T1564.002 Hidden Users 4 0
T1574.011 Services Registry Permissions Weakness 1 0
T1548.005 Temporary Elevated Cloud Access 4 0
T1568.002 Domain Generation Algorithms 4 0
T1614.001 System Language Discovery 1 0
T1201 Password Policy Discovery 1 0
T1497.003 Time Based Evasion 1 0
T1123 Audio Capture 2 0
T1573.001 Symmetric Cryptography 4 0
T1565 Data Manipulation 8 3
T1505.002 Transport Agent 3 0
T1556.004 Network Device Authentication 3 0
T1218.004 InstallUtil 1 0
T1218 System Binary Proxy Execution 3 14
T1018 Remote System Discovery 8 0
T1491 Defacement 6 2
T1021.007 Cloud Services 5 0
T1589.003 Employee Names 3 0
T1547.004 Winlogon Helper DLL 3 0
T1539 Steal Web Session Cookie 4 0
T1561.001 Disk Content Wipe 5 0
T1185 Browser Session Hijacking 8 0
T1518 Software Discovery 1 1
T1546.001 Change Default File Association 3 0
T1588.006 Vulnerabilities 2 0
T1546 Event Triggered Execution 7 17
T1205.001 Port Knocking 5 0
T1056.001 Keylogging 1 0
T1055.004 Asynchronous Procedure Call 1 0
T1606.001 Web Cookies 2 0
T1568.001 Fast Flux DNS 3 0
T1565.002 Transmitted Data Manipulation 8 0
T1563.002 RDP Hijacking 6 0
T1578.002 Create Cloud Instance 1 0
T1053.005 Scheduled Task 3 0
T1574.001 DLL Search Order Hijacking 4 0
T1609 Container Administration Command 4 0
T1602 Data from Configuration Repository 5 2
T1600 Weaken Encryption 2 2
T1584.008 Network Devices 2 0
T1027.003 Steganography 1 0
T1598.001 Spearphishing Service 2 0
T1552.006 Group Policy Preferences 3 0
T1114.002 Remote Email Collection 1 0
T1059.003 Windows Command Shell 3 0
T1542.001 System Firmware 1 0
T1561.002 Disk Structure Wipe 6 0
T1039 Data from Network Shared Drive 2 0
T1564.006 Run Virtual Instance 4 0
T1037.002 Login Hook 1 0
T1021.003 Distributed Component Object Model 3 0
T1573.002 Asymmetric Cryptography 3 0
T1592.003 Firmware 2 0
T1124 System Time Discovery 1 0
T1218.009 Regsvcs/Regasm 1 0
T1608.001 Upload Malware 1 0
T1025 Data from Removable Media 2 0
T1590.002 DNS 2 0
T1216 System Script Proxy Execution 2 2
T1529 System Shutdown/Reboot 4 0
T1137.001 Office Template Macros 3 0
T1566.003 Spearphishing via Service 4 0
T1027.005 Indicator Removal from Tools 6 0
T1195 Supply Chain Compromise 6 2
T1027.010 Command Obfuscation 4 0
T1213 Data from Information Repositories 3 5
T1001 Data Obfuscation 2 3
T1600.002 Disable Crypto Hardware 1 0
T1496.004 Cloud Service Hijacking 2 0
T1036.009 Break Process Trees 2 0
T1080 Taint Shared Content 3 0
T1059.009 Cloud API 5 0
T1547.009 Shortcut Modification 1 0
T1556.001 Domain Controller Authentication 3 0
T1119 Automated Collection 5 0
T1056.003 Web Portal Capture 2 0
T1547.007 Re-opened Applications 1 0
T1587.001 Malware 6 0
T1104 Multi-Stage Channels 5 0
T1622 Debugger Evasion 6 0
T1078 Valid Accounts 26 4
T1552 Unsecured Credentials 11 8
T1036.010 Masquerade Account Name 1 0
T1220 XSL Script Processing 1 0
T1578 Modify Cloud Compute Infrastructure 6 5
T1547.010 Port Monitors 1 0
T1489 Service Stop 5 0
T1561 Disk Wipe 8 2
T1499 Endpoint Denial of Service 14 4
T1578.004 Revert Cloud Instance 1 0
T1587.004 Exploits 4 0
T1548.003 Sudo and Sudo Caching 4 0
T1547.005 Security Support Provider 1 0
T1115 Clipboard Data 5 0
T1546.002 Screensaver 1 0
T1555.001 Keychain 2 0
T1546.005 Trap 1 0
T1218.008 Odbcconf 1 0
T1496.001 Compute Hijacking 5 0
T1598.002 Spearphishing Attachment 3 0
T1590.005 IP Addresses 5 0
T1562.008 Disable or Modify Cloud Logs 11 0
T1070 Indicator Removal 4 10
T1106 Native API 2 0
T1556.008 Network Provider DLL 3 0
T1056.002 GUI Input Capture 1 0
T1553.001 Gatekeeper Bypass 1 0
T1546.003 Windows Management Instrumentation Event Subscription 2 0
T1584 Compromise Infrastructure 2 8
T1612 Build Image on Host 3 0
T1558.004 AS-REP Roasting 3 0
T1070.010 Relocate Malware 2 0
T1212 Exploitation for Credential Access 16 0
T1592.004 Client Configurations 2 0
T1027.001 Binary Padding 1 0
T1008 Fallback Channels 7 0
T1547.008 LSASS Driver 1 0
T1552.003 Bash History 2 0
T1552.002 Credentials in Registry 3 0
T1213.005 Messaging Applications 3 0
T1052 Exfiltration Over Physical Medium 3 1
T1202 Indirect Command Execution 2 0
T1053.003 Cron 2 0
T1614 System Location Discovery 1 1
T1505 Server Software Component 3 5
T1552.001 Credentials In Files 9 0
T1056 Input Capture 3 4
T1213.004 Customer Relationship Management Software 2 0
T1010 Application Window Discovery 2 0
T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay 3 0
T1027.002 Software Packing 1 0
T1565.001 Stored Data Manipulation 9 0
T1559 Inter-Process Communication 1 2
T1583.007 Serverless 2 0
T1560.001 Archive via Utility 3 0
T1548.001 Setuid and Setgid 1 0
T1547.003 Time Providers 1 0
T1049 System Network Connections Discovery 3 0
T1547.001 Registry Run Keys / Startup Folder 2 0
T1205 Traffic Signaling 6 2
T1588.005 Exploits 4 0
T1070.005 Network Share Connection Removal 2 0
T1543.002 Systemd Service 3 0
T1598 Phishing for Information 3 4
T1496.002 Bandwidth Hijacking 2 0
T1070.001 Clear Windows Event Logs 2 0
T1012 Query Registry 2 0
T1218.012 Verclsid 1 0
T1071.003 Mail Protocols 3 0
T1134 Access Token Manipulation 3 2
T1556.003 Pluggable Authentication Modules 3 0
T1574.004 Dylib Hijacking 3 0
T1555 Credentials from Password Stores 5 6
T1105 Ingress Tool Transfer 5 0
T1187 Forced Authentication 6 0
T1213.003 Code Repositories 3 0
T1059.001 PowerShell 2 0
T1530 Data from Cloud Storage 20 0
T1562.011 Spoof Security Alerting 2 0
T1098.001 Additional Cloud Credentials 14 0
T1562.007 Disable or Modify Cloud Firewall 10 0
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol 5 0
T1555.003 Credentials from Web Browsers 2 0
T1496.003 SMS Pumping 3 0
T1111 Multi-Factor Authentication Interception 3 0
T1011 Exfiltration Over Other Network Medium 3 1
T1216.002 SyncAppvPublishingServer 2 0
T1599.001 Network Address Translation Traversal 2 0
T1072 Software Deployment Tools 9 0
T1137.005 Outlook Rules 1 0
T1552.004 Private Keys 8 0
T1071.005 Publish/Subscribe Protocols 3 0
T1127 Trusted Developer Utilities Proxy Execution 3 2
T1070.002 Clear Linux or Mac System Logs 3 0
T1583.006 Web Services 5 0
T1564.012 File/Path Exclusions 2 0
T1005 Data from Local System 2 0
T1059.006 Python 1 0
T1546.013 PowerShell Profile 3 0
T1484.001 Group Policy Modification 1 0
T1190 Exploit Public-Facing Application 19 0
T1195.001 Compromise Software Dependencies and Development Tools 1 0
T1021.004 SSH 5 0
T1134.005 SID-History Injection 1 0
T1647 Plist File Modification 1 0
T1137.006 Add-ins 1 0
T1098.005 Device Registration 3 0
T1648 Serverless Execution 3 0
T1078.002 Domain Accounts 3 0
T1132.001 Standard Encoding 1 0
T1070.006 Timestomp 2 0
T1574.013 KernelCallbackTable 1 0
T1078.001 Default Accounts 3 0
T1087.004 Cloud Account 7 0
T1649 Steal or Forge Authentication Certificates 3 0
T1036.005 Match Legitimate Name or Location 1 0
T1021.002 SMB/Windows Admin Shares 3 0
T1069.003 Cloud Groups 1 0
T1110.004 Credential Stuffing 10 0
T1621 Multi-Factor Authentication Request Generation 2 0
T1591 Gather Victim Org Information 2 4
T1003.001 LSASS Memory 1 0
T1003.003 NTDS 1 0
T1556.007 Hybrid Identity 1 0
T1055.002 Portable Executable Injection 1 0
T1595.003 Wordlist Scanning 2 0
T1078.004 Cloud Accounts 21 0
T1070.004 File Deletion 2 0
T1078.003 Local Accounts 1 0
T1055.015 ListPlanting 1 0
T1585.003 Cloud Accounts 1 0
T1027.009 Embedded Payloads 1 0
T1036.001 Invalid Code Signature 1 0
T1574.007 Path Interception by PATH Environment Variable 1 0
T1556.005 Reversible Encryption 1 0
T1070.009 Clear Persistence 2 0
T1110.001 Password Guessing 10 0
T1619 Cloud Storage Object Discovery 2 0
T1016.001 Internet Connection Discovery 1 0
T1586.003 Cloud Accounts 1 0
T1087.002 Domain Account 1 0
T1070.008 Clear Mailbox Data 2 0
T1070.007 Clear Network Connection History and Configurations 2 0
T1205.002 Socket Filters 2 0
T1210 Exploitation of Remote Services 9 0
T1591.003 Identify Business Tempo 1 0
T1053.001 1 0
T1591.001 Determine Physical Locations 1 0
T1021.005 VNC 2 0
T1090.003 Multi-hop Proxy 4 0
T1003.007 Proc Filesystem 1 0
T1021.001 Remote Desktop Protocol 2 0
T1591.004 Identify Roles 1 0
T1090.001 Internal Proxy 2 0
T1591.002 Business Relationships 1 0
T1070.003 Clear Command History 1 0